{"id":2824,"date":"2014-11-25T12:25:34","date_gmt":"2014-11-25T12:25:34","guid":{"rendered":"https:\/\/dn-www.azurewebsites.net\/2014\/11\/25\/phishing-defence-by-attack\/"},"modified":"2024-02-06T12:18:39","modified_gmt":"2024-02-06T12:18:39","slug":"phishing-defence-by-attack","status":"publish","type":"post","link":"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/","title":{"rendered":"Phishing &#8211; Defence by Attack"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2824\" class=\"elementor elementor-2824\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4f51c5d1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4f51c5d1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-87dd23\" data-id=\"87dd23\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7c4d9b7c elementor-widget elementor-widget-text-editor\" data-id=\"7c4d9b7c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Arguably one of the biggest threats that businesses face today is phishing. With a greater understanding of external security, the criminal element is relying on phishing attacks as a method of compromising organisations and bypassing traditional defences. Additionally, phishing attacks are a common way of distributing malware such as ransomware. With off the shelf phishing attacks available for purchase, the opportunity for even the untrained criminal to launch an attack is now possible. With reported phishing cases on the rise, what can be done to help defend staff and the business they work for from the threats of phishing?<\/p>\n<p>Because phishing relies on people to perform an action, it is possibly one of the hardest areas that an Information Security Manager is challenged with. At Dionach, we run frequent phishing attacks and the proportion of those in which we manage to fully compromise the target is alarming, often allowing us full access to critical systems and data.<\/p>\n<p>Part of Dionach\u2019s methodology when running a phishing attack is to run a staged approach over a period of time. Stage one will be to test the organisation\u2019s overall susceptibility to phishing and try to entice staff to click on links, which we have blatantly created. Stage two is to move on to a slightly more specific approach, maybe focusing on a smaller target group and with some relevant information they would find interesting. The final stage will be to select a number of specific individuals, identify their possible likes and motivations and stage our final attack, which will be specific to those individuals.<\/p>\n<p>Defence in depth is a fundamental part of any information security strategy. In the vast majority of cases, someone targeting your organisation will have some level of success. A phishing campaign will help to understand your organisation\u2019s exposure from an external perspective. Analysing the effective attack vectors used in a phishing exercise will help improve the understanding of some common internal vulnerabilities that increase the likelihood of a phishing attack being successful.<\/p>\n<p>Dionach consultants have successfully managed to compromise a number of organisations in this way; we have compromised PCs, user accounts, escalated privileges and have been able to move around the internal network infrastructure as if it was our own, in many cases for days on end without being detected.<\/p>\n<p>What can be taken from a well-planned phishing campaign? Performing regular attacks are vital, for both staff awareness within the workplace but also at home. Asking staff to apply the same level of security to workplace information as they would to their own benefits both the individual and the business. Ensuring that staff members have regular training and are aware of how to identify common phishing techniques will ultimately reduce the likelihood of a successful attack.<\/p>\n<p>As previously mentioned, phishing is now a well-established method of compromising organisations from an external perspective. Ensuring the necessary internal controls are in place is ultimately your best level of defence and it will go a long way in helping to reduce the effects of any phishing based attack.<\/p><p><br><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Arguably one of the biggest threats that businesses face today is phishing. With a greater understanding of external security, the criminal element is relying on phishing attacks as a method of compromising organisations and bypassing traditional defences. Additionally, phishing attacks are a common way of distributing malware such as ransomware. With off the shelf phishing [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[210],"class_list":["post-2824","post","type-post","status-publish","format-standard","hentry","category-researchblog","tag-social_engineering","wpbf-post"],"contentshake_article_id":"","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Phishing - Defence by Attack<\/title>\n<meta name=\"description\" content=\"Arguably one of the biggest threats that businesses face today is phishing. With a greater understanding of external security, the criminal element is\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing - Defence by Attack\" \/>\n<meta property=\"og:description\" content=\"Arguably one of the biggest threats that businesses face today is phishing. With a greater understanding of external security, the criminal element is\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2014-11-25T12:25:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-06T12:18:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/\"},\"author\":{\"name\":\"Dionach Admin\",\"@id\":\"https:\/\/dionach.com\/en-us\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8\"},\"headline\":\"Phishing &#8211; Defence by Attack\",\"datePublished\":\"2014-11-25T12:25:34+00:00\",\"dateModified\":\"2024-02-06T12:18:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/\"},\"wordCount\":515,\"publisher\":{\"@id\":\"https:\/\/dionach.com\/en-us\/#organization\"},\"keywords\":[\"social engineering\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/\",\"url\":\"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/\",\"name\":\"Phishing - Defence by Attack\",\"isPartOf\":{\"@id\":\"https:\/\/dionach.com\/en-us\/#website\"},\"datePublished\":\"2014-11-25T12:25:34+00:00\",\"dateModified\":\"2024-02-06T12:18:39+00:00\",\"description\":\"Arguably one of the biggest threats that businesses face today is phishing. With a greater understanding of external security, the criminal element is\",\"breadcrumb\":{\"@id\":\"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/dionach.com\/en-us\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Phishing &#8211; Defence by Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/dionach.com\/en-us\/#website\",\"url\":\"https:\/\/dionach.com\/en-us\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\/\/dionach.com\/en-us\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/dionach.com\/en-us\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/dionach.com\/en-us\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\/\/dionach.com\/en-us\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/dionachcyber\",\"https:\/\/x.com\/dionachcyber\",\"https:\/\/uk.linkedin.com\/company\/dionach-ltd\",\"https:\/\/www.instagram.com\/dionachcyber\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/dionach.com\/en-us\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8\",\"name\":\"Dionach Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"caption\":\"Dionach Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing - Defence by Attack","description":"Arguably one of the biggest threats that businesses face today is phishing. With a greater understanding of external security, the criminal element is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/","og_locale":"en_US","og_type":"article","og_title":"Phishing - Defence by Attack","og_description":"Arguably one of the biggest threats that businesses face today is phishing. With a greater understanding of external security, the criminal element is","og_url":"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2014-11-25T12:25:34+00:00","article_modified_time":"2024-02-06T12:18:39+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1","type":"image\/jpeg"}],"author":"Dionach Admin","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Written by":"Dionach Admin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/#article","isPartOf":{"@id":"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/"},"author":{"name":"Dionach Admin","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8"},"headline":"Phishing &#8211; Defence by Attack","datePublished":"2014-11-25T12:25:34+00:00","dateModified":"2024-02-06T12:18:39+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/"},"wordCount":515,"publisher":{"@id":"https:\/\/dionach.com\/en-us\/#organization"},"keywords":["social engineering"],"articleSection":["researchblog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/","url":"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/","name":"Phishing - Defence by Attack","isPartOf":{"@id":"https:\/\/dionach.com\/en-us\/#website"},"datePublished":"2014-11-25T12:25:34+00:00","dateModified":"2024-02-06T12:18:39+00:00","description":"Arguably one of the biggest threats that businesses face today is phishing. With a greater understanding of external security, the criminal element is","breadcrumb":{"@id":"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.com\/en-us\/phishing-defence-by-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.com\/en-us\/"},{"@type":"ListItem","position":2,"name":"Phishing &#8211; Defence by Attack"}]},{"@type":"WebSite","@id":"https:\/\/dionach.com\/en-us\/#website","url":"https:\/\/dionach.com\/en-us\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.com\/en-us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.com\/en-us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/dionach.com\/en-us\/#organization","name":"Dionach","url":"https:\/\/dionach.com\/en-us\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/","url":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8","name":"Dionach Admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","caption":"Dionach Admin"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-Jy","_links":{"self":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts\/2824","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/comments?post=2824"}],"version-history":[{"count":0,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts\/2824\/revisions"}],"wp:attachment":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/media?parent=2824"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/categories?post=2824"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/tags?post=2824"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}