Would you like more information about phishing simulations?
Then simply get in touch with our experts.
Nikolas Rösener
Security Expert
- cyber-security@ohb-ds.de
- 0421220950
Phishing describes the process of obtaining sensitive data by deceiving the communication partner. A wide variety of media are used as a means of communication, but in most cases a phishing attack is carried out by email. The target person is made to feel compelled to act by fictitious facts, such as a request to change a password due to suspicious activity. This false sense of urgency tempts the target to be careless and become careless, which leads to the attempt at deception not being recognized and sensitive data flowing to the attacker.
It is important to understand that phishing targets the human component in technology and therefore protection against such attacks can only be supported - not prevented - by technical measures such as spam filters.
We help you to recognize potential risks within your company in good time and to ensure that your employees and your data remain secure through realistic phishing simulations and targeted awareness training.
In many cases, phishing attacks aim to obtain sensitive data such as login or payment information from the target employee. Attackers can then use this information to access other data, such as other employees' data or even customer data.
The consequences for the company range from valuable, stolen internal company information to serious financial damage and even media uproar, which can lead to the loss of customers. Depending on the type of data stolen, there may also be consequences for employees or customers in their private lives. This can lead to identity theft and bank transfer fraud for affected persons.
Another common attack scenario involves email attachments and download links. If the target employee opens a malicious attachment, malicious code is executed on the employee's computer, which the attacker has embedded in the attachment. This malicious code can have various purposes, but it is often so-called ransomware, which encrypts all data on the hard disk and demands a large sum of money as a ransom for decryption.
In the event of ransomware, the company may suffer major financial losses. Systems may also fail or be compromised due to malicious code being executed. Cleaning up infected systems is also a time-consuming and cost-intensive process. In addition, the incident may be publicized in the media, which can lead to the loss of customers and thus to financial losses.
The most common type of phishing involves generic emails that are sent to different people. The focus here is on a broad target group, as this potentially gives the attack a higher chance of success.
Spear phishing targets exactly one person. Precise information about the target person is used to create a customized email, which appears trustworthy and suggests authenticity due to its level of detail. In contrast to the classic phishing approach, the malicious email is not sent to different people, but only to the person to whom the email has been tailored.
Whaling is a special form of spear phishing in which a person from a management or executive level in a company is targeted.
The term "vishing" is made up of the English word "voice" and the word "phishing" and describes the acquisition of sensitive data through telephone calls. By imitating other people, an attempt is made verbally to get the target person to disclose private data. Attackers pretend to be employees of a company in order to justify their demand for personal data and to prevent the target person from becoming suspicious.
The term "smishing" is made up of the abbreviation "SMS" and the word "phishing" and describes the acquisition of sensitive data by sending SMS messages. The approach is similar to classic phishing by email. For example, parcel deliveries are used as a disguise to deliberately trick the target person.
Through individual, realistic simulations of phishing attacks, we can help you to determine the current security level of the human component of your company. To this end, we carry out a phishing campaign tailored to your requirements and, based on the analysis of the simulation results, develop individual improvement options for security within your company in order to protect you from malicious actors in the future.
We appreciate the individuality of your company and therefore create customized campaigns for you that are precisely adapted to your circumstances and needs. Based on your data protection guidelines and compliance procedures, we can adapt our simulation accordingly and, thanks to the solution we use, carry out evaluations without personal data. You also benefit from a detailed report after the completion of our simulated phishing attack, which is characterized by a large number of key performance indicators (KPIs) and corresponding metadata that are relevant to you.
If a simulation of a phishing attack is not an option for you, we also offer targeted training for your employees and management positions, in which we address specific risks for the respective person, practise the timely recognition of phishing attempts and, based on this, design and suggest measures for everyday work.
OHB Digital Services GmbH
Konrad-Zuse-Str. 8
28359 Bremen
You need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Turnstile. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information
