Simulation Report (Summary  
 

 
Prepared by: Cyber Security Specialists ​(on behalf of ​usecure​) 
5th June 2020  
 

   

 
 

Contents 
1. Introduction 
2. Executive Summary 
3. Approach  
4. Simulation Results 
5. Recommendations  

 
   

CONFIDENTIAL
1 
 

Executive Summary  
Hooli have been concerned about the increased threat from email phishing and what this could 
mean for their staff and organisation. To combat this, Gavin Belson, CEO at Hooli, agreed a 
programme of work with usecure to run a series of mock phishing simulations on the Hooli staff 
base. These simulations encompassed a number of approaches commonly used by cyber 
criminals to best imitate a real world cyber-attack and provide actionable results for Hooli senior 
management. It is understood that only Gavin Belson of Hooli was aware that this exercise was 
undertaken.   

The results of the simulations were varied. The templated phishing attack, which impersonated 
an email from Microsoft, was opened by 85% of Hooli users but the attack was unsuccessful as 
only 9% of users divulged any login credentials. This is a positive outcome which shows that 
Hooli users have a good basic understanding of the more common forms of phishing attack.  

The spear phishing attack, which used a bespoke Hooli branded ‘Xmas IT Audit’ template, 
yielded the most concerning results: 60% of users clicked on the malicious link and entered their 
user credentials. The impact of this type of compromise can be severe. These employees have 
unknowingly provided their login credentials for their Workstation and Email accounts to a 
malicious actor (or cyber-criminal) who could, if motivated, use them to perform a number of 
nefarious acts which could lead to confidential corporate and client information being 
compromised. 

The impact of a successful spear phishing campaign such as the one demonstrated in this 
simulation could be devastating for Hooli. Such attacks can lead to loss of revenue, reputational 
damage, financial theft, loss of data, loss of customers and also regulatory fines.  

Based on the output of the two phishing simulations, a number of recommendations have been 
made within this report to improve the security posture of Hooli and its employees. 

   

CONFIDENTIAL
2 
 

Introduction 
Hooli was established in 1997 and is one of the world’s biggest brand names, helping users 
throughout the world connect on their market leading operating system.  

Hooli is concerned about the increased threat from email phishing and what this could mean to 
their staff and organisation. To combat this, Gavin Belson, CEO at Hooli, has agreed a programme 
of work with usecure to provide a managed service in running a series of mock phishing 
simulations on the Hooli staff base. These simulations will encompass a number of approaches 
used by cyber criminals to best imitate a real world cyber-attack. 

Usecure have worked in partnership with Cyber Security Specialists, a Manchester based Cyber 
Security Consultancy, to analyse the findings of the phishing simulations and deliver this report to 
Hooli.  

Usecure 
Usecure are a team of industry, commercial and technical experts, committed to delivering a 
leading, user-focused security platform to businesses of all sizes and in all industries, because we 
understand that cyber-crime can affect anybody. 

Cyber Security Specialists 

Cyber Security Specialists provide expert and bespoke Cyber Security Consultancy services 
across a wide range of markets, from multi-national Corporate Organisations and Government 
Agencies, through to smaller businesses that want to develop strong security strategies to 
support their business growth.   

 
 

CONFIDENTIAL
3 
 

Approach  
The success of any phishing campaign, legitimate or simulated, is to mislead the user base into 
believing that the email received is genuine and from a trusted sender. To provide the most 
realistic simulation and uncover the true areas of risk within Hooli, usecure adopts a two-pronged 
methodology which includes both templated and spear phishing attacks: 

Templated Phishing Attack  

This is the most common form of phishing attack and one that all users of email are likely to be 
familiar with. The emails are created to look like they have come from a reputable vendor, for 
example Apple, Microsoft or PayPal. There will typically be a call to action and a request to click 
on a link, but doing so can result in the loss of personal data or the infection of your computer 
with malicious software. 

Spear Phishing Attack 

This attack is more sophisticated and will typically be researched beforehand using social 
engineering techniques. These techniques allow the attacker to better understand the target and 
create an email that will have a higher chance of success. Spear phishing attacks are generally 
considered more of a risk to businesses as they are harder for employees to spot if not properly 
trained. 

This two-pronged approach allows usecure and Hooli to truly gauge the cyber security posture of 
Hooli staff in the defence against phishing threats. 

The simulated phishing campaign ran over the course of 3 months from December 2017 to 
January 2018 and targeted 300+ Hooli employees. It is understood that only Gavin Belson of 
Hooli was aware that this exercise was undertaken. 

   

CONFIDENTIAL
4 
 

Templated Phishing Attack - Microsoft change password 

▪ Month started – October 2017 
▪ Month completed – November 2017 
▪ Targets – 316 Hooli employees 
▪ Domain - noreply@microloft.net 

As shown in the figure below, Hooli employees were sent a phishing email disguised as 
legitimate Microsoft email asking them to change their account password. The email is sent from 
an imitation domain which looks similar to one that Microsoft would use to provide a sense of 
assurance that the email is genuine. 

 
 

CONFIDENTIAL
5 
 

If an employee clicks on either of the two links contained within the email they are taken to a fake 
login page and asked to enter their email address and password, as shown in the figure below: 

CONFIDENTIAL
6 
 

Spear-Phishing Attack - Xmas IT Audit 

▪ Month started - December 2017 
▪ Month completed – January 2018 
▪ Targets – 330 Hooli employees 
▪ Domain - ritaB@Hooli.it5upport.co.uk 

As shown in the figure below, Hooli employees were sent a second, more targeted email 
impersonating Rita Book, the Social Media Manager of Hooli. The email signature is a simple 
screen grab of Rita’s actual email signature and it appears as a large image rather than text. The 
intention was to create a ‘real life’ business situation which is time limited and business critical. 
With this goal, a request for information on the upcoming Xmas party was used, with all users 
being asked to provide their email and login information before the end of the weekend. 

CONFIDENTIAL
7 
 

Once the link is clicked on, users are taken to a credential harvest page which asks them for their 
email address and password. The page is branded with the Hooli logo which is freely available 
from a Google image search or the Hooli website. 

 
 

CONFIDENTIAL
8 
 

Results  

Templated Phishing Attack - Microsoft change password 

The results from the templated phishing attack using the Microsoft change password template 
yielded the following results: 

The results are positive, although 85% of users opened the email, this does not present a risk to 
the organisation as only 28% clicked on the links within the email and visited the fake login page. 
Overall, only 9% of users were compromised by entering their login credentials. 

However, although only 9% of users were compromised, 28% of users still clicked on the link 
within the phishing email. In this instance, users were directed to a credential harvesting web 
page, however, in a real world attack the link could just as easily lead to a malware infection by 
triggering the automatic download of malicious software. 

CONFIDENTIAL
9 
 

Spear-Phishing Attack - Xmas IT Audit 

The results from the spear phishing attack using a bespoke company branded ‘Xmas IT Audit’ 
template yielded the following results: 

The results are less positive as 89% of users opened the email, with 60% of users clicking on the 
link and entering their user credentials.  

The impact of this type of compromise could be severe. The compromised employees have 
unknowingly provided their login credentials for their Workstation and Email accounts to a 
malicious actor (or cybercriminal) who could use these details to perform the following nefarious 
acts: 

▪ In this section of the report we disclose the possible implications of the results from the 
phishing simulation. The results differ dependent on the size and industry of a business, 
below are some examples of the area we look at:​. 
o Impact on Business operations, including short term at the onset of a breach, to long
term ramifications.
o Data loss, potential impact of what this would mean to the business. 
o Client impact, revenue drop, client loss, impact to brand and reputation. 
o Compliance, potential to become non-compliant if a breach is investigated.
Dependent on the industry and compliance requirement. 

CONFIDENTIAL
10 
 

o Fines, the resulting financial implications from a breach following an investigation. 

Results Summary 
The figure below summarises the results of both phishing campaigns: 

•Mock report for example purposes  

•A full breakdown of engaged users can be provided in separate .csv upon client request. 

 
 

CONFIDENTIAL
11 
 

Recommendations 
Phishing attacks have become one of the most prevalent threats to organisations in recent years 
and there is no sign of this changing anytime soon. The number of phishing scams are increasing 
significantly and the tools and techniques used by cyber criminals have become more and more 
sophisticated. It is very difficult for organisations to completely mitigate the risk of phishing 
attacks due to the nature of the attack, however, Hooli can certainly reduce the risk of a 
successful attack by implementing a defence in depth strategy. Defence in depth is an 
information security concept in which multiple layers of security controls are placed throughout 
an organisation to protect against cyber threats. These controls consist of People, Processes and 
Technology. 

Based on the output of the two phishing simulations, the following recommendations are made 
within this report to improve the security posture of Hooli and its employees. 

Recommendation 1​ - ​Infrastructure - We recommend best practice approach to implementing a

secure infrastructure and the areas for consideration around that. 

Recommendation 2 ​- People - We provide advice on how to implement or improve on building a 

Security Awareness programme. 

Recommendation 3 ​- ​Policy - Here we offer recommendations on business policy that should be

implemented. 

Recommendation 4 ​-​ ​Software - We provide best practice guide on software that can be used to 
strengthen security and cyber resilience. 

Recommendation 5 ​- ​Frameworks - We list applicable frameworks that the client can work towards
which will help with their security profile, also advice on how best to implement the project from a
high level.

Recommendation 6 ​- Culture - We offer advice on implementing a culture of security within the

business and how that is best adopted.

•All recommendations are specific to the business in the report and as such not all areas in the
example may be included.

CONFIDENTIAL
12