Targeted Phishing Test

Simulating a real world attack, a targeted phishing test involves selecting key targets and developing custom attacks to measure their ability to identify and respond.

Institutions often see targeted phishing attacks on their employees, in which attackers seek to gain access to confidential information and intellectual property. Through a targeted phishing attack, SecureState is able to develop a custom and sophisticated attack (much like what would be seen in the real world) to see how vulnerable a high profile individual might be. This allows organizations to understand gaps in their training programs to ensure they can properly prepare for and defend against an attack.


It is not hacking that results in the most damaging penetrations into an enterprise's security system. It often is the work of an employee within the enterprise that causes the most harm. In most of the organizations, security measures are focused on attacks from the outside. The insider threat usually is ignored, although it is an important area of concern. 


SecureState is highly skilled at conducting targeted phishing assessments and has publically released tools to improve the process. We frequently conduct these assessments for clients and have a very  high success rate of compromise as well as eliciting sensitive or confidential  information. SecureState consultants are also frequently asked to speak  publically regarding Social Engineering practices; as well as help teach  employees how to help prevent themselves from being a victim.

Detailed Approach

SecureState begins any targeted phishing assessments by creating viable pretexts through extensive research of open source intelligence on the target company and its target employees. Effective pretexting requires a scenario that will convince the victim to take an action beneficial to an attacker, such as clicking a link to visit a malicious website.

SecureState then sends emails, places phone calls, or drops devices based on the pretexts. The goals of these actions is based on what the client wants to assess. SecureState may attempt to execute malicious payloads on user systems, harvest credentials to assess internal security, or merely track user actions to perform trending analysis and raise user awareness.

Get Started!