The Service

Simulated phishing tests are email based social engineering exercises, mirroring sophisticated real-world phishing attempts. At BH Consulting we construct a targeted campaign and send emails to your staff to test their response to typical phishing scams. This service is carried out remotely.

Social engineering is the use of communication methods such as telephone or email to deceive individuals into divulging confidential or personal data for fraudulent purposes. This type of attack typically tries to entice your employees into taking actions that undermine the security of information systems or disclose data. There are many different forms of social engineering used by attackers today such as; phishing, vishing, smishing, invoice redirection or physical compromise.

These types of exercise will determine if:

  • Your organisation’s email security systems will detect and block these suspicious emails

  • Your employees will engage with these emails by clicking on any links and/or attachments

The Benefits

  • Protect your critical data from being leaked via phishing attacks

  • Better equip your business and your employees to spot and mitigate phishing attacks

  • Reduce the risk of a phishing-related data breach, data loss or potential cyber attack

  • Decrease the need to disinfect or re-image systems after an attack

  • Minimise the risk of negative publicity generated by a data breach or interrupted operations

The Challenge

One of the key attack vectors used to break into an organisation’s system, is to send phishing emails to staff within the target organisation. Although implementation of security technology controls is important in securing your information systems, staff awareness and organisational security measures are just as vital in securing your business and your data.

Simulated email phishing test will evaluate how your users will react in the event of a real attack. They will educate your employees on how best to identify and respond to such attacks. Additionally, they can help you assess how effective your current strategies to defend against similar attacks are, and to what extent you need to improve your user awareness and education.

Our Process

Our consultants will work with you to agree the type of scenario(s) most suitable for the environment within your organisation. Based on this, they will then create customised simulated email phishing campaigns for your target audience that replicate the tactics of real-world attacks.

Once all tests are conducted and results gathered, we will provide you with a report of findings including some practical recommendations.

At the end of this engagement you will be able to determine whether;

  • Your organisation’s email security systems can effectively detect and block suspicious emails

  • Staff members have sufficient knowledge and awareness to detect such emails

  • Staff members will engage with these emails by clicking on any links and/or attachments within

At BH Consulting we believe in promoting a positive security culture in organisations; one that encourages openness and reporting of suspicious emails. With the appropriate training, your users can become your strongest asset rather than your weakest link.

Let’s Talk

Please fill out the below form and we will get back to you as soon as possible