Gone Phishing: Opportunity Identified to Improve Email Security (case study)

Client Profile

Asset Holdings: $1.5 billion
Industry: Financial Institution
Geographic Footprint: 30+ Locations

CBIZ's social engineering exercises can help your organization improve its cybersecurity protection.Issue

Email phishing can provide outside parties an entry point to sensitive information. A bank enlisted CBIZ MHM to test its email security protocol and determine if the procedures offered adequate protection.


Our social engineering team designed a website that mirrored the bank’s website and registered a domain name that was similar to the bank’s. We sent an email to employees asking them to access a new human resources vacation request system by clicking the link to the false website.

To log in to the website, employees were asked to provide their Windows username and password. More than 40% of employees who received the email clicked the link and provided their complete login credentials. Some employees forwarded the email to others who were not part of the test.

We reviewed our findings with bank management and provided a report that included the results of the social engineering exercise, the severity of the risks found and recommendations for how to improve training related to email phishing threats.


Email phishing is one of the most common precursors to a large scale data breach, which can cost organizations up to $150 per compromised record. The high participation rate in the test indicated that the bank had a serious weakness with its email security. Our recommendations helped the bank mitigate the potential risk and expense of a breach and address some of its larger cybersecurity threats.

Mitigating Your Risks

Learn more about how our team’s comprehensive social engineering assessments help you mitigate threats to your information security.

Download our case study

Copyright © 2016, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).

Gone Phishing: Opportunity Identified to Improve Email Security (case study)An email phishing social engineering exercise indicated a financial institution needed to improve its cybersecurity protocol....2016-04-21T19:49:00-05:00

An email phishing social engineering exercise indicated a financial institution needed to improve its cybersecurity protocol.

Risk MitigationRisk Advisory Services