Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Managed Phishing

Are your employees ready and able to deal with a mass phishing campaign? Are you confident your perimeter controls and security awareness are up to date? Defendza can help you by staging a phishing exercise to test your team’s abilities.

Read more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

Our clients choose to work with Defendza's MSS for a variety of reasons. More often, this decision is driven by a lack of in-house resource for niche areas of security or the need for security monitoring and management outside of normal operating hours. Further, our MSS team also conducts regular security audits or respond to any investigate incidents.

Methodology

Our regular OSINT MSS would scan for the following against your organisation

Vishing (Voice Phishing)

Vishing involves phishing using the phone. The phisher calls an unsuspecting victim over the phone pretending to be a worker of a supplier, support helpdesk or even from the bank, to collect personal information. 

Smishing (SMS Phishing)

Unlike email phishing, for Smishing, the attack vector is a phone number. The phisher pretends to act on behalf of a trusted or legitimate company and sends an SMS to the unsuspecting victim. This could be a genuine sounding reason that needs immediate attention like e.g..., announcing that they have won a prize or offering them to participate in a raffle or context. 

Is your business prepared to defend against targeted attacks?

Spear phishing attack is usually personalized. Hackers normally include some personal data in the phishing emails, such as the name of the victim, their role in the company or even (for a personal touch) their phone number. The reason for this is to gain their confidence and, therefore, obtain the information they need to compromise the corporate network and access the confidential data they are looking for.

Mass phishing

Mass phishing emails are sent to a group of people with similar interests based on their brand preferences, demographics, and choices. In a mass phishing attack, the emails sent to unsuspecting users are clones of genuine-looking websites like Amazon, Microsoft, Paypal or even delivery site like UPS.

Email Phishing

Email phishing is one of the easiest types of phishing and is used to trick unsuspecting users into giving information without their knowledge. This phishing can be launched in several different ways:

  • Sending an email through a familiar name like from a well known Support used by their company or vendor,
  • Sending an email impersonating their superiors requesting for an immediate response with sensitive data. Just by seeing the superior's name and the urgency of action, some users may click on the link. And finally,
  • Impersonating the identity of an organization and asking employees to share internal data.

Leaked Information (Documents, Internet and Dark Web)

Multiple searches are performed on the internet as well as darknets (overlay networks that require specific software/configuration). Using several web services, utilities, scripts and other techniques are used to search the leaked sensitive information.

As part of Defendza's methodology, online searches are performed about employees that actively posted information online. This involves searches around code repositories such as Github, developer forums, test and staging websites.

Information such as usernames/names of employees, software products names is searched and extracted from inside the documents found online. 

Email Harvesting

Email addresses are harvested from the internet using special scripts to look for target domains.

Based on the naming notation, personnel names are searched from online sources that are then used to create email addresses. This is one of the techniques used as a preparatory step for phishing campaigns.

Staff Credentials Abuse

Follow risk based approach, you don't want to wait until the incident.
Call Us Now

Key Benefits

Our MSS team is waiting at
Call Us Now

Related Services