Let's reduce employee click-rates by up to 100% together
Spear Shield Managed Phishing Simulations and real-time end-user awareness delivered as a fully-managed service has successfully helped customers reduce 70+% click rates to 0%.
Example Email Security Risk Posture Admin Dashboard
If your Secure Email Gateway is struggling to detect advanced phishing attacks, what chances do your employees have?
Cyber criminals are evolving their approaches to be able to evade traditional security defences. It's time we evolve our approach too.
But, my employees perform online cybersecurity awareness training... why isn't it working?
How does Spear Shield help organisations empower users and mitigate phishing risk?
Spear Shield have a 2-step approach to be able to help our customers identify human cyber risk in their organisation. If you'd like to learn more, take advantage of our FREE email security assessment.
Step 1. Understand risk
🔹 Understand how susceptible your employees are to phishing attacks
🔹 Understand how many phishing emails are slipping through your SEG's net and into your employees inboxes
Step 2. Finding a solution
🔹 Prove a solution can achieve the same results (if not, better!) than your current training programme before investing
🔹 Stop dragging employees away from their day jobs! Reduce operational costs + increase employee efficiency with real-time teachable moments
Spear Shield Managed Phishing Simulations &
Egress Defend Real-Time End-user Awareness Training
Name a better combination... we'll wait. 😏
Spear Shield Managed Phishing Simulation Service
Step 1: Template Design
Spear Shield's creativity knows no bounds!
All of Spear Shield's simulated phishing campaigns, landing and training pages are completely customisable. Spear Shield has multiple language choices available and ready to tailor to your organisation.
The most popular attacks we perform
🔹 Brand Impersonation
🔹 Company Impersonation
🔹 Social Engineering
Types of payloads
🔹 Credential Harvesting
Step 2: Reporting
Executive-ready reporting with all of the intelligence you require to provide cyber-assurance to your organisation.
🔹 Engagement Overview
🔹 % Click Rate
🔹 No. of Credentials Harvested
🔹 Individual Campaign Performance
🔹 Device Breakdown
🔹 Caught-User Breakdown
🔹 User Behaviours Insights
🔹 Consultative Recommendations
Egress Defend Real-Time End-User Awareness Training
“The team at Spear Shield have raised the awareness of cybersecurity within our organisation which has led us to empower and educate our staff around the importance of cyber risk.”
Protect against data breaches with intelligent detection
Sophisticated attackers know how to bypass the most common phishing detection approaches. Intelligent phishing detection helps you:
🔹 Protect against data breaches
Intelligent email inspection learns email behaviour patterns and detects anomalies and sophisticated phishing threats.
🔹 Empower users and reduce friction
Contextual, colour-coded warning banners provide teachable moments and risk mitigation without unnecessary disruptions.
🔹 Reduce administration overhead
A cloud-based architecture and self-learning detection technologies reduce configuration and ongoing maintenance workload.
Shaped by GCHQ
Egress Defend has been shaped by GCHQ to provide advanced detection capabilities that stop phishing early. Armed with Spear Shield's Managed Phishing Simulations service, your organisation can release key resources to focus on other threats and empower your employees to become cyber advocates who can identify future breaches.
Winner of the 2022 Global Infosec award for most comprehensive anti-phishing solution .
How is it licensed?
Spear Shield are an Egress Gold Partner. We have access to the best commercials available and are set-up as both a VAR (Value-Added Reseller) and MSP. This means, we can accommodate all preferred working styles and budget types.
Spear Shield Managed Phishing Simulation Service
Per no. of Mailboxes
Phishing Frequency Available:
One-off, Weekly, Monthly, Quarterly
- Phishing Simulations delivered as a Managed Service
- Up to 4 customised phishing templates per campaign
- Fully customisable Employee Landing Pages
- Full Detailed Reporting
Spear Shield Managed Phishing Simulation Service + Egress Defend
Per no. of Mailboxes/mo
Flat fee for up to 20 mailboxes
Managed Egress Defend combined with Quarterly run Phishing Simulations delivered as a fully managed service
- Quarterly Managed Phishing Simulations
- Egress Defend Solution
- Real-Time Teachable Moments for Employees
- Email Supply Chain Health Analysis
- ICES Integrated Cloud Email Security
- Up to 4 Customised Phishing Templates Per Campaign
- Fully Customisable and Branded Employee Landing Pages
- Full Detailed Phishing Simulation Reporting
- Egress Defend Solution Effectiveness insight
- Free Implementation
Egress Suite - Mitigating Inbound and Outbound Email Threats
Per no. of Mailboxes/yr
- Real-Time Teachable Moments
- ICES Integrated Cloud Email Security
- Accidental Send Prevention
- DLP Data Loss Prevention
- Secure Email Encryption
- Large File Transfer
Learn how we can empower your users and crush phishing together.
Schedule a chat for a time that suits you with a member of the Spear Shield team today.
Phish fighting, threat hunting, cyber risk mitigation experts.
Based in Ipswich, Suffolk. Spear Shield are a team of cybersecurity risk and mitigation experts who align their award-winning solutions and services to help businesses solve their cybersecurity challenges.
Yup, you read that right.
Free cybersecurity services that the security experts at Spear Shield can provide to help you identify business risk and prove our value as either an existing or future new cybersecurity partner.
Free Phishing Campaign
Network Visibility Assessment
Mobile Security Risk Assessment
Secure Email Gateway Assessment
Public Cloud Security Assessment
84% of businesses were hit with successful phishing attacks last year
Test and understand your employees cybersecurity awareness and risk with a fully managed phishing simulation delivered by Spear Shield.
What's the catch?
There isn't one. If you're an existing customer - this is limited to 1 per customer. If you're a new customer, we'd just like the opportunity to prove our value as a potential future supplier.
Learning how to defend your digital terrain starts with understanding what's on it.
You cannot secure what you cannot see. Allow the security experts at Spear Shield to perform an agent-less visibility assessment to help you understand EVERYTHING that is connected to your network, in real-time.
What's in scope?
Everything. IT, IoT, OT and IoMT.
Every personal and business-owned mobile device is a gateway to business data and your network.
Understand the mobile security risk that faces your organisation with a free 2-week engagement.
Types of Mobile Risk:
App permission abuse
But we have BYOD...
Don't worry, we have you covered! Mobile Security designed with user privacy in mind.
89% of IT Leaders voice frustrations with their Secure Email Gateway (SEG)
Let the team at Spear Shield help you identify suspicious emails that may be slipping through the net and give you visibility into your supply chain health with a free 2-week Email Security Risk Assessment.
Detect, respond and prevent the security and compliance gaps that could be leaving you exposed...
Included with every assessment:
- Network Visualisation – complete visualisation of public cloud environments, with detailed asset inventory
- Audit-ready reports – compliance and security best practice reports for leading standards
- Recommendations – remediation paths for any identified security and compliance gaps placing you at risk
Email Security Breach Calculator
Estimate the risk of an email data breach in your organisation with our free insider breach insights calculator.
This tool is based on real data to represent an accurate model of the likelihood of a data breach.
Everything you need to know about Spear Shield's Managed Phishing Simulation and Real-Time end-user awareness training service.
Does Spear Shield provide phishing simulation templates?
Yes, we do. Spear Shield Phishing Simulations are completely managed. We have many phishing templates pre-built and available to choose from and also own several custom domains. We continuously monitor the latest trending threats and ensure all of our out of the box templates are relevant and up to date to be able to provide the most realistic experience for your users as possible.
Can Spear Shield create a custom phishing campaign tailored to my organisation?
We sure can! Spear Shield offer complete customisation and can create hyper-personalised phishing campaigns tailored to your organisation. Including CEO Impersonation Attempts, Brand Impersonation attempts from 3rd party business partners, to anything you can think of! The team welcomes the opportunity to get creative with our phishing template designs.
What phishing attack payload options does Spear Shield have?
Spear Shield can create phishing campaigns with links, credential harvesting and attachments.
Is there anything I need to do to prepare for the phishing simulation?
Spear Shield will provide guidance on any steps required to ensure the emails deliver to your employees inboxes. Other than that, you can sit back, relax (just kidding... you have plenty of others things to do!) and wait for the reporting session.
Can Spear Shield test multiple domains?
Yes, we can.
Can Spear Shield perform SMSishing simulations?
Coming soon... It's an area we're currently evaluating. If you have an interest in performing a SMS phishing simulation on your employees - please do let us know.
What happens when an employee clicks a phishing link?
Spear Shield will provide their advice and recommendations on landing pages on a case-by-case, per campaign basis. Any landing pages created will have the phished employee in mind and we will always find that sweet spot between being informative and keeping it a positive experience for your users.
Does Spear Shield provide user training is a user clicks a link?
Spear Shield has end-user awareness training content readily available. All phishing simulation landing pages are completely customisable and can include your corporate branding to provide assurance to your users that this was just a security exercise and not a real attack.
I have my own training portal, can I send my users there after they click?
Yes, if you own your own training portal and would prefer to direct users to an internal LMS platform, Spear Shield can tailor the landing page accordingly.
What are the different types of phishing attacks?
The attacker sends an email that looks legitimate, designed to trick the recipient into either entering information in reply or on a site that they can use to steal their data or to gain access to their device/network.
Spear phishing involves targeting a specific individual in an organisation to try to steal their login credentials. The attacker often first gathers information about the person before starting the attack, such as their name, position, and contact details.
Vishing is short for 'voice phishing'. This is when someone uses the phone to try steal information from their victim. The attacker may disguise themselves as a trusted friend, relative or business contact.
An HTTPS phishing attack is carried out by sending the victim an email with a link to a fake website. The site may then be used to fool the victim into entering confidential information.
Pop-up phishing often uses a pop-up about a problem with your computer's security or some other issue to trick you into clicking. You are then directed to download a file, which ends up being malware, or to call what is supposed to be a customer support centre.
A whaling attack is a phishing attack that targets a senior executive in an organisation. These individuals often have access to sensitive areas of the network, so a successful attack can result in access to valuable information that can be used for ransomware and exploitation.
Social engineering attacks pressure a victim into revealing sensitive information by manipulating them psychologically.
Anglers use fake social media posts to get their victims into providing login info or downloading malware.
Smishing is phishing through some form of a text message or SMS.
Main-in-the-Middle (MTM) Attacks
With a man-in-the-middle attack, the hacker gets in 'the middle' of two parties and tries to steal information exchanged between them, such as account credentials.
A hacker creates a fake website that looks legitimate. When you use the site to log in to an account, your data is collected by the attacker.
Also referred to as DNS spoofing, is when a hacker imitates the domain of a company - either using email or a fake website - to lure the victim into entering sensitive information.
Image phishing uses images with malicious files in them meant to aid an attacker in stealing your account info or infecting your device.
Search Engine Phishing
A search engine phishing attack involves an attacker making fake products that looks attractive. When these pop up in a search engine, the target is asked to enter sensitive information before purchasing, which goes to the hacker.