Email Phishing: Corporate Account Takeover Simulation

PTEF-Aligned:Profile → Tailor → Simulate → Evaluate → Evolve

Threat Narrative

Attackers routinely target employees with realistic emails that mimic trusted workflows (password resets, shared documents, invoice approvals, HR updates). The goal is to trigger unsafe actions—clicking malicious links, entering credentials, or bypassing reporting channels—leading to account takeover and lateral movement. Cyberorca simulates these scenarios under written client authorization to validate human resilience, email security controls, and the organization's ability to detect, report, and respond.

How Cyberorca Runs This Service

Governance applies across all phases.

1

Profile & Scope

Targeting & Risk Scoping — Define approved departments, difficulty level, timing windows, and "do-not-target" groups. Confirm legal/HR guardrails and escalation paths.

2

Tailor Scenarios & Controls

Scenario Design (Realistic, Not Abusive) — Create business-relevant scenarios aligned to the client environment without coercive or harmful content.

3

Simulate (Controlled Execution)

Controlled Campaign Execution — Launch from client-approved sending infrastructure/domains with safe landing pages. Monitor live with a kill switch and escalation procedures.

4

Evaluate (Telemetry & Reporting)

Safe Telemetry & Reporting — Measure click/report/repeat exposure using minimal data. No real credentials are collected or stored—ever.

5

Evolve (Remediation & Hardening)

Remediation & Continuous Improvement — Role-based micro-training, executive reporting, and remediation actions; repeat with progressive difficulty.

Metrics & Outcomes

Click/Interaction Rate (by role/department and scenario type)
Report Rate (who reports)
Repeat Exposure Rate (users who fail across multiple waves)
High-Risk Group Index (finance, HR, procurement, IT)
Program Trendline (improvement across waves; not a one-time score)

Governance & Ethics

  • Written Authorization & Scope Control
  • No Harmful Payloads: no malware, no exploits, no credential harvesting; credential entry is simulated and never stored
  • Data Minimization & Retention: RBAC, audit trails, defined retention
  • Compliance Alignment: supports audit-friendly awareness and reporting controls

Engagement Model

Baseline Assessment (2–4 weeks): 1–2 waves + hotspot report + remediation plan 90-Day Awareness Sprint: monthly waves + micro-training + trendline reporting Continuous Program (Annual): monthly/quarterly simulations + exec scorecards + continuous improvement of email controls