Social Engineering

TrustedSec will execute Social Engineering attacks on an organization’s target employees. Social Engineering assessments produce a baseline for the effectiveness of the education and awareness program and how well an organization can withstand a targeted social engineering attack. Social engineering attacks have been increasing in frequency, due to the ease of attack and the ability to circumvent a number of security controls to gain access to sensitive information. Attackers are finding it significantly easier to circumvent stringent perimeter defenses by targeting the organization’s user population. TrustedSec takes into account the maturity level of the organization when determining the appropriate scale of the Social Engineering assessment, which increases in sophistication as the Information Security program is enhanced.

With TrustedSec, you can:

  • Simulate advanced threat emulation with targeted attacks and test both education and awareness as well as technical controls from advanced attackers
  • Evaluate the success of user education and awareness training
  • Increase end-user Information Security awareness
  • Evaluate the effectiveness of your IT security defenses and controls
  • Improve training for defenders
  • Supplement awareness training, as required by PCI DSS, SOX, FISMA, HIPAA, etc.

Social Engineering attacks can include (but are not limited to):

Email Phishing

Emails are sent to a large quantity of targets with the intent of tracking clicks and enticing the surrender of credentials.

Email Spear Phishing

A small group of users are targeted to coerce them into clicking an embedded link, surrendering network credentials, establishing command and control, and executing malware via email.

Phone Phishing

Users are enticed to divulge sensitive corporate information, reset users’ passwords, or further reinforce Email Spear Phishing via telephone calls.

Simple Messaging System (SMS) Phishing

A small group of users are targeted via SMS or text messaging to visit a malicious website, call an impersonated telephone number, etc.

Chat Platform Phishing

Attempts are made to connect to federated Skype for Business and entice users to click links or launch other attacks via background processes.

On-Site Phishing

Attempts are made to gain physical access to intellectual property, sensitive information, and critical systems.

Featured Content

Research + Red Team + Risk Management: Assessing Evolving Threats

Download

Talk with an Expert

  • This field is for validation purposes and should be left unchanged.
David Kennedy

Author: David Kennedy

Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.