Drive home security awareness

Social Engineering provides a baseline for the effectiveness of your education and awareness program and how well staff can withstand a targeted social engineering attack.

Social engineering attacks have been increasing in frequency due to the ease of attack and the ability to circumvent a number of security controls to gain access to sensitive information. TrustedSec performs varying social-engineering attacks based on your maturity level, which increases in sophistication as the InfoSec program is enhanced.

With TrustedSec, you can:

• Perform advanced threat emulation with targeted attacks and test education and awareness as well as technical controls from advanced attackers
• Evaluate the success of user education and awareness training
• Increase end-user InfoSec awareness
• Evaluate the effectiveness of your IT security defenses and controls
• Improve training for defenders
• Supplement awareness training required by PCI DSS, SOX, FISMA, HIPAA, etc.

Types of Phishing Attacks:

Email Phishing entails sending emails to a large number of targets with the intent of tracking clicks and enticing the surrender of credentials.

Email Spear Phishing targets a small group of users to coerce them into clicking an embedded link, surrendering network credentials, and establishing command and control via email.

Phone Phishing entices users to divulge sensitive corporate information, reset passwords, or further reinforce Email Spear Phishing via telephone calls.

SMS Phishing targets a small group of users via SMS or text messaging to visit a malicious website, call an impersonated telephone number, or surrender information.

Chat Platform Phishing attempts to connect to a federated messaging platform and entice users to click links or launch other attacks via background processes.

On-Site Social Engineering attempts to gain physical access to intellectual property, sensitive information, and critical systems.