FAQ - Get your answers here!

How can we help you?

Is mStorm a service or a product?

mStorm is a complex framework for sending large phishing campaigns. It has modules to create millions of mutations of e-mail pretexts, malware and phishing attacks. This framework is used by us to deliver our service: Testing your e-mail filters and your employees. Additionally mStorm offers a web based training, so those employess that were tricked by a phishing attack can be directed to the training immediately.

Can I purchase mStorm modules separately?

Of course you can. Each module can be booked as a separate service.

Do we run an mStorm test once or should we consider continuous testing?

Continuous testing is a good idea. Threats change from time to time. Also your filter settings might change and employees come and go. Especially for mStorm Awareness Meassurement repeated testing is very useful as employees are kept alert to phishing and malware threats.

Are the pretexts of the messages delivered by mStorm credible?

Indeed they are. Our template engine works on hundreds of different pretexts, categorized by type, and randomized at delivery time. The pretexts can be sent in different languages, depending on the natural tongue of the target base.

Why do I need to test my mail Filter Performance?

Security appliances are never a panacea. Configuration and policy errors might change the behavior of your filters in unexpected ways. Moreover, one thing are the attacks the filters claim to be preventing, another different thing are the attacks effectively blocked. mStorm FP helps your organization assessing the security posture of your mail filtering against simulated traffic that reflects the one you usually receive.

What type of attacks are simulated by mStorm FP?

In a few words, everything you can encounter in real-life. We generally discuss with your first to understand what kind of legitimate and malicious traffic you usually receive. Based on this information we collect and mutate data: For example from malicious Office documents in attachments or uploaded in Cloud drives, to reverse proxy and other sophisticated phishing setups. The malware delivered can be custom or based on existing/backdoored binaries, and can include sandbox bypassing, request filtering, bespoke covert-channels and other advanced techniques.

Is mStorm FP generating a lot of traffic? Is normal email functionality impacted?

No and No. The traffic amount, both in email count, attachment size and other factors is totally tunable to your needs. mStorm FP can simulate a few thousand email messages, as well as many millions, depending on the simulation type and statistical confidence. Since tests are done against dedicated email accounts on your infrastructure, other users are not impacted.


Read more about testing e-mail filters here!

Why is training users a good investment?

Knowledge is often the solution to many problems. Increasing the knowledge of your organization against phishing and malware threats drastically reduces the risk of being compromised, and increases the attack complexity making your organization less attackable by attackers.

Since most of the client-side attacks used during phishing rely on the target being unaware of potentially dangerous indicators or actions, training your user-base is critical to minimize their mistakes, while ensuring that incidents are escalated to the right security team. By training your users you minimize time spent on tracking incidents, alerts, and work discontinuity.

What are the key benefits from running the Awareness Training?

Running the training monthly or every trimester, it’s possible to build statistics of which departments fall the most for phishing, while teaching them how to spot dodgy e-mails, attachments and links. The e-mails delivered during the training are simulating real threats, and the user gets a detailed overview on how to spot similar messages. Every training delivery ends up with a quiz, meaning that the statistics include quiz completion timing and data, that can also be used to further analyze in which areas your organization needs more training.

More pragmatically which click rate drop can I expect after running the training for one year?

This strictly depends on the current security hygiene in your organization. However, we usually notice a significant drop of click rates of about 40%, and over 60% drop of users that are prone to submit credentials on harvesting pages. Note that click rates are also dependent on how the security team reacts to the first deliveries.


Read more about simulating phishing attacks and training employees!

Did we miss a question? Please let us know and send us your question!