Phishing Campaign
Phishing

Don’t let yourself be trapped by these fraudulent information-gathering campaigns and protect yourself against these increasingly widespread practices.
Our test campaigns help protect organizations against malware, ransomware and fraudulent emails. To do this, ITrust offers you, among other things, to send your employees a fake email to check their good reflexes.

phishing

ITrust take care of conducting your test campaigns in order to :

  • Make your employees aware of fraudulent emails.
  • Validate your company’s best practices in the face of phishing.
  • Know your employees attitude towards illegitimate emails, inviting them to enter their login credentials.
  • Ensure that your company accesses are not revealed on the first page of received phishing messages.

Context

Bitcoin has allowed pirates to revive the principle of cryptolocker. The historical shortcoming of the latter, namely the difficulty of recovering the ransom anonymously, has now been solved thanks to decentralized cryptolocking.
The high profitability of cryptolocker ransom software has eclipsed all other attack methods in terms of volume.
This is accompanied by considerable efforts to personalise these messages. If yesterday, individuals were the most targeted via pathetic and unconvincing “deep-sea fishing” campaigns, today spear-phishing has become the rule. Everything is good to imitate a legitimate email as well as possible with important innovations: fake VoIP answering machine messages, fake newsletters with a malicious “unsubscribe” link, etc.
Information system users must therefore be regularly challenged in terms of their vigilance.

  • 1 – Tailor-made campaigns

    ITrust designs tailor-made attack models, inspired by current events and/or the specificities of the company. The objective is to leave enough suspicious clues for users without committing any flagrant error, forcing them to cross-check several details (links rewritten in html, squatting typo in the source address, different reply-to field, etc.).

  • 2 – Project management and monitoring

    • Validation and advice on prior internal communication
    • Validation of the templates (and taking into account the customer’s modification requests)
    • Validation of the warning message (which is displayed when the victim has clicked on the link or opened the malicious document)
    • Definition of the respective actions and retroplanning
    • Transmission and processing of target lists
    • Accompaniment on the necessary technical measures to be put in place on the client’s side to ensure the smooth running (IP address whitelist, …)
    • Preliminary tests on a reduced pool to check that the whole chain works
  • 3 – Sending emails

  • 4 – Report writing and analysis

    • Consolidation of results and presentation in various forms
    • Interpretation of results (comparison with averages observed in other clients)
    • Model and warning page justifications
    • Delivery of awareness-raising materials to staff
    • Elaboration of decisional reporting and statistics of the results