Phishing 

Many attackers use a phishing attack, convincing employees to give up credentials, and then take advantage of weak or default passwords on remote services to gain initial access to the network.

The engagement team sends email requests for information that appear to come from a legitimate source. Through the use of a false “from” address, and sophisticated stylistic touches (e.g. logos and professional looking graphics), phishing emails have the genuine look and feel of a message that recipients might expect to receive from a person or a company with whom they do business.

Typically, the message requests the recipient to verify or reconfirm confidential personal information such as account numbers, user names, passwords, and other sensitive information.

To provide a sense of urgency, the email may indicate that the recipient’s account will be suspended or cancelled if the information is not verified by a certain date.

The engagement team directs the phishing attacks at high-risk targets such as:

• Employees likely to have access to sensitive or confidential executive-level information where successful compromise could result in a data breach.
• Employees likely to have access to patient information where a successful compromise could result in a data breach.
• Employees likely to have access to critical systems or infrastructure where a successful compromise could result in a data breach.