Simulated Phishing

Simulated phishing attacks are one way in which organisations can baseline and test staff in terms of their propensity to click on a malicious link or share their credentials. Simulating the latest types of phishing exercise – as they are ever changing – means you can understand which staff need additional training and where areas of weakness lie.

This safe and secure approach, combined with effective training, is proven to make organisations – and the people they serve – safer. It builds resilience, supports budgetary decisions and makes your whole cyber structure safer.

Dojo has teamed up with SafeHack UK to offer this approach to any public sector body; and the results are proven to deliver.

Cardiff Council

Cardiff Council was one of the first to run a combined simulated phishing and training approach across all staff. This first phishing exercise recorded the likelihood of officers, senior leaders, elected members and the IT team itself, clicking on malicious links or sharing personal credentials.

Head of IT at Cardiff Council, Phil Bear ran the exercise: “To ensure a comprehensive approach to cyber awareness two key elements were required; baselining the risk to the council across all our staff and identifying accessible, focused training to give every member of staff the knowledge they need to keep the council and themselves safe.”

Following this, the Dojo cyber training was rolled out to 2500 staff and then Phil and his team ran a second simulated phishing exercise.

“The second exercise showed a 61% drop in staff engaging with malicious emails and clicking erroneous links, and a 67% drop in people sharing their log-in credentials with the scam.

“This has given us the evidence required not only to make the training mandatory but focus further training on those people who may still succumb to a phishing attack.”

The Process

You will receive an email to your client. This e-mail should arrive in your inbox.​

When the campaign starts, the email is sent to a select group of users. Once a user clicks on the email, the information is passed back to servers. This enables us to monitor how many individuals have fallen victim to the campaign. ​

Within the email, text is use to entice the user to click on a link. This link will take the user to the phishing website.​

The web page is only designed to look similar, an eagle eyed user should see that the URL is wrong for the desired site. The login page will require users to enter their username and password. This is exactly how the criminals capture your data!​

Once the credentials are submitted, the user is then redirected to another web page hosted by SafeHack, giving them the option to download a file.​

When the user opens the file, a POST-BACK to SafeHack’s server is triggered. A POST-BACK is a message sent to the server saying “this file has been opened”.​