iPad Phish Yellow Room Learning

What Is 'Phishing'?

Phishing via email is the attempt to trick people into clicking a link, or opening an attachment, that subsequently installs malware or requests certain credentials on a fake or spoofed website. The attacker masquerades as a reputable organisation or person and will usually create a story that is compelling enough for the victim to carry out the desired action.

What Is 'Simulated Phishing'?

Simulated phishing allows your employees to gain exposure to the types of phishing emails commonly seen in circulation without experiencing the consequences of a real attack. We craft and send the email from our in-house phishing server, we deliver educational landing pages to teach people how they could have identified it as a phish, we track the clicks and then we provide you with a report of results so that we can monitor the success of the programme.

Yellow Room Learning Phishing

Campaign Roadmap

At the beginning of the campaign we set the objectives and agree a timetable of attacks. We discuss the acceptable types of content to be delivered, the intended target audience and, if required, an introduction to the campaign for your employees.

Custom Phish Creation

We create a set of HTML phishing emails to be delivered throughout the campaign. The emails will range in complexity and will challenge your employees to search for visual clues that could identify it as a scam.

In-house Servers

We deliver the phish emails directly from our in-house phishing server. Tests will take place prior to delivery to ensure the emails can get through your filters and determine whether our servers need to be whitelisted.

Educational Landing Pages

Should the employee click on the link in the email they will be diverted to a landing page where hints and tips about recognising that particular email as a scam will be given. The same landing pages will also be sent to all participants after the attack has concluded.

Click Tracking

Our phishing servers are able to track emails opened and links clicked. We can also provide names of people who clicked the link, not to name and shame, but to highlight areas of the business that may need additional training. This information is never made public.

Progress Reporting

After each phish we provide a full report, which we can review together, that can help to identify additional awareness initiatives and training, if required. This report is only ever made available to the programme owner and will not be shared without your permission.

Yellow Room Learning Spear Phish

Spear phishing is a highly targeting form of phishing attack

How do you spear phish?

We select a target, we carry out detailed OSINT (open source intelligence) and we start to form a profile of that person. We then craft a phishing email tailored to that one individual using all of the intelligence we have gathered. Because the attack is personalised it has a greater chance of success.

Why spear phish?

Spear phishing is a technique widely used by social engineers to compromise their victims. Knowing their tactics is the first step to defending against them. It also highlights the need for caution in regards to the information that is openly posted on the internet.

Awareness Healthcheck

Ask us about a free phish and report - no obligation to go ahead with a campaign.