SOCIAL ENGINEERING

What is Social Engineering?

Social engineering, in the context of information security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. The difference to a real attack is the fact, that testing is done with the explicit written consent of the client and the purpose is to produce a comprehensive report and to close down security holes, before a real attacker can exploit them. As of 2018, in 95% of all tests, we managed to obtain sensitive information employing social engineering techniques.

Why Social Engineering Testing?

  • Does the best IT Security help, if employees give out sensitive info?

  • Do staff click on links if they seem to get an email from a manager?

  • Can employees be tricked over the phone when being impersonated?

  • Is the physical security weak?

  • Can attackers dumpster dive? Is tailgating possible?

  • Are users educated around Social Engineering threats?

Who should be Social Engineering tested?

  • Any business holding confidential data or customer information

  • Businesses who don’t want lawsuits or legal consequences

  • Businesses who have fallen victim already and want to be prepared

  • Businesses who must comply to industry or government compliance

  • Businesses who heard that a competitor has been hit by an attack

  • Businesses who know that being pro-active avoids costly breaches

How often should a Social Engineer Test be carried out?

A full audit should at least be done once or twice a year and the results should flow into a company security policy. We recommend regular user education, which we also provide.

Social Engineering audit services

During a social engineering audit, we can perform tests electronically (computer based). We gather a lot of open source information prior to any engagement through online information gathering.

  1. Generic phishing email campaigns sent to the staff with a call to action (clicking a link, playing a video). For example a CNN news alert of a fake terrorist attack or the apparent death of a celebrity.

  2. Spear phishing email campaigns by sending crafted emails, which seem to come from a superior and get the user to click a link and/or provide confidential information. We also get employees to visit fake websites, which simulate infecting their machines or are used to “phish” credentials.

  3. Spear phishing in conjunction with the simulated exploitation of the endpoint (Gold package)

  4. All services come with most comprehensive reporting, user tracking and classification

SOCIAL ENGINEERING PACKAGES

SILVER Package

Deliverables per user:

  • 1 email exposure report showing all publicly exposed email addresses

  • 1 phishing email per user with a news flash alert containing a link to click

  • 1 spear phishing email (i.e. pretending to be HR) with a call to action

  • Comprehensive reporting including detailed statistics and analysis

GOLD Package

Deliverables per user:

  • 1 email exposure report showing all publicly exposed email addresses

  • 1 phishing email per user with a news flash alert containing a link to click

  • 1 spear phishing email (i.e. pretending to be HR) with a call to action

  • 1 exploit will be delivered in order to compromise the endpoint

  • Comprehensive reporting including detailed statistics and analysis

Why PrimoConnect?

  • We are experts in Penetration Testing / Ethical Hacking, Cyber Security and Infrastructure Design

  • We are an independent third party concerned with finding & fixing flaws and improving infrastructure design

  • No conflict of interest. We will never work on both you offensive security testing and defensive IT infrastructure management simultaneously

  • Consultants holding the highest industry and government certifications

  • Experience across all sectors and business sizes

  • Dedicated Red Team approach with specialists in all technologies

  • Using international testing frameworks such as: OWASP, NIST, SANS, etc. as well as standards including: ISO 27001, PCI DSS, Cyber Essentials and GDPR

  • Your security is our priority!

Get a free quote today…