What is Spear Phishing?

Spear phishing is a targeted version of phishing emails that are typically directed toward specific employees to gain access to corporate networks. Adversaries make use of publicly available information such as organisational structure or media releases to craft emails.

Additionally, sophisticated social engineering techniques are increasing looking at employees professional circumstances and social network to construct emails that appeal to individuals within an organisation and hence increase the chance of successful penetration.

Phishing Susceptibility Benchmark and User Awareness Service

Phishing attacks are becoming increasingly sophisticated. Many people believe that phishing emails are easy to spot, bad grammar, poor spelling or strange web addresses being the tell tale signs. The reality of modern phishing is quite different, scammers are now using original logos and replicating authentic email as well as a host of obfuscation techniques to mask email origin. The net result is that phishing and the susceptibility of users to phishing attacks is on the rise.

According to the ACCC, in 2016, over $83 million dollars was lost with around155,000 reports of scams – with an increasing number originating from phishing attacks installing malware and ransomware or leading to identity theft. Many people assume that phishing is something that is predominantly problematic in a domestic environment, but more and more corporates, or more specifically employees in corporate environments are the target of phishing campaigns.

Counterhack offer a Phishing Susceptibility Benchmark and User Awarenedd service which is tailored to help organisations assess their current level of vulnerability to phishing and help educate users as to how to identify and respond to phishing emails.

How does the service work?

The Counterhack Phishing Susceptibility Benchmark and User Awareness service provides ongoing assessment of user susceptibility to phishing attacks and raises awareness to the types of email and embedded links that may be contain malware or other advanced threats.

Counterhack will tailor the service to meet your specific requirements by designing a range of templates appropriate to the employees and underlying industry segments. The templates will be designed to minimise the chance of email landing in employee spam or junk folders.

Different types of simulated phishing email can be configured such as ‘drive by attacks’ that provide a tempting message for employees to click right through to more complex ‘data entry’ attacks that ask an employee to enter personal data in an external site. Different attack profiles ensure a comprehensive assessment of phishing awareness within the organisation.

To improve security awareness, the service also includes targeted security awareness training program that allows employees to recognise and understand current online threats with hands on simulations.