Social engineering describes an attack used by malicious individuals to gain privileged access to confidential information. Attacks are not driven by technological wizardry, but through social interaction because it is much easier to attack through a human than infrastructure. For example, impersonation to obtain a password, or several interactions aimed at obtaining sensitive financial information and bank account details.
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is weak). Social engineering is growing in complexity and sophistication, and you need to know how susceptible your organization really is. Our social engineering services will test your employees, so you can make sure each member of staff is protected against this devious attack vector.
Social Engineering Assessment
- Carefully crafted phishing emails to entice the recipient to open a specially crafted file such as a malformed PDF that, when viewed, will provide access to the unsuspecting user’s system
- Carefully crafted phishing emails to entice the recipient to click on a link that directs the user to a malicious website that attempts to compromise the user’s computer system
- Carefully crafted phishing emails to entice the recipient to disclose sensitive information such as usernames and passwords
- Malicious USB, CDs, and/or mobile apps which contain “trojan” payloads and “phone home” capabilities
- Confuse deputy attacks using phone calls, voice modulation, and caller ID spoofing
- Physical human to human interactions with unsuspecting targets
For the email-based social engineering attack (phishing), Dexter Cyberlab consultants would:
Develop the attack scenario
Work with you to determine the details of the scenario
Conduct necessary preparation steps for the attack
Register the test phishing domain
Build the website to gather information or compromise systems
Craft the email to be delivered to your employees
Run the social engineering test by delivering the email
Provide results for the social engineering test based on the visitors to the site
Train Your Employees about Social Engineering
Educating on security threats
Preparing employees to react
Strengthening security posture
What You Get
Upon completion of the assessment our consultant shall provide a single electronic report deliverable. The report will provide an analysis of the current state of the assessed security controls. The analysis will identify areas that need to be resolved in order to achieve an adequate level of security.