Social Engineering test

Social engineering testing relies on exploitation of factors in the human nature, typically by attempting scams on a company’s employees. In addition when security policies and practices are implemented by management, social engineering would test the adherence of the employees to those policies. Therefore the company would also be able to check the consequences from the activities of disgruntled employee, willing to steal corporate information by exploiting critical systems. For instance testers might send an email pretending to be someone from the management, asking the employee to open an attachment, provide sensitive information or visit a malicious website. After that a tester might call employees pretending to be from the IT staff, asking the employees to perform specific actions with their passwords. Companies often perform social engineering test in combination with security awareness training program. SoCyber performs the following activities during a social engineering campaign:

Methodology

  • Attempt Social Engineering by Vishing
  • Attempt Social Engineering Using E-Mail
  • Attempt Social Engineering by Using Traditional Mail
  • Attempt Social Engineering in Person
  • Attempt Social Engineering by Dumpster Diving
  • Attempt Social Engineering Using an Insider Accomplice
  • Attempt Social Engineering Using Web Sites
  • Attempt Identity Theft and Phishing Attacks
  • Try to Obtain Satellite Imagery and Building Blueprints
  • Try to Obtain Employee’s Details from Social Networking Sites
  • Use Telephone Monitoring Devices to Capture Conversations
  • Use Video Recording Tools to Capture Images

social engineering test