All of Spear Shield's simulated phishing campaigns, landing pages and training pages are completely customisable. You can either choose from a pre-built template that's been designed based on the threat intelligence we have of real-world phish that has been able to evade detection from M365 and 3rd party Email Gateways or, we can create a personalised one targeting your organisation - at no additional cost.

The phishing campaign is designed to test your users' awareness, not your existing email defences. The team at Spear Shield will help you whitelist an IP and domain in Microsoft 365 or your 3rd party SEG.... and that's it! Resource and change control required is minimal.

The team at Spear Shield will provide guidance on when the best time to schedule and run your phishing campaign is.  They can be delivered as either 'a big bang approach' where we send the phishing email to all users' at one. Or, we can drip feed the emails to your users over a chosen period of time.

Spear Shield will arrange a meeting to present the exec-ready reporting to provide user behaviour insights, campaign results and consultative recommendations for end-user security awareness and training best practice.

QR phishing, or QR code phishing, is a deceptive cyber tactic where attackers use QR codes to lead individuals to malicious websites or prompt them to disclose sensitive information. By disguising harmful URLs behind innocent-looking QR codes, attackers exploit trust in QR scanning for malicious purposes. These codes may appear in emails, on posters, or even in physical spaces. Vigilance is crucial to avoid falling victim to QR phishing and Spear Shield can help you identify the risk and raise user awareness via a QR phishing simulation.

Attachment phishing involves cyber attackers sending deceptive emails with malicious attachments. These attachments often appear legitimate, enticing recipients to open them. Once opened, they can unleash malware, ransomware, or other harmful elements, compromising the recipient's device and potentially the entire network. Commonly disguised as invoices, documents, or seemingly innocuous files, these phishing attempts prey on unsuspecting users. Spear Shield can send attachment simulations to help you understand the risk and raise user awareness.

Impersonation phishing involves cyber attackers masquerading as trusted entities, such as colleagues, executives, or reputable organisations, to deceive individuals into divulging sensitive information or performing harmful actions. Attackers often use sophisticated social engineering tactics, manipulating email addresses or crafting messages that appear genuine. Employees may be tricked into sharing credentials, financial details, or executing malicious actions. Guard against impersonation phishing by questioning unexpected requests, verifying email addresses, and implementing multi-factor authentication. Identify the risk and help protect personal and organisational information from these deceptive attempts through a simulated impersonation phish.

Spear phishing is a targeted and highly personalised form of cyber attack where malicious actors tailor deceptive messages to a specific individual or organisation. Unlike generic phishing attempts, spear phishing involves in-depth research to craft emails that appear authentic and trustworthy. Attackers often use information about the target's interests, relationships, or work responsibilities to increase the likelihood of success. These emails may contain malicious links or attachments, aiming to compromise sensitive data or gain unauthorised access. Spear Shield can help tailor a Spear Shield to help you identify risk and raise user awareness in your organisation.

Brand impersonation involves cyber attackers mimicking well-known and trusted brands to deceive individuals into taking actions that may compromise their personal information or security. Perpetrators often replicate official logos, websites, or communication channels to create convincing facades. Emails or messages appearing to be from reputable brands may request sensitive information, login credentials, or financial details. Spear Shield can help simulate a brand impersonation attempt to help you identify risk and raise user awareness.

Understanding your users' baseline awareness is an important first step in understanding the user risk in your organisation. Spear Shield will help work with you to ensure a fair assessment across all users', typically a baseline awareness campaign will be delivered in 'stealth mode' and will try stay under the radar to ensure a fair test across all employees.

Credential harvesting phishing simulations is a proactive cybersecurity exercise designed to mimic real-world attempts by cyber attackers to illicitly obtain login credentials. In this simulated scenario, employees receive deceptive emails or messages that imitate legitimate sources, urging them to click on malicious links or enter sensitive login information. The simulation evaluates the organisation's susceptibility to credential harvesting techniques, helping identify potential vulnerabilities. By engaging in these simulations, employees gain hands-on experience in recognising and experiencing a phishing attempt, bolstering your organisation's defences against credential theft. Remember, hackers don't break in - they log in!

Spear Shield will put together a user awareness poster that you can share internally via comms, upload to staff intranet, display on digital signage, etc to help raise awareness after each campaign and share the results in a manner that promotes positive enforcement for users' and avoids any type of name and shame.

It's important to provide internal praise and recognition for any users' who report the phishing simulations to I.T to ensure this positive security behaviour is continued when an employee may be faced with a real phish that has been able to evade detection from your security controls.

Users' will benefit from point in time training that provides a full breakdown of the phishing email they've received with highlighted 'gotchas' to help them understand how they could have spotted that it was for a phish for next time. For Spear Shield customers that would like to build on this, speak to a member of the team about enrolling your users' into Spear Shield's Cyber Academy. 12 Month, tailored end-user awareness training programme.

The team at Spear Shield will provide consultative recommendations if you feel your users' would benefit from additional security controls. Spear Shield specialises in helping organisations empower their users' and reduce their employee click-rates through an Integrated Cloud Email Security Layer (ICES) that is designed to augment M365. Spear with a member of the team about Egress Defend to learn more about the combined approach.