Ethredix Ethredix
CS

Phishing Campaigns

Simulated phishing campaigns to test employee resilience and increase security awareness.

Realistic Simulations

Phishing emails mimicking real attacks including current threat actor tactics.

Detailed Metrics

Tracking open rate, click rate, credential submission and reporting rate.

Educational Moment

Immediate feedback for users who click - learning page with explanation.

Types of Phishing Campaigns

Email Phishing

Classic phishing emails mimicking banks, vendors, IT departments or management.

Password reset, invoice scam, package delivery, urgent action required

Spear Phishing

Targeted attacks on specific departments or positions with personalized content based on OSINT.

Executive impersonation, vendor compromise, colleague requests

Credential Harvesting

Phishing pages mimicking login portals (Microsoft 365, VPN, webmail) to harvest credentials.

Fake login pages, OAuth consent phishing, QR code attacks

Malicious Attachments

Testing response to malicious attachments - macro-enabled documents, ZIP archives, PDFs with links.

Invoice.xlsx, CV.docm, Proposal.pdf.exe

SMS Phishing (Smishing)

Phishing via SMS messages - package delivery, banking alerts, two-factor bypass attempts.

Short URLs, urgent action, suspicious sender IDs

Vishing (Voice Phishing)

Phone-based phishing attacks - IT helpdesk impersonation, vendor verification, CEO requests.

Caller ID spoofing, pretexting scenarios, social engineering

Metrics and Reporting

Tracked Metrics

  • → Delivery rate
  • → Open rate (email opened)
  • → Click rate (link clicked)
  • → Data submission rate (credentials entered)
  • → Reporting rate (reported to IT/security)
  • → Time to click

Data Segmentation

  • → By department
  • → By position (exec vs. staff)
  • → By location
  • → Trend analysis (comparing campaigns)
  • → Repeat offenders tracking

Benchmark Comparison

Comparison of your results with industry benchmarks and best-in-class organizations.

Actionable Recommendations

Specific recommendations for improvement - targeted training, policy updates, technical controls.

Campaign Process

01

Planning & Customization

Goal definition, scenario selection, email customization based on your branding and tech stack.

02

Target List Preparation

User import, segmentation, exclusion list setup (C-level opt-out option).

03

Campaign Launch

Staggered email sending for realistic impact, tracking begins.

04

Real-time Monitoring

Live dashboard with metrics, immediate feedback for users who click - learning page.

05

Analysis & Reporting

After campaign completion (usually 1-2 weeks) complete analysis, high-risk user identification, recommendations.

06

Follow-up Training

Targeted training for users who failed, or company-wide awareness session.

Frequency & Pricing

One-time Campaign

Single phishing simulation for baseline assessment or incident response test.

Quarterly Program

4 campaigns per year with different scenarios, trend tracking and progressive difficulty.

Continuous Testing

Monthly random phishing simulations to maintain high vigilance.

Book Phishing Campaign