Phishing Drills
Service Overview ⫘
This drill tests the users within your organization to recognize malicious emails, raise individual security awareness, and increase users' vigiliance against social engineering attacks. A member of the Secureworks Adversary Group (SwAG) will deliver one or more phishing campaigns designed to emulate real-world phishing threats. The selected campaigns will be tailored to your organization and, if applicable, optimized to increase the rate at which your users (employees) interact with the delivered emails.
Service Methodology ⫘
Secureworks offers two types of phishing drills as described below:
Click and Log
Secureworks will craft a campaign from a set of standard, pre-made campaign scenarios that is delivered to a number of pre-selected employees. The phishing emails will contain a fictitious malicious link, and once the email is delivered to target employees, Secureworks will monitor traffic and collect data and statistics on employees who clicked-through the link which indicates interaction with a malicious email.
Credential Capture
Secureworks will perform Open Source Intelligence (OSINT) gathering and passive reconnaissance to customize a phishing campaign that aims to coerce a number of pre-selected employees to input their login credentials. Once emails are delivered, Secureworks will monitor traffic and collect data and statistics on employees who interacted with the phishing email and employees who submitted their login credentials. Please note that any obtained credentials will not be leveraged during this drill.
Outcome ⫘
Secureworks will issue a report to your organization’s designated point of contact. The report will detail the targets phished, methodology used, and the success of each campaign.
Scoping Information ⫘
| Scope | Description |
|---|---|
| Click and Log - Small | Up to 1000 target email addresses; up to 2 campaigns |
| Click and Log - Medium | Up to 5000 target email addresses; up to 4 campaigns |
| Credentials Capture - Small | Up to 500 email addresses and 2 campaigns |
| Credentials Capture - Medium | Up to 1000 email addresses and 4 campaigns |
Customer Obligations and Limitations ⫘
-
As the aim of this drill is to directly test end users and not email security, the phishing email sending domain must be whitelisted and permitted through any email filters or security devices(do not block it using mitigating technologies) or the phishing drill cannot be completed.
-
The service unit costs for this drill are for standard templates that Secureworks uses (only available in English). Any template customizations or additional languages will incur additional service units.