The phishing test

BSM has developed a number of standard phishing tests that you can choose from. Moreover, we offer the possibility of customizing the test to your company and any specific wishes. For instance, we can copy your companies’ own platform to make employees believe that the email is coming from within the company. BSM’s phishing test is unique in this aspect, as no software has to be installed in your original mailing system. We use our own software and can develop the customized test after only a brief consultation with our client.   

BSM has been granted a license by the Ministry of Justice (POB 1104) to do research. All BSM’s employees have been screened and operate under a legal duty of confidentiality. 

Why a Phishing Test? 

In our current digital age, cybercrime poses a big risk. Every year, it inflicts tremendous damage to many different companies. For example, ransomware can result in the possibility for hackers to close off your digital system, giving them the opportunity to ask for money to re-open your documents and platform and bringing in a virus that infects your systems and steals passwords and other personal information is still very common. In many of these cases, a successful digital attack starts with a single email. Moreover, these phishing mails are becoming more and more dangerous because it is getting harder to distinguish between real and fake emails. A phishing test will provide crucial insight into weak spots in your companies’ digital environment. 

How does it work? 

First of all, agreements must be made about the test plan. After an agreement is reached about the plan and the moment the test will begin, the phishing test is sent to employees. During the test, multiple things are tracked, registered and included in a rapport that will be sent to you. This rapport will show shortcomings in the organization in the field of phishing attacks.  

What is tested? 

• Firstly, we test technical aspects. The phishing test should not reach the recipient because it has been ‘spoofed’. This means that the sender poses as someone else. If the email does make it into the recipients’ inbox, this means that the system administrator can improve the security of the system. If help is required in this aspect, BSM is capable of providing assistance. 
• Secondly and maybe even more importantly, the employees are tested. We check who opens the email, who clicks on a link, who submits their passwords or personal details and who answers the email. This data is shared with you in the final rapport. 
• Lastly, the password policy will be reviewed. When employees submit their password to us, we can only see the first two characters and the passwords’ length. The full password is hidden from us and replaced by asterisks.

   

After the phishing test, we offer an optional training for employees, focused on increasing awareness. From experience, we have noticed that these trainings are very useful and desirable for employees. The training focusses on increasing awareness with regard to (the dangers of) phishing and offers a space to ask questions. We discuss the dangers of phishing for a company and how to recognize a phishing mail. 

Costs 

The costs for a standard or customized phishing test depends on the number of participants and the complexity of the test. Use our online application form to receive a non-binding offer.