A phishing test is a test to find out how resilient and aware you are as an organisation when hackers make use of the most common means of attack: the email. We developed this because damage caused by phishing increases every year. Phishing is "fishing" for fraud-sensitive data. Hackers are increasingly sophisticated when it comes to stealing e-mail data. They also use this method to install ransomware or other harmful software within your organisation, with all its consequences.
A phishing test means that everyone in your organisation receives a fictitious e-mail, just like hackers do. In the e-mail, employees are tempted to click on the link it contains. They are then (usually) redirected to a special website. Here we try to separate more data from the employee and/or organisation. We don't use this data for anything, we only report what happens and whether there is work to be done to raise awareness. Hackers, on the other hand, use the information gained to achieve their goal. And that is often to get to business critical data and actually start using it if their requirements are not met. Or to make money from reselling them. Nowadays, we also often see that the organisation is not the end goal, but the customers of this organisation.
A good phishing test consists of:
This is the ideal test because you are challenged on several levels. Firstly, a realistic scenario is used to objectively measure how many employees click on the link in the mail and how much data is actually left behind. We also take a number of technical issues into account, such as operating systems and browser versions, as well as improving technical security. We also test the incident response, so how long it takes before the phishing email is reported and what the actions of IT are. Finally, raising the level of awareness by sharing the results of the test within the organisation, together with specific do's and don'ts. This is why we help to put the results of the phishing test in the spotlight in a good way.
Phishingtest.com is a collaboration between HackDefense and Audittrail. HackDefense and Audittrail have been working together since 2015 to ensure that awareness of phishing within organisations is raised and its consequences reduced. Together they have already successfully tested several organisations on resilience and awareness.
Audittrail is the advice and consultancy partner with whom you can invest all your compliance issues. We are a team of innovative, specialised enthusiasts who always strive to exceed the client's expectations. Our expertise lies within the domains of privacy, information security, awareness, GRC (Governance, risk & compliance), quality and audit. Partly thanks to our partners, we are able to answer and solve your compliance issues with innovative solutions. This gives you faster and better control, and also keeps you in control.
HackDefense understands how hackers work. And provides insight into your risk profile. We are a small team of ethical hackers and pentesters, with experience since 1999 and knowledge of the latest hacking techniques. From an intrinsic hunger, we work to understand today's digital technology to the deepest level. We can advise you on your strategy against hack attacks, and accompany your developers into the debugger to analyse stack frames. We make the complex subject matter transparent and understandable, so that you know where your organisation stands.
Interested to learn more about our phishing tests? Leave your phone number and/or your e-mail address and we'll get back to you as soon as we can.