Social Engineering Testing


Social engineering testing relies on exploitation of factors in the human nature, typically by attempting scams on a company’s employees. In addition when security policies and practices are implemented by management, social engineering would test the adherence of the employees to those policies. Therefore the company would also be able to check the consequences from the activities of a disgruntled employee, willing to steal corporate information by exploiting critical systems. For instance testers might send an email pretending to be someone from the management, asking the employee to open an attachment, provide sensitive information or visit a malicious website. After that a tester might call employees pretending to be from the IT staff, asking the employees to perform specific actions with their passwords. Companies often perform social engineering test in combination with security awareness training program. SoCyber performs the following activities during a social engineering campaign:

Methodology

  • Attempt Social Engineering by Vishing
  • Attempt Social Engineering Using E-Mail
  • Attempt Social Engineering by Using Traditional Mail
  • Attempt Social Engineering in Person
  • Attempt Social Engineering by Dumpster Diving
  • Attempt Social Engineering Using an Insider Accomplice
  • Attempt Social Engineering Using Web Sites
  • Attempt Identity Theft and Phishing Attacks
  • Try to Obtain Satellite Imagery and Building Blueprints
  • Try to Obtain Employee’s Details from Social Networking Sites
  • Use Telephone Monitoring Devices to Capture Conversations
  • Use Video Recording Tools to Capture Images

Details

  • Social engineering test is useful for companies strong large amount of sensitive files and personal data.
  • It would be more beneficial if corporate policies and procedures are already in place.
  • It is very useful in case that the company is object of constant phishing attempts.
  • Social engineering is appropriate for companies with high employees turnover.

SoCyber can provide training to the employees, by focuing on the issues, discovered during the social engineering test.

We can engage our partners to fix your vulnerabilities if you lack expertise. We avoid fixing them on our own due to conflict of interests.

Up to 2 weeks for 10 employees.