Company Confidential ©The AntiSocial Engineer Limited Page � of �1 9

The AntiSocial Engineer Limited Professional Services Brochure

PaaS – Phishing-As-A-Service

�Overview of Phishing-As-A-Service (PaaS) 3Client User Setup 4Email Template Design & Portal Design 5Post Click 6Credential Harvesting 6Reporting 7Data Transfer and Storage 8Data Assurance 9

For Public Distribution ©The AntiSocial Engineer Limited Page � of �2 9

�Overview of Phishing-As-A-Service (PaaS)PasS brings a high-quality phishing service to the hands of your business and can be scaled out in plans suitable for your testing needs. A one off setup fee per organisation, per year, is charged and unlimited phishing assessments can be conducted at no extra charge on a DIY basis.

Our managed platform offers: • Full Phishing portal setup • Unlimited* Phishing Emails (*Fair use applied <500,000 P/A) • Includes 5 company bespoke designs for phishing emails • Includes 3 company bespoke phishing portals • Individual VPS that has been hardened and is regularly tested • Full documentation and support • Free phishing domain name of your choice

For Public Distribution ©The AntiSocial Engineer Limited Page � of �3 9

�Client User Setup Before a phishing portal is ready for use, you will need to load in your employee email list - people that will be receiving phishing emails. The platform offers a full directory management system and will allow the upload of .CSV files to make this an easy task. Additional users can be added to the system by single entry or mass upload. Easy user deletion is supported along with user search functionality.

For Public Distribution ©The AntiSocial Engineer Limited Page � of �4 9

�Email Template Design & Portal DesignWe dynamically evolve our template creation based upon our findings and investigation into your organisation. For instance if your organisation uses a certain kind of SSL VPN we will look to fraudulently clone that exact brand and version, making our PaaS platform realistic. Users of the platform can select templates from our catalogue and these will be pre loaded in the portal on your behalf. On top of the default email templates we will also provide up to five bespoke templates made for your organisation.

For Public Distribution ©The AntiSocial Engineer Limited Page � of �5 9

The PaaS platform will also clone login portals discovered on the internet, in addition we will work to supply up to three company bespoke landing pages (phishing portals). These pages will aim to deceive staff into handing over their login credentials. Users can also modify and create new templates easily.

�Post ClickWith so many companies focusing on the click rate alone ‘post click’ can often be overlooked. When a staff member clicks a link in your assessments you have the choice to guide them to:

• An educational landing page to alert them to the dangers of Phishing.• A cloned and indistinguishable login portal, designed to capture staff credentials.• Staff Intranet page

No matter what they do, each interaction is logged and reported.

Credential HarvestingWe offer the chance to obtain staff credentials from the assessment for audit purposes. We can try and warn again account re- use elsewhere - employees that use their work credentials on third party sites.

We can also obfuscate these details so we do not actually receive the password, but we get confirmation one has been submitted.

For Public Distribution ©The AntiSocial Engineer Limited Page � of �6 9

�ReportingWe can provide an in depth comprehensive report authored by our principal consultant and social engineering expert. Our reports stand out from the crowd and offer brake downs on remediation, insights discovered during the assessment and technical reporting. This an additional service and is not included in this package.

The framework will provide users directly with a detailed spreadsheet on data and events.

For Public Distribution ©The AntiSocial Engineer Limited Page � of �7 9

�Data Transfer and StorageInformation security is paramount when working with client data, this is why we always ensure each project is accompanied with a data check sheet that will explain how we intend to process data you provide and how we store this data. EU/GB Data zones can be requested.

• Single tenancy phishing user database.• Web application and hosting server is regularly updated, scanned and tested.• Secure methods of direct data transfer, such as SFTP or we can support your organisations solution.• User data transferred over TLS/SSL at all times.• User login can be restricted by location, IP or user.

For Public Distribution ©The AntiSocial Engineer Limited Page � of �8 9

�Data AssuranceWe use UKCloud for our core infrastructure and ensure your data is kept in a safe manner. UKCloud offer the following assurances:

• HMG Accredited ‘Official’ and ‘Official Sensitive’ Data centres• External IT Security Health Check• ISO 9001• ISO 20000• ISO 27001• ISO 27018• Cyber Essentials Plus Scheme

All customer data is housed in specially designed data centres, designed for HMG clients.

For Public Distribution ©The AntiSocial Engineer Limited Page � of �9 9