The patented spear phishing engine is an unique technology to automatically generate company-, department- and employee-specific phishing scenarios. Publicly available data from social networks and other media are used for the phishing content (OSINT).
The basis for our patented spear phishing engine is an OSINT analysis. OSINT stands for Open Source Intelligence and means combing through publicly available information for usable data. For example, profiles of your employees on social networks or your company profile on employer rating sites are analysed.
This collected data can be used for a attack potential analysis that shows how vulnerable your organization is through publicly available information.
Mainly, the spear phishing engine uses the collected OSINT data for realistic spear phishing simulations: Like a real attacker, it uses individual information of your employees to create fully automated spear phishing emails. These are harmless to your workforce, but effectively teach them how to recognize real phishing emails. In parallel, you can monitor the IT security behavior of your employees live in your dashboard.
A common mistake many people make is to assume that they themselves will not fall victim to cyber attacks or that attackers have no interest in attacking them. But this apparent security is deceptive!
Today’s phishing emails are becoming more and more sophisticated: based on personal information, deceptively real emails are created that can hardly be identified as phishing. Phishing simulation of the same quality makes it clear to employees that anyone can fall for phishing if they are not vigilant. They are effectively trained to recognize and ward off phishing attacks.
IT-Seal’s spear phishing engine uses publicly available information to create targeted and authentic phishing emails. To do this, it uses information about individual colleagues to create highly individualized content. This data is researched, for example in professional networks such as LinkedIn and Xing.
In addition, the Spear Phishing Engine can also use cross-company information and thus also create targeted spear phishing emails. This information comes from company rating portals such as Kununu. Used information can be for example a canteen, company sports or company benefits.
In general, we have built up a huge pool of different phishing scenarios over the years, which we regularly expand.
With IT-Seal’s spear phishing engine, you retain full control over the intensity of phishing emails for your employees at all times. Both short-term throttling of the intensity level and long-term interruption can be implemented quickly and easily.
Your personal awareness consultant will be happy to advise you and set up the phishing campaign according to your company and employee needs.
If a colleague receives a phishing simulation from IT-Seal and opens a link or file attachment or enters login data on fake pages, he is redirected to the IT-Seal explanation page.
Using the opened e-mail as an example, the user is shown specifically how he could have recognized the phishing attempt. In this moment of misconduct, the employees are particularly receptive to a sustainable explanation: The so-called “Most Teachable Moment” can fully unfold its learning effect. Frequently used psychological tricks (curiosity, fear, habit, …) are also explained.
The Reporter Button is an add-in for Outlook Desktop and Mobile that clearly defines and streamlines the reporting process for phishing incidents. It enables employees to forward a suspicious e-mail to a predefined address with a single click. If the reported e-mail is part of the IT-Seal spear phishing simulation, employees receive positive feedback immediately.
If the e-mail does not originate from IT-Seal, it is automatically forwarded as an attachment to the customer’s internal IT support for analysis. The goal is to simplify the reporting of phishing incidents and to keep the internal effort with the phishing simulation low.
Employees and data privacy are always in the foreground of IT-Seal’s phishing campaigns, which is why the results are always evaluated on a group basis and anonymously. By department, hierarchy or region – decide for yourself which groups you want to compare.
To measure the success of your phishing campaign with IT-Seal, we have developed the Employee Security Index, or ESI® for short. This standardized indicator enables you to regularly monitor the development of IT security awareness in your company and to compare departments with each other as well as to check the development over time.
Thus, there is transparency about the progress of your employees and the security culture of your company.