Targeted, Adversary-Level Spear-Phishing
We do tactical spear-phishing really, really well. At PhishU, we only offer phishing and cybersecurity awareness training so we can focus solely on advanced, bleeding-edge techniques like the attackers. More than 90% of breaches still occur from a convincing email. How does your employee training and defensive solutions stack up when you're targeted? This is as real-world as it gets!
Social Engineering Services
We perform highly customized, targeted spear-phishing with analytics to test your defenses and track employee awareness progress. We also help identify weaknesses in Multi-Factor Authentication and anti-spam implementations.
Security Awareness Training
After getting caught (or before!), take our awareness training to know what to look for next time and improve the security posture of the organization.
Cybersecurity Tools
Have your own internal security team? Purchase our tool to assist with internal phishing campains and awareness training.
What sets us apart
We offer highly customized campaigns catered to your environment and personnel. Some campaigns we've performed include spoofed Zoom desktop applications, SSO portals (Okta, Microsoft Online, Google, etc), remote administrative portals (Citrix, VDIs, VPNs), and many others! Head over to our Blog for more information on unique techniques and other campaigns we've delivered recently.
Email Campaigns
Target privileged users and craft campaigns with unique emails to every employee! We created dynamic templates and imported spreadsheets to be able to make each email unique and appear to be from that person's supervisor, if desired. No blanket company-wide emails!
Receive Catered Training!
We believe in continuous improvement and security awareness! Take our catered "University" training after a campaign to identify common "gotchas" based on real results! The training can optionally be required and confidential because we don't believe in shaming users but want to improve awareness for all!
Tools
Already have internal security resources? That's great! Work with one of our experts to perform a white-box campaign or, do it completely by yourself by using our phishing tool and training resources!
Analytics
We track detailed analytics for all components of our campaigns so you have real-time visibility into results of the engagements while they happen! We can also integrate into existing enterprise chat applications to monitor results as they come in using tools such as Slack, Discord, and Teams!
What if we already use KnowBe4 and have ProofPoint, Mimecast, etc?
It's no problem! We complement these other services by testing the effectiveness of existing training and security solutions. We also leverage our own bleeding-edge techniques that often bypass and identify gaps in awareness training and the most advanced technical solutions.
Is this necessary if we use Multi-Factor Authentication?
Absolutely! One of the big things we do for our customers is identify common MFA implementation vulnerabilities and offer guidance on how to harden authentication.
How is PhishU different than other Cybersecurity consulting firms?
Most security firms offering services either don't offer phishing, don't do it well due to roadblocks with spam prevention and cloud technologies today, or resell generic phishing tools which aren't as effective. This is our specialty and we purposely don't offer those other services so we can stay focused on what we do best!
Do you offer reporting or adversary simulation?
We bake analytics in for email opens, link clicks, visited landing pages, captured credentials, and every other statistic you can think of to help bring awareness to specific techniques and targeted training efforts. This is provided in a real-time dashboard so our customers can view results as they come in! We can also absolutely (and optionally!) use captured credentials to demonstrate the impact an attacker can have with remote administrative access and lateral internal phishing
Who's this for?
We help customers from all security maturity models! Bring us in early or, like a red team, after your security maturity is established to test your defenses! Ideally we could be used continuously to help provide ongoing security awarness in your organization, or train your internal resources to perform these services themselves when ready.
Request a Quote!