You are opening our English language website. You can keep reading or switch to other languages.

Spear Phishing Campaign for an International Company

Location

Global

Services

Security Testing Services

Client

The customer is an international company that owns an online customer success platform. The platform offered end users multiple tools and features to help businesses manage and optimize customer relationships. The company`s structure consisted of multiple internal departments spread around the globe.

Business Challenge

Since most of the company`s employees work remotely from different geo-locations, the client wanted to identify the level of social engineering threat awareness among the company`s personnel. Verification of the ability to steal the employees’ credentials used for access to the company`s resources was considered the main goal of the exercise.

Soluiton

For the project, DataArt utilized a proprietary methodology that closely replicated the steps conducted by real malefactors during real phishing attacks against organizations.

The methodology consisted of four main phases described below:
  • Planning: Working closely with the client to clearly define and document the campaign’s objectives, targets, and rules.
  • Preparation: Analysis of the desired targets and preparation of a simulation roadmap; development of tailored email templates and landing pages; setup and configuration of the technical infrastructure.
  • Execution: Simulation start and real-time monitoring of the actual state of the campaign.
  • Reporting: Detailed analysis of the obtained results from the simulation and preparation of a final report for the client.

For a more precise focus of the campaign, the client provided a full list of their employees, which were included in the scope of the phishing simulation. DataArt split all targets into several groups based on their department to prepare for the campaign. For each group, DataArt prepared a tailored phishing template and a landing page focused on the group`s specifics and closely mimicked the legitimate resources well-known by the targeted persons.

Business Benefits

As a result of the exercise, DataArt presented the client with detailed statistics covering employees who reached the specific step of the malicious workflow (opened an email, followed the malicious link, or submitted credentials). All obtained results were aggregated by departments, positions, and offices. In addition, DataArt provided a list of recommendations to assist the client in improving overall employee security awareness regarding phishing attacks.

Tools Used by the DataArt Team Include:

Gophish
Postfix
AWS Route53
AWS EC2
Cyber SecurityPenetration Testing
Share
Contact Us
Please provide your contact details, and we will get back to you promptly.
Company
Services
Industries
Insights
Clients
Contact Us
Anonymous Report
Sustainability Report
New York
London
Zug
Munich
All locations

By using our site, you acknowledge that you have read and understand our Privacy and Cookie Policy.

All trademarks listed on this website are the property of their respective owners. All rights reserved.

Copyright © 2025 DataArt