Skip to main content
Email Phishing Methodology Hero
Use RedTeam Security's email phishing service to simulate real-world attack scenarios on to identify security awareness and personnel gaps.

RedTeam Security's Email Phishing Methodology

RedTeam Security's email Phishing Methodology combines industry-standard methodologies with our experience to develop a customized approach to testing employee's adherence to company procedures and their ability to protect company assets. As part of an email Phishing engagement, RedTeam Security will assess:

  • Whether employees can identify a suspicious or malicious email
  • How well procedures for disclosing information are followed and/or whether they are sufficient to protect company and client information
  • Whether suspicious emails are reported appropriately
  • In some instances, an email Phishing engagement will test the ability of technical controls to protect against phishing

RedTeam Security employs a standard methodology that includes multiple phases. These phases build on each other and ensure an effective and comprehensive test.

Information Gathering/ Open-Source Intelligence

As with other types of penetration testing, the first phase in an email phishing engagement is to focus on gathering as much information as possible about the target. This is done through passive reconnaissance and Open-Source Intelligence (OSINT). This is one of the most critical steps in the process because it helps to examine your organization from the perspective of a "bad guy" and enables RedTeam Security to see everything an attacker would by utilizing public tools, such as Google Earth, social media, and job boards. Using this approach, it is usually possible to learn a great deal about the business, its surroundings, and environment. 

In an email Phishing test, Information Gathering will consist of gathering employee email addresses and names and learning information about the company that can be used to develop relevant pretexts for phishing emails.

The depth of this phase will vary based on the specific engagement. In many cases, the client will provide much of the information needed to create the pretext and launch the attack (i.e., vendors and software used, the list of names and email addresses to target).

Attack Planning & Pretexting

Intelligence gathered through the previous steps is combined into a plan of attack. The plan of attack for an email phishing engagement includes creating a Pretext (the story being used and who will be shown as the sender of the phishing email), the email content, the email addresses and names of targets, the goals of the engagement (i.e., will RedTeam Security attempt to gather credentials, will the email infrastructure be tested to determine if they filter malicious files), timing, etc. RedTeam Security will also work with the client contact to obtain approval of the content and the format of the phishing emails.

Execution

This is where the team executes the attack, launches the email campaign, and monitors the results. Generally, phishing emails will be sent out in a phased manner, over a period of hours or days depending on the number of employees in scope, and then the email campaign will stay open/active for a week or two to allow for recipients who do not read their email timely.

Reporting

RedTeam Security will provide a report that includes the pretext/content included in the email, a summary of the results (who read the email, who took an action, etc.) and then each target's results. You can use the results to develop or enhance your security awareness training.

Tools

To perform a comprehensive real-world assessment, RedTeam Security utilizes commercial tools, internally developed tools, and the same tools that hackers use on every assessment. Once again, our intent is to assess security by simulating a real-world attack, and we leverage the many tools at our disposal to effectively carry out that task.

Get a Customized Proposal

Use our Scoping Questionnaire to provide us with the necessary information to put together a proposal for you. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
If you're interested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity For Penetration Testing.

If you have any questions, contact us at 612-234-7848 or schedule a meeting. We will follow up promptly once we receive your responses. We look forward to speaking with you soon.

Having trouble viewing the Scoping Questionnaire? Check to see if an ad-blocker is keeping the page from loading properly.

Dedicated Client Portal

Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.

Certified Security Experts

Our trusted security professionals hold certifications from the leading industry organizations, including OSCP, CASS, CPT, CISSP and more.

Research-Focused Approach

We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

Free Remediation Testing

Once your team addresses remediation recommendations, RedTeam will schedule your retest at no additional charge.