Services
Social
Engineering
Social Engineering attacks simulate various phishing and vishing attacks to test the human element of the security.
Testing the human element of security, Social Engineering services simulate various phishing and vishing attacks. This provides a thorough understanding of employees' awareness levels and the effectiveness of detection and countermeasures to social engineering attacks, allowing us to devise a customized report and training plan that elevates the security awareness of the entire company.
Key focus areas include:
Phishing
The Phishing Test examines the employees' resilience to email-based attacks, where they are enticed to click on a URL or open a "malicious" attachment. Following initial Open-Source Intelligence (OSINT) investigations to tailor the attack, our auditors simulate a typical email interaction with the inclusion of seemingly harmless URL links or attachments. Depending on the pre-agreed scenario, these emails may lead to a custom-made website or contain an attachment disguised as an executable file to relay workstation data. Our team customizes each test scenario with dedicated internet domains, necessary infrastructure, and software. The resulting report outlines the assumptions, implemented scenarios, and comprehensive statistics reflecting the scope of the campaign.
Spear phishing
The Spear Phishing Test is a refined form of phishing, focused on targeted social engineering exploits that aim to identify gaps in your company's security policy. Unlike traditional phishing tests, spear phishing attacks are tailored to specific individuals or a small group, making them more credible and therefore more challenging. These tests help verify employees' behaviour against realistic threats and improve their threat recognition abilities. The test report provides a detailed account of the assumptions, implemented scenarios, and pertinent statistics relevant to the campaign.
Vishing
Vishing, or voice phishing, involves phone-based social engineering attacks designed to trick employees into divulging confidential information or performing actions that could compromise security. During the test, our auditors impersonate specific roles to gain the trust of the target and persuade them to take certain actions, such as executing a command or sharing sensitive data. The final report details the assumptions, scenarios implemented, and the results, giving you insights into the areas requiring attention and improvement.
On-site test
The purpose of on-site testing is to defeat physical security measures such as the building's reception desk or security using social engineering techniques. First, a reconnaissance of the location where the test is to take place is performed, then an attempt is made to enter the established location and perform certain actions. The entire social engineering attack is documented with photos taken during the attack. Prior to the start of the work, a detailed plan will be established in case the auditors are detected during an attempt to physically push through the security (e.g., unauthorized passage through the security gate).
FAQ
Q:
What is social engineering?
Social engineering refers to the psychological manipulation of individuals into performing actions or divulging confidential information. It is a type of human-based threat often used to trick users into making security mistakes or giving away sensitive information.
Q:
How can social engineering assessments help improve our company's security?
Social engineering assessments can help identify areas of vulnerability within your organization's human element, raising awareness of the types of tactics used by attackers and providing valuable insights into how to improve your staff's security awareness.
Q:
What is the pricing for a social engineering assessment?
The cost for a social engineering assessment depends on the complexity of the scenario and the number of individuals involved. Please contact our sales team for a detailed quote.
Q:
What types of social engineering attacks can your assessment simulate?
Our social engineering assessments can simulate a variety of attack scenarios, including phishing emails, vishing (voice phishing), smishing (SMS phishing), pretexting, and baiting. The goal is to replicate the tactics used by real-world attackers as closely as possible.
Q:
How can we use the results of a social engineering assessment?
The results from a social engineering assessment can be used to educate your employees about the tactics used by attackers, reinforce security policies, and implement more effective security awareness training. The aim is to enhance your organization's human firewall and reduce the risk of future social engineering attacks.
