Can your employees
get to know targeted phishing? fraudulent calls? social engineering? planted USBs? fake invoices?
BOIT – IT Security and Protection
#doingbusinesssafer
Our campaigns are professional. Take a look.
In our virtual mailbox you can test your observation.
Start by clicking on your email.
We don’t use simulators –
we work as a real attacker
We will always customize the phishing scenario according to your needs and requirements.
You will not see any uneditable templates in English here.
How does the phishing test work?
You’ll be in touch with our phishing campaign experts throughout the testing period.
From the initial consultation on the wording of the phishing message and the simulated target site (OWA, SharePoint, intranet, …) to the delivery of the final report and the domain used in the testing.
After the start of each campaign, you will receive interim results from us so that you have real numbers for management.
We will also advise you on how to respond to questions and suspicions raised by users.
Scenario selection
For a successful attack, you need to choose the right scenario - that is, a story that motivates the employee to take the action the attackers want him to take.
Together, we select realistic scenarios and define the target groups to be targeted by the simulated attack.
We alwaystailor the scenarios to the customer or create a unique scenario for you in any language.
Setting exceptions
We can also do blacbox text, where we will monitor the response of your security systems, but it is better to set exceptions.
We are simulating the worst case scenario, when everything fails and phishers enter the company.
We can then measure the success of campaigns without bias.
Start of testing
We usually release the first phishing within three weeks of the request.
The average time to collect relevant results is one week. We keep you informed about how the campaign is going and whether everything is going according to plan.
Clear evaluation
We measure how successful the campaign was - we find out how many users opened the message, how many clicked on the fraudulent link, at what time and on which device.
We'll also see how many employees have even logged into the fake portal.
The evaluation can be very detailed, where we can see which user, and at what position, entered what password into the compromised system, when and from where.
Sample of the final reportVerification of acquired knowledge
Repetition is the mother of wisdom, so it is not surprising that we recommend repeating the test after 3 to 6 months.
We have long-term contracts with several clients and test employees at random intervals throughout the year.
We can also send out an educational newsletter to employees after the campaign has been evaluated and follow up with education to raise security awareness.
InquireInterested in more?
Pavel Matějíček talked about aspects of simulated phishing campaigns for O2 CyberNews magazine.
We test the security awareness of
employees comprehensively
We recommend supplementing the Phishig test with the following social engineering techniques.
This will give you a holistic view of employee behavior, which will help you identify weaknesses in cybersecurity.
Baiting
We will also check your employees for planted storage media in the company perimeter by baiting – planted USB drives in and around the workplace.
Vishing
Security mystery shopping.
We’ll find out if your employees will trust us with internal information.
Quishing
QR codes can be misused by an attacker, for example on invoices.
Test your accounting and processes.
Interested in an employee phishing test?
Leave us your contact information.
We will get back to you with a non-binding quotation.