SecureState begins any targeted phishing assessments by creating viable pretexts through extensive research of open source intelligence on the target company and its target employees. Effective pretexting requires a scenario that will convince the victim to take an action beneficial to an attacker, such as clicking a link to visit a malicious website.
SecureState then sends emails, places phone calls, or drops devices based on the pretexts. The goals of these actions is based on what the client wants to assess. SecureState may attempt to execute malicious payloads on user systems, harvest credentials to assess internal security, or merely track user actions to perform trending analysis and raise user awareness.