|
|
|
|
|
|
by createdapril24
1886 days ago
|
|
|
The former _only_. I'm usually not testing only whether employees are easy to phish (the answer is pretty much 100% yes). I'm testing end-to-end: can you as a company prevent me from phishing through email protections? Can you detect when I'm phishing your employees? Will your employees report potential phishing emails? Can you figure out (without me telling you) which employees were targeted and which attacks were successful? Can you figure out which credentials/machines would need to be quarantined/rotated/examined? |
|
|
Even more fun if you were allowed to social engineer your way into the office and steal someone's powered on not-screenlocked laptop :-)