Phishing Evaluation

Introduction
After a phishing campaign has been completed, it is time to give the obtained data to the customer. Furthermore, most customers need a grade in order to explain to their superiors how bad the results have been.
Thus, you must provide your customers with an objective result based on a comprehensive analysis of the phishing campaign's outcomes.
Result analysis
First, let's assign some values to the actions appearing on GoPhis.
Phishing actions
Value
Open the email
1
Click on the email link
3
Write credentials on the phishing page
5
Then, obtain the highest value achieved in a phishing campaign and obtain a set of intervals in which the grades will be divided.
The highest can be achieved with the following formula.
MaximumScore=NumEmailsSent∗∑ScoreOfEachAction=NumEmailsSent∗8MaximumScore = NumEmailsSent*\sum Score Of Each Action=NumEmailsSent*8MaximumScore=NumEmailsSent∗∑ScoreOfEachAction=NumEmailsSent∗8
After that, assign the percentages of victims required to obtain a certain grade, as can be seen in this table:
Business Size (BS)/Intervals
100000 Employees
10000 Employees
1000 Employees
100Employees
10 Employees
Excellent
0,20%
1%
1%
%1
10%
Acceptable
0,35%
1,5%
3%
5%
20%
Improvable
0,5%
5%
5%
10%
30%
Unsatisfactory
1%
10%
15%
20%
40%
Each value represents the maximum number of employees who must complete every action that makes up the phishing campaign to obtain the security level.
For example, a company with between 1,000 and 10,000 employees must have a maximum of 1% of employees completing all actions to be considered to have an excellent level of security.
After that, the intervals are determined using the following formula:
Level
Interval
Excellent
[0 , MaxScore*BS[Excellent] [
Acceptable
[ MaxScore*BS[Excellent] , MaxScore*BS[Acceptable] [
Improvable
[ MaxScore*BS[Acceptable] , MaxScore*BS[Improvable] [
Unsatisfactory
[ MaxScore*BS[Improvable] , MaxScore*BS[Unsatisfactory] [
Deficient
[MaxScore*BS[Unsatisfactory], MaxScore ]
The value of the phishing campaign is calculated with the following formula:
PhishinScore=∑PhishingActions(ActionValue∗NumberOfVictims)PhishinScore=\sum_{Phishing Actions}(ActionValue*NumberOfVictims)PhishinScore=PhishingActions∑​(ActionValue∗NumberOfVictims)
Finally, you only have to relate the score to the interval to obtain the grade.
Phishing Evaluation Template
Because this explanation may have been a bit complicated to implement, I have prepared a spreadsheet for you to play around with.
Phishing_score_calculator.ods
39KB
Binary

Phishing actions	Value
Open the email	1
Click on the email link	3
Write credentials on the phishing page	5

Business Size (BS)/Intervals	100000 Employees	10000 Employees	1000 Employees	100Employees	10 Employees
Excellent	0,20%	1%	1%	%1	10%
Acceptable	0,35%	1,5%	3%	5%	20%
Improvable	0,5%	5%	5%	10%	30%
Unsatisfactory	1%	10%	15%	20%	40%

Level	Interval
Excellent	[0 , MaxScore*BS[Excellent] [
Acceptable	[ MaxScoreBS[Excellent] , MaxScoreBS[Acceptable] [
Improvable	[ MaxScoreBS[Acceptable] , MaxScoreBS[Improvable] [
Unsatisfactory	[ MaxScoreBS[Improvable] , MaxScoreBS[Unsatisfactory] [
Deficient	[MaxScore*BS[Unsatisfactory], MaxScore ]

Gophish (Phishing)

BoF - Windows(x86)

Last modified 2mo ago