Outline the scope
Establish the project objectives, to scope the number of domains / sub-domains needed to be monitored for anti-phishing, phishing & pharming, malwares, incident response, phishing site take down service etc.,
Launch the phishing program
Once the objectives have been set, we will conduct a mass test phishing attack to the domain email ids. Generate a lookalike domain for launching a phishing attack. Our team will monitor the domain name registrations that is a concern. Monitoring the domain name registrations would prevent an upcoming phishing attack.
After the phishing campaign has been completed, next we will do an analysis on the incident response. Report will be generated of users with email id who have responded to the phishing emails who could be a potential risk in the workforce.
Incident report will be provided to the client which will be helpful for addressing the IT security awareness within the employees regarding the phishing attacks. AMBC will provide periodical reports reflecting the progress on IT Security.
Risk awareness program
Phished users will be sent an email containing the awareness that he or she has been victimized by the phishing attack and provide them training material to recognize malicious emails and to react responsibly to avoid further risk in the network.
Track and measure Success
Users will be tracked for clicking the phishing emails and links. Continuous measure of those who require training will be monitored. Our team will monitor phishing attack URL and will notify in case of any resumption of phishing activity.
Repeat phishing cycle
Re-iterate the phishing cycle after completing the first round of anti-phishing.