Phishing campaign

Ziwit Consultancy Service for your manual audits and pentests

A corporate phishing awareness campaign aims to educate employees to recognize fraudulent emails, preventing information leakage and thereby protecting the company from cyberattacks.

Phishing: What is it?

Phishing is a technique used by cybercriminals to hack into the computer systems of companies, organizations or individuals.

It encourages Internet users to divulge sensitive information such as :

  • Bank details.
  • User IDs.
  • Passwords.
  • Personal or confidential information.

Phishing enables :

  • Data theft.
  • Extortion of money.
  • Ransom demands.
  • Spread computer viruses.
  • Infiltration of computer networks.

The different forms of phishing

Phishing takes many forms:

The different forms of phishing


Hackers call the victim directly in the name of the government, a utility or their bank to convince them to share personal or confidential information.

Session hijacking

This is a complex technique enabling a cybercriminal to access a company server and steal all the data stored on it.


94% of cyber attacks are triggered by a phishing e-mail with a clickable link. This is the most frequent and most dangerous form of phishing. The email contains a link or attachment which, once opened, can be used to steal sensitive information or infect a computer with malware.

Phishing by e-mail
Phishing by phone

Phishing via cell phone

Malicious links can be sent by SMS, voicemail or via social networks, infecting the cell phone with malware to steal personal information.

Content injection

A familiar website can become dangerous if infected by malicious content. This content often takes the form of a link or pop-up window on the site, redirecting users to a secondary website. The aim is to trick the user into providing personal information.

Fake website

Attackers create fake websites that resemble authentic ones, with the aim of deceiving users and stealing their identity. The user, thinking he or she is accessing a legitimate site, is unfortunately exposed to the risk of identity theft.

Spear Phishing

Spear phishing, also known as personalized phishing, is a personalized attack technique targeting specific individuals and organizations.

The difference between personalized and general phishing

It's crucial to understand the distinction between spear phishing, also known as personalized phishing, and general phishing. Both types of attack are used by cybercriminals to steal sensitive information.

General phishing attacks involve sending attacks in an untargeted manner to capture large amounts of confidential data that users may share.

By contrast, spear phishing, or personalized phishing, as the name suggests, is directed specifically at one person. This is a highly targeted attack, where hackers often pretend to know their victims intimately in order to convince them that they are part of their circle of acquaintances, such as customers, suppliers, work colleagues, etc.

According to APWG, for the first time in 2022, the number of phishing attacks peaked at 1 million in the first quarter, with over 600 brands targeted each month.

Spear Phishing

The two subsets of spear phishing

  • Whaling attacks particularly target high-profile individuals such as politicians, celebrities, senior executives, etc.
  • Corporate email intrusion is a technique primarily targeting employees. Hackers pretend to be senior executives to trick employees into paying false invoices, transferring money or divulging confidential information.

Corporate phishing

Phishing is now the primary cause of information system compromise. Indeed, it enables bypassing the existing security measures by targeting the human element, known as social engineering.

Companies can set up a phishing campaign. This initiative aims to assess the maturity of their employees and collaborators in the face of concrete, realistic phishing attack scenarios. It also aims to improve the robustness of their IT security by raising awareness through action.

The main objective is to anticipate and make employees aware of the risks of phishing, encouraging them to adopt good practices in the event of receiving a suspicious e-mail.

Given that 90% of phishing-related security breaches are the result of human error, it's vital to carry out a preventive phishing campaign.

Having explored the impact of phishing on businesses and the importance of awareness campaigns, it's essential to take our thinking a step further by asking: what is personalized phishing, and why opt for such a campaign?

Why a personalized phishing campaign?

Personalized phishing works like this: hackers create tailored attacks for a specific target by posing as someone trustworthy.

Employees are frequently exposed to cyber-attacks within companies. They may be more likely to click on a link or provide information if the campaign appears to be genuine.

A personalized phishing campaign can be harder to detect than a generic one. Cybercriminals use real or readily available information about a company to personalize their attacks.

Employees may be more likely to click on a link or provide information if the campaign appears to be genuine. So a personalized phishing campaign is an effective way of showing employees what these attacks look like, and how they can be deceived.

To do this, our experts create e-mails imitating one of your customers or suppliers, with the aim of retrieving their data via a fake personalized page. By sending simulated phishing e-mails to employees, companies can measure how many of them click on malicious links or provide sensitive information.

This enables companies to understand the gaps in their IT security training and implement additional security measures to better protect their business.

Phishing campaign by Ziwit

  1. Ziwit has been specializing in offensive cybersecurity for over 10 years.
  2. Our company has a team of experienced cybersecurity experts capable of simulating phishing campaign scenarios related to your business, the applications you use, your employees, your software, your customers and so on.
  3. One of our experts will be with you every step of the way.
  4. At Ziwit, we guarantee that all sensitive information concerning your company and employees remains strictly confidential.
  5. Our experts are certified by numerous organizations, including PASSI certification issued by ANSSI.

How a phishing campaign works by Ziwit

A phishing by Ziwit campaign is divided into 4 in-depth phases.

The 4 different phases of a phishing campaign

This personalized approach is based on a number of different stages to strengthen your organization's security:


Phishing campaign approach

The first phase concerns the design of the company's phishing campaign, and consists of two essential steps:

  1. The first stage involves selecting the target that represents a potential security risk for the company.
  2. The second stage involves defining the objectives, with the aim of testing the company's vulnerability.

Creating content and achieving objective

Content must be tailored to the target audience, and can include names, titles and other personal information to make the campaign more credible. We can, for example, create page templates similar to the applications you use, or build a specific Ziwit technical stack.


Reporting and results analysis

At Ziwit, our experts provide companies with reports after identifying the results of employees who have clicked on malicious links or provide sensitive information. This is designed to help them better understand the risks associated with phishing.


Phishing awareness training for employees

Finally, we support managers in raising awareness among their staff by communicating phishing awareness kits tailored to their specific contexts (staff departments, working methods and practices, level of IT security maturity, etc.).

The benefits of a phishing campaign run by our experts

The advantages of a phishing campaign can be summed up in five main points.

Phishing Campaign Advantages

Reducing the risk of data theft

By raising awareness and training your employees to be more vigilant and attentive in the face of phishing attempts and cyber-attacks, you help protect your sensitive data and strengthen your employees' resilience.

Customized phishing scenarios

To protect your IT system, our team develops customized phishing scenarios to simulate real attack conditions. This enables your teams to prioritize their actions to improve your protection and strengthen your information system.

Targeted phishing campaign

Our teams tailor a targeted phishing campaign to meet your company's needs, whether you have 10, 100 or 1,000 employees. Our teams work with your IT department to design the most appropriate scenarios. These can be adapted to suit your departments, locations, or the specific risks associated with your business sector.

OSINT investigation & exposed data collection

Our OSINT (Open Source Investigation and Passive Analysis) department is systematically involved in our phishing campaigns. The aim is to evaluate the exposed information about your company that could be used by hackers to phish your employees.

Detailed phishing campaign reports and statistics

We provide detailed reports for each phishing campaign carried out. These reports detail all actions taken by employees, such as :

  • Open rate.
  • Click-through rate.
  • Number of hijacked logins.
  • Number of passwords entered.

These results will enable you to identify areas at risk, so that you can carry out targeted awareness campaigns within your infrastructure.

Would you like to run a phishing campaign for your employees? Contact our ZIWIT CS experts today.

Phishing Campaign Report

Are you planning a phishing campaign?

Our team of IT security experts is at your disposal. They can create a phishing campaign tailored to your needs and your company, to assess and raise awareness among your employees and collaborators.

Your satisfaction and security are our priorities. Contact us

Contact us!

+33 1 85 09 15 09