silentCitadel - Phishing Simulation

1050 North State St. Suite 207 Chicago, IL 60610
(773) 234-4128 info@silentcitadel.com

Phishing Simulation

Home
What we do
Phishing Simulation

SilentCitadel Phishing Attack Simulation™ is designed to give your employees the experience of a real and successful phishing attack.

Our simulated phishing attack assessments are completely customized to your specific needs. We work with you to determine the requirements, objectives and scenarios.

Our clients appreciate our iterative approach to this assessment. We encourage you to refine the assessment as you get more comfortable with the results.

Training can be delivered immediately after an assessment, branded to your corporate requirements, and, if required, integrated with your internal processes. We can also integrate with your firm's proprietary training platform.

Is Phishing a serious threat?

A recent study conducted by Google in conjuction with the University of California Berkeley and the International Computer Science Institute found that victims of phishing attacks are more likely to have their email accounts compromised than users whose credentials have been stolen in a data breach.

The researchers found that people who are fooled into handing over their username, password and other details to phishers are in fact 400 times more likely to have their accounts successfully hijacked compared to a random Google user. In contrast, individuals whose credentials might have been leaked in a third-party breach were only 10 times more likely to have their account taken over, while keylogger victims were 20 times more at risk.

The discrepancy exists because phishing kits often steal more than just a username and password. Because many online accounts these days require two-factor authentication, phishing kits also steal additional information, such as IP address, geolocation data and phone numbers, as well as a devices' make and model to increases the chances of a successful account break-in.

Is training my employees in social engineering attacks effective?

YES. Raising employee awareness through cybersecurity training is the best step any employer can take to help increase their firm's cyber posture. Employees are the single largest weakness in a firm's cybersecurity program and Phishing is one of the biggest threats to online privacy and security

We understand that social engineering training without context is not very effective. We provide your employees with a social engineering training program that is directly relevant to their work and the phishing risks they will most likely face.

What is Spear Phishing?

Spear phishing is a variation on phishing in which hackers send emails to groups of people with specific common characteristics or other identifiers. These emails or text messages focus on specific individuals or employees within an organization and social media accounts such as Twitter, Facebook, and LinkedIn to specifically customize accurate and compelling emails.

These emails contain infected attachments and links. Once the link is opened, it executes malware that leads the target to a specific website. The attackers can then establish their networks and move forward with the targeted attack.

There is simply no silver bullet in cyber security, the best you can do is to implement a solid foundation where each employee contributes positively to your cyber security posture. Your professional cybersecurity systems and specialized staff should augment and build upon this basic foundation.

Michael OPhelan(Chief Hacker & Founder)

Whaling is a form of spear phishing that specifically targets senior management in firms. Whaling targets are chosen for their authority and complete access to sensitive data.

Whaling attacks are designed to look like a critical business email or a communication from someone with legitimate authority, either externally or even internally from the company itself.

Employee education is highly critical to combat different phishing techniques. Training employees to spot misspellings, odd vocabulary, and other indicators of suspicious mails can help prevent a successful spear phishing attack.

How is Phishing different?

Spear-phishing can easily be confused with phishing because they are both online attacks on users that aim to acquire confidential information. Phishing is a broader term for any attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. The attackers often disguise themselves as a trustworthy entity and make contact with their target via email, social media, phone calls (often called “vishing” for voice-phishing), and even text messages (often called “smishing” for SMS-phishing).

Unlike spear-phishing attacks, phishing attacks are not personalized to their victims, and are usually sent to masses of people at the same time. The goal of phishing attacks is to send a spoofed email (or other communication) that looks as if it is from an authentic organization to a large number of people, banking on the chances that someone will click on that link and provide their personal information or download malware.

Spear-phishing emails work because they’re believable. People open 3% of their spam and 70% of spear-phishing attempts. And 50% of those who open the spear-phishing emails click on the links within the email—compared to 5% for mass mailings—and they click on those links within an hour of receipt. A campaign of 10 emails has a 90% chance of snaring its target.

If you do not recognize a spear-phishing attack, you may not realize you are losing data until it’s too late. By focusing on a particular person, cyber attackers can eventually gain direct or indirect access to critical data, including bank accounts, computer system passwords, work credentials and security clearances. Spear phishing is a precursor to a far more dangerous advanced attack.