Focus Topic: Phishing
Phishing
the human as the entry point.
Over 90% of all successful cyberattacks begin with a phishing email or social engineering attack. machCon trains your employees to safely recognise these threats and respond correctly.
Fundamentals
What is Phishing?
Phishing is a type of fraud in which criminals attempt to steal confidential information such as passwords, credit card details or login credentials for company systems.
Attackers send messages that look deceptively like communications from trusted sources — such as banks, well-known online services or even internal colleagues. Victims are lured to fake websites or persuaded to reveal sensitive data.
To protect yourself, you should be particularly suspicious of unexpected messages containing links or file attachments, even if the sender appears familiar. Technical measures alone are not enough: human judgement is the last line of defence.
Attack Vectors
The Most Common Phishing Types
Email Phishing
Mass distribution of fake emails leading to deceptively real-looking websites that prompt users to enter login credentials.
Spear Phishing
Targeted attacks using personal information about the victim for high credibility — e.g. name, role, colleagues.
Whaling
Spear phishing specifically targeting executives and decision-makers — for example, fake payment orders.
Smishing
Phishing via SMS — such as fake parcel notifications, bank warnings or authority messages on mobile phones.
Vishing
Attacks by phone. Perpetrators pose as IT support, banks or authorities to extract login credentials.
Platform Attacks
Fake notifications via Microsoft Teams, Zoom, Outlook, WebEx, Citrix or Google Meet as an entry point.
Our Services
Phishing Simulation & Awareness
Phishing Simulations
Controlled, realistic phishing attacks on your organisation, with detailed reporting and evaluation.
Awareness Training
Practical training for all employees, online or on-site — with real examples that stick.
E-Learning Modules
Scalable online modules for the entire organisation — completed flexibly and with documented proof.
Spear Phishing & Vishing
Targeted tests at management level and telephone-based social engineering attacks (vishing).
Evaluation & Reporting
Detailed reports with click rates, departmental comparisons and concrete recommendations for action.
Repeat Cycles
Continuous awareness programmes throughout the year — security is built through regular training.
Our Approach
How Do We Help You Achieve Your Goals?
Phase 1: Initialisation
Joint definition of scope, attack vectors and timeline. Alignment of all technical and organisational requirements.
Phase 2: Build-Up & First Attacks
Building the simulation infrastructure, spam tests, execution of the 1st and 2nd attack scenarios with subsequent reporting.
Phase 3: Mid-Point & Analysis
Status analysis at the halfway point, execution of the 3rd and 4th attacks with individual reports and trend comparison.
Phase 4: Conclusion
Final report with overall evaluation, improvement measures and recommendations for the next steps.
Test Your Employees Before Attackers Do.
Book your non-binding consultation and find out how a phishing simulation at machCon works.