Karriere.at - Testing employee phishing awareness
Category
Solutions
Industry
Reading time
The project
Offensity Security Monitoring
Offensity Security Monitoring scans the web servers of the career portal for possible vulnerabilities.
Email campaign
A large group of employees was confronted with an email campaign aimed at accessing sensitive data.
Phishing calls
Phishing calls were made to four high-value targets– senior employees or people who hold sensitive customer information.
Evaluation and recommendations
A1 Digital evaluated the data obtained from the Social Engineering Assessment and provided the result with recommendations for further steps.
“As part of our company's tailored and realistic social engineering approach, A1 Digital has not only provided us with an exceptionally good data base, but has also provided us with detailed analyses and actionable items for the management level, which lead to appropriate training for our employees."
About karriere.at
karriere.at is Austria's largest career portal with up to 4.9 million monthly visits. 80 percent of Austrians are aware of karriere.at. The market leader in online recruiting connects suitable candidates with the best employers. Job-seekers can successfully find suitable jobs and companies on karriere.at and can also be discovered by employers. Interested parties also gain insights into the working world of companies on company profiles. The job advertisements reach thousands of job seekers and cover the individual recruiting needs of the companies easily and conveniently. Founded in 2004, the owner-managed company employs almost 190 people in Linz and Vienna.
The handling of thousands of current job offers repeatedly presents karriere.at with the challenge of protecting these sensitive data and services in the best possible way. Accordingly, great emphasis is placed on the topic of security at karriere.at. In order to test the level of awareness of the employees of a potential hazard and to raise awareness of the danger potential, karriere.at has opted for a social engineering campaign. A1 Digital International GmbH was commissioned to carry out the Social Engineering Assessment, which with its Offensity Security Monitoring already scans the web servers of the career portal for possible vulnerabilities.
Social Engineering Assessment for karriere.at
As part of the two-pronged social engineering approach, a large group of people was staggered into user groups and confronted with an email campaign aimed at accessing sensitive data (especially usernames and passwords) via fake websites. To do this, A1 Digital set up a phishing website to collect credentials and sent a phishing email to the target audience email addresses provided by karriere.at. The response by employees to the e-mail should be determined in order to derive and improve the awareness phishing of the employees concerned.
At the same time, phishing calls were made to four high-value targets– senior employees or people who hold sensitive customer information. The fake phone calls were aimed at obtaining in-house information or customer information and were made by an A1 Digital employee posing as an employee or customer. Finally, A1 Digital evaluated the data obtained from the Social Engineering Assessment and provided the result with recommendations for further steps to minimise the identified risks as soon as possible in the form of a PDF document.