Despite phishing filters, phishing e-mails regularly reach your employees. One wrong click by an employee can grant access to your server or transmit sensitive data, which is why your employees are particularly popular gateways. However, we do not focus exclusively on people, but on technical and physical vulnerabilities too and the resulting combinations.
With our phishing tests, you can see where your employees stand and raise their awareness of your company's security at the same time.
Derived from this, we develop organisational and technical measures with you to raise your employees' awareness. The tests are also a good basis for an awareness campaign.
We develop a suitable phishing scenario with you or provide a selection.
In cooperation with you, we create an security awareness campaign that creatively and sustainably makes your employees aware of company security. To do this, we use a wide variety of tools:
Read more about awareness campaigns here.
For example, by impersonating your company's IT staff on the phone, Redguard experts attempt to involve your employees in an attack. The goal may, for example, be access to raise awarenes of information or the execution of malicious software.
The insights gained enable a sound risk assessment and at the same time serve as a basis for internal awareness campaigns or are part of an attack simulation.
For example, using a false ID or a pretext, Redguard experts test your employees to see if they can gain access to physical rooms.
Depending on the scope, we check which vulnerabilities can also be exploited after access, such as access to systems. We deliberately combine technical, physical and human vulnerabilities, as this is the popular strategy of successful attackers. In addition to the usual report, we can also capture and process the operations on video.
1. Employees receive an e-mail, supposedly from internal IT, with a plausible reason why they should log in to a platform via a link.
2. After a supposed login, employees are redirected to an error message and are asked to try again later.
3. However, their login data was actually transmitted to the attackers, as the login mask was forged. Phishing attacks of this kind are often not detected, or are only detected after the event.
Phishing attacks are successful more often than you think - and can cause significant damage to your business. Do you want to protect yourself? Ask for a consultation and find out what makes sense for your company. We look forward to hearing from you.