TrustedSec will execute Social Engineering attacks on an organization’s target employees. Social Engineering assessments produce a baseline for the effectiveness of the education and awareness program and how well an organization can withstand a targeted social engineering attack. Social engineering attacks have been increasing in frequency, due to the ease of attack and the ability to circumvent a number of security controls to gain access to sensitive information. Attackers are finding it significantly easier to circumvent stringent perimeter defenses by targeting the organization’s user population. TrustedSec takes into account the maturity level of the organization when determining the appropriate scale of the Social Engineering assessment, which increases in sophistication as the Information Security program is enhanced.
With TrustedSec, you can:
- Simulate advanced threat emulation with targeted attacks and test both education and awareness as well as technical controls from advanced attackers
- Evaluate the success of user education and awareness training
- Increase end-user Information Security awareness
- Evaluate the effectiveness of your IT security defenses and controls
- Improve training for defenders
- Supplement awareness training, as required by PCI DSS, SOX, FISMA, HIPAA, etc.
Social Engineering attacks can include (but are not limited to):
Emails are sent to a large quantity of targets with the intent of tracking clicks and enticing the surrender of credentials.
Email Spear Phishing
A small group of users are targeted to coerce them into clicking an embedded link, surrendering network credentials, establishing command and control, and executing malware via email.
Users are enticed to divulge sensitive corporate information, reset users’ passwords, or further reinforce Email Spear Phishing via telephone calls.
Simple Messaging System (SMS) Phishing
A small group of users are targeted via SMS or text messaging to visit a malicious website, call an impersonated telephone number, etc.
Chat Platform Phishing
Attempts are made to connect to federated Skype for Business and entice users to click links or launch other attacks via background processes.
Attempts are made to gain physical access to intellectual property, sensitive information, and critical systems.
Talk with an Expert
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.