FAQ

For a successful attack, it is necessary to choose the right scenario - that is, a story that motivates employees to take the action that the attackers want them to take.

Together we select realistic scenarios and define the target groups that the simulated attack should be aimed at. We always adapt the scenarios to the customer or create a unique scenario for you in any language.

We can also use blackbox text where we will monitor the response of your security systems, but it is better to set exceptions. We simulate the worst possible scenario where everything fails and phishers break into the company. Then we can measure the success of the campaigns impartially.

We typically publish the first phishing attack within three weeks of the request. The average time to gather relevant results is one week. We will keep you updated on how the campaign is progressing and whether everything is going according to plan.

We measure how successful the campaign was – we find out how many users opened the message, how many clicked on the fraudulent link, at what time and on what device. We also see how many employees actually logged into the fake portal. The evaluation can be very detailed, where we see which user and in which position entered which password into the compromised system, when and from where.

We recommend repeating the test after 3 to 6 months. We recommend testing employees at random intervals throughout the year. After evaluating the campaign, we can also send employees an educational newsletter and then conduct training to increase security awareness.