RED TEAM SERVICE

PhishingAssessment

Realistic phishing simulations to measure employee susceptibility and strengthen your human firewall against social engineering attacks.

NIST

800-50 Aligned

8+

Attack Scenarios

2 Weeks

Campaign Duration

Start Campaign View Methodology
Phishing Assessment

What We Test

Email Phishing

Classic email attacks

Vishing

Voice phishing calls

Credential Harvest

Fake login pages

BEC Attacks

Executive impersonation

Watering Hole

Website compromises

Pretexting

Social engineering

MFA Bypass

Token theft attacks

USB Drops

Physical social eng

OUR METHODOLOGY

Assessment Process

1
OSINT Gathering

Reconnaissance

Gather open source intelligence to craft realistic, targeted phishing scenarios based on organization context.

  • Email harvesting
  • Social media analysis
  • Organizational mapping
  • Employee profiling

Tools

theHarvesterLinkedInHunter.ioOSINT tools
2
Scenario Creation

Campaign Development

Design realistic phishing scenarios including email templates, landing pages, and tracking infrastructure.

  • Template creation
  • Landing page cloning
  • Domain setup
  • Payload preparation

Tools

Gophishevilginx2Custom domainsSSL certs
3
Email Delivery

Campaign Execution

Deploy phishing campaigns with careful timing and tracking to maximize realistic assessment data.

  • Timed delivery
  • A/B testing
  • Click tracking
  • Credential capture

Tools

SMTP infrastructureTracking pixelsForm handlers
4
Metrics Analysis

Analysis & Reporting

Comprehensive analysis of campaign results with department breakdowns and industry benchmarking.

  • Metric analysis
  • Department comparison
  • Trend identification
  • Risk scoring

Tools

Analytics dashboardCustom reportingVisualization
DELIVERABLES

Sample Report Structure

Emails Sent

2,500

Open Rate

68%

Click Rate

34%

Credential Submit

18%

Report Rate

8%

Campaign Type

3 scenarios

Key Finding

High susceptibility to social engineering attacks. 18% credential submission rate exceeds industry benchmark of 5%. Security awareness training and technical controls required immediately.

ATTACK TYPES

Phishing Scenarios

CRITICAL

Credential Harvesting

Success Rate

28%

Industry avg: 12%

Description

Classic phishing with cloned login pages to capture user credentials. Most common and effective technique.

Technique

Cloned O365 login page SSL certificate for trust Real-time credential capture MFA token relay capability

Defense

Phishing-resistant MFA (FIDO2, hardware keys). User training on URL verification. Email security gateway.

Social EngineeringTest Your Users
0+
800-50 Aligned
0+
Attack Types
0+
Scenarios
0+
Reporting

Test Your Human Firewall

Measure and improve your organization's resilience to phishing attacks with realistic simulations.

Get Started