Our team of ethical hackers will create both broad and targeted phishing campaigns consisting of emails, phone calls, and even in-person visits where appropriate. We’ll then send out a variety of phishing emails, SMS messages, and phone calls to your colleagues.

Some of the phishing campaigns we send will be simplistic in nature and they should be easy to detect by your colleagues. Others will be highly sophisticated and target key decision makers in your organisation. Our goal is to identify how aware your team are at detecting social engineering attacks, how they respond, and to uncover any unmet training needs. 

The simulation will generate valuable data and statistics on how many of your colleagues fell victim to our simulated attacks, from which departments of your organisation, and when. The data gathered from our simulation will be dynamically updated on your client portal, allowing you to detect the types of attacks that succeeded and identify previously unknown weak points in your organisation that require increased security.

Rest assured, no malware will be installed on your computer systems when carrying out our simulated attack, and the details of your staff members will be kept strictly confidential. Our approach is specifically designed to educate your team without embarrassing them if and when they fall victim to our phishing attempts.

Your team will be given accounts to our e-learning portal upon joining the SENG Academy. Our online courses have been prepared and delivered by security experts, and through a combination of video content, written articles, and quizzes, your team will be able to detect and prevent up to 95% of social engineering attacks.

Our e-learning courses are regularly updated to reflect the changing threat landscape, and each module is delivered by an engaging presenter with relevant experience on cybersecurity’s front line. We like to keep each of our modules short, sharp, and focused to maximise engagement and retention. Finally, you’ll be able to track which modules each team member has completed through your client portal, and each participant will receive a certificate of completion.

Your team will learn:

• The fundamentals of security, including the principles of authentication, authorisation, confidentiality, integrity, and non-repudiation.
• The threat landscape: who is attacking your organisation, what is their motive, and how can you detect their presence?
• You’ll see the exact process hackers use to create malware, attach it to emails, and penetrate your computer systems.
• How to detect spoofed emails and SMS messages. Spoofing is the act of a cybercriminal impersonating someone else in your organisation. For example, a hacker could impersonate your finance director and email someone from your organisation using their email address.
• Checking the hash sums of files downloaded on the internet to verify their integrity.
• Implementing best practices for identifying and responding to social engineering attacks.
• How to remove metadata from files, and why it’s important for security. 
• Creating an information disclosure strategy and mitigating against OSINT gathering.
• +12 more modules.

The first step in any successful phishing campaign is OSINT, otherwise known as open-source intelligence. Cybercriminals will often heavily research your organisation’s website, social media channels, and online footprint before launching an attack. Even the simple act of uploading an image to your website can be enough for hackers to pin point the exact coordinates of where the photograph was taken!

Therefore, regular OSINT reviews are a crucial element of our SENG Academy. Through the use of automated tools and manual investigations, our experts will collect publicly exposed information about your organisation, reduce the amount of sensitive information about you floating around the internet, and help you to create information disclosure policies for your staff.