"Social engineering phishing drill service" through the simulation of hacker email phishing attack means, the identity of the "man in black" through the platform to the enterprise designated user mailbox to send phishing emails, and the phishing success of the weak security awareness of the staff risk warning。Cooperate with corporate headquarters or security department to complete the vertical inspection of personnel safety awareness。The social engineering phishing drill service platform is composed of four parts: "Phishing drill display data visualization platform", "phishing email management and control platform", "phishing email case knowledge base" and "phishing work strategy knowledge base"。As shown in the picture:

(1) Fishing drill display data visualization platform: can conduct comprehensive visual display of drill data, while supporting detailed information viewing and data export functions;

(2) Phishing email control platform: Integrated management of functional modules can be carried out。According to the actual situation of the user, the special phishing email is customized and sent automatically according to the drill strategy;

(3) Phishing email case knowledge base: Collect various dimensions of hacking phishing methods to form a case knowledge base。

(4) Fishing strategy knowledge base: The detection target of the social engineering fishing drill object of the "Man in Black Program" can not only detect all employees of the enterprise, but also conduct customized tests for employees of the department。Work strategy tailored to customer needs。

Function introduction

Fishing situation distribution display

Multi-dimensional statistical analysis of phishing drill data, the establishment of network security ideology portrait。

Mail sending function

Select the phishing email template, set the email sending task, and complete the phishing email sending。

Send domain management

Users can customize the domain name through the platform. After the DNS resolution of the corresponding domain name is complete, a mail server for the domain name can be created。

Sender management

Through the mail sending platform, you can customize the prefix of the sending mailbox, which supports classification management。

Mail template

A large number of common phishing email templates are built into the platform. Users can also customize the email sending template, and the email template can customize statistical parameters to count the information of mail openers。

Mail delivery statistics

After an email is sent, the mail sending platform displays statistics on successful and failed email addresses by dimension and causes of sending failures by category based on the response status of the delivered email addresses. Data export is supported。

Phishing statistics

Specific parameters in the mail template are used to calculate the opening of an email, the clicking of an email link, and the downloading of an email attachment。

User management

The default Settings of the platform are super administrator and common users. The super administrator can view the statistics of exported email sending, email opening, and email click statistics, while common users can only view some real-time statistics of phishing platforms。

Data export

After clicking the function button, export all data reports that open emails or click links to the local computer, including account, time, IP, geographic location, browser and other information。

Solve the problem

Custom phishing emails

(1) Customize highly simulated spoofing domain names that are similar to the domain name of the unit

(2) Customize high attention email content for hot events, welfare, notification, and work deployment

(3) Customized for a large number of employees to send large areas of universal phishing emails

(4) Customize targeted whale fishing emails for key positions and key people

Safety education early warning

(1) Provide a general warning page, conduct a detailed analysis of the forged domain names and forged emails in the drill, and put forward warnings

(2) Provide educational alert pages to conduct popular education on common social work and fishing techniques and strategies

(3) Customize special warning education content according to the needs of the unit

Visual display of results situation

(1) Visual platform display, including: phishing email sending and receiving statistics, recruitment information statistics, distribution areas and other information

(2) Provide management functions for administrators to export statistics through the system

Result analysis and evaluation

(1) Conduct in-depth analysis of fishing drill results data

(2) Output phishing drill network security awareness report

(3) Provide horizontal comparative data analysis of the industry

It is widely used in party and government organs, enterprises and institutions to reduce network security risks, comprehensively strengthen network security ideology, and implement network security responsibility system。

Energy industry

Petrochina, Sinopec, CNOOC, National Energy Group, State Grid

Financial industry

Webank, Central Government Bond Registration and Settlement Co., LTD

Government department

Shaanxi Provincial Committee Network information Office, Xi 'an Municipal Committee network information Office

Other industries

China Tower, China Resources Group