What is Phishing?
Phishing is a criminal activity using Social Engineering techniques. “Phishers” attempt to fraudulently acquire sensitive information by masquerading as a trustworthy person or business in an electronic communication. The sensitive information that is being phished for can range from company credentials, private organizational data, competitive information, to personal information, credit card or financial details etc.

What is “Spear Phishing”?
Spear Phishing is a type of phishing attack that focuses on a single user or department within an organization. The email looks like it originates from someone in a position of trust within the company and requests user credentials or similar sensitive organizational information.

What is Phishnix?
Phishnix is a Phishing Diagnostic Solution that enables organizations to assess and improve their preparedness against social engineering and phishing attacks. The program runs a simulated phishing attack and tracks how each employee responds to that attack. It allows for user training by launching a security awareness module to educate and reinforce behavior aimed at avoiding social engineering risks.

What does “Teaching Moment” Feature include?
Spear phishing emails and other social engineering attacks pose threats to information systems. The teaching moment includes a customized learning experience that will inform and increase the awareness of all employees of an organization about such dangers. The Teaching Moment helps employees to recognize such threats and offers ways to counter them. The teaching moment gives employees the knowledge to protect themselves and the sensitive information that they are entrusted with. It conveys simple ways to identify and prevent security breaches and protect valuable data.

Who is behind Phishnix?
Phishnix is created and powered by Aujas, a Global Information Risk Management Company.

I have Anti-Phishing / Brand Protection Solution. Why do I need Phishnix?
Anti-Phishing or Brand Protection solution can help you detect and monitor phishing incidents related to your organization’s website, after the fact. But, increasingly sophisticated phishing attacks can expose your company’s sensitive information to malicious outsiders – and you may not even know it. This sensitive information may include custodial data (customer, health, credit or other personally identifiable data) or corporate secrets (trade secrets, business plans, sales forecasts etc.) which if compromised, may lead to brand/reputation loss or significant financial damage for your company. Aujas Phishnix helps arm your employees against such attacks and create a prioritized action plan to mitigate possible threats in a proactive manner.

Is it some kind of Anti-Phishing or Brand Protection Solution offered by Phishnix?
No, Phishnix is not an anti-phishing or brand protection solution. Generally Anti-Phishing or Brand Protection solutions provide monitoring and detection of phishing incidents. They take potential phish websites down and resolve an incident. Even with a Anti-phishing program phishing emails are still received in employees in boxes; which is why it is important to educate and train employees. Phishnix is a Phishing Diagnostic Solution that help organizations evaluate possible risks due to a lack of awareness toward social engineering or phishing attacks within the employee group.

Does Phishnix protect my organization or organizations’ website from Phishing attacks?
No, Phishnix is not a protection solution. It helps you evaluate preparedness of your employees against social engineering or phishing attacks and suggests appropriate remediation actions to mitigate such risk.

Do you store any sensitive information which might be collected during this exercise?
No. We are a information security company and understand the important of confidentiality. We respect the privacy of the customer organization and do not store any sensitive information collected during this exercise.

How many employees can be part of this exercise? Is there any limit on this?
There are no such limitations. We can include as many employees as you want to be a part of this exercise. We can also use different scenarios to target different groups inside the organization.

Where will you host the Phishnix Solution and Phish Website?
The Phishnix solution along with the Phish website will be hosted inside the client’s network and necessary access will be given for all the employees across branches / regions.

How do you ensure that you are not taking any sensitive information outside of the organization?
The employee responses to the phishing email will contain sensitive information. So, we do not store that information in our appliance. The only information we store is whatever data is needed to create the report for you, the client. At the end of the engagement we will remove all data from the appliance’s hard drive so no sensitive data will remain on the appliance. This will be given in writing to the company.

Phishnix Sounds Good to me. What’s it going to Cost?
We have very competitive pricing. Your cost will depend upon the number of employees and the frequency of the exercise you chose in a given year. Please call or write email to This email address is being protected from spambots. You need JavaScript enabled to view it. to get additional information about the product and pricing.

Does this assessment provide value to me in areas other than social engineering?
If an employee visits the phishing site and divulges sensitive information, there may be an issue with the company’s data loss prevention program. You may have to assess if the employees are aware of what can and cannot be divulged to others, what classification policy the company has, and the employee’s awareness to these programs / policies. By conducting this phishing diagnostic, you will gain a better understanding of the employees awareness and knowledge in these areas.