Phishing Exercise
Why perform a Phishing Excersise?
Phishing helps identifying employees who are susceptible to phishing attacks, allowing the company to target additional training where it’s most needed.
These exercises increase awareness among employees about the tactics used by cybercriminals, helping them recognize and avoid real phishing attempts.
By simulating phishing attacks, companies can test and improve their incident response plans, ensuring they are prepared to handle actual threats effectively.
Regular phishing exercises promote a culture of security within the organization, emphasizing that everyone has a role in protecting company data.
Many regulatory frameworks require regular security training and testing. Phishing exercises help companies meet these requirements and manage cybersecurity risks more effectively.
What is the goal of Phishing Exercises?
The goal of a Phishing Exercise is to test and improve your company’s resilience to social engineering attacks, particularly those involving deceptive emails or messages designed to trick users into revealing sensitive information or performing risky actions.
At Honey Badger Consulting we specialize in conducting custom phishing attacks against companies (including the creation of custom company websites) to gain unauthorized access to sensitive information.
Mass Phishing
Mass Phishing targets a large number of individuals indiscriminately.
Approach:
Uses generic messages to trick recipients into revealing sensitive information, provide credentials or clicking malicious links.
​
Example:
An email claiming to be from marketing (either internal or external), asking recipients to sign-up for a competition where they can win a weekend trip to the Circuit of Spa-Francorchamps to ride on a racetrack in a F1 car.
Spear Phishing
Spear Phishing targets specific individuals.
Approach:
Uses personalized messages based on information about the target to increase credibility (based on OSINT).
Example:
An email tailored to specific employee, appearing to be from their boss, requesting confidential information.
Whaling
A subset of spear phishing that targets high-profile individuals (C-suite level).
Approach:
Uses highly customized messages to exploit the influence and access of the target.
​
Example:
An email to a CEO, appearing to be from a trusted partner, asking for sensitive financial data.
Workshops
A phishing workshop is conducted to educate and empower employees to recognize, avoid, and respond to phishing attacks. Unlike a phishing simulation, which tests user behavior, a workshop is interactive and instructional, focusing on building knowledge and skills. We will create custom phishing awareness material for your company, which we will use to educate your employees. Combining workshops with phishing attempts and debrief meetings, will educate your employees in depth on the different types and styles of phishing and how to respond to them (tailored to your incident response policy).