TrustedSec will execute Social-Engineering attacks on an organization’s target employees. Social-Engineering provides a baseline to the effectiveness of the education and awareness program and how well an organization can withstand a targeted social engineering attack. Social engineering attacks have been increasing in frequency, due to the ease of attack and the ability to circumvent a number of security controls to gain access to sensitive information. Attackers are finding it significantly easier to circumvent stringent perimeter defenses by targeting the organization’s user population. TrustedSec performs a varying level of social-engineering attacks based on the maturity level of the organization which increases in sophistication as the information security program is enhanced.
With TrustedSec, you can:
- Simulate advanced threat emulation with targeted attacks and test both education and awareness as well as technical controls from advanced attackers.
- Evaluate the success of user education and awareness training.
- Increase end-user information security awareness.
- Evaluate the effectiveness of your IT security defenses and controls.
- Improve training for defenders.
- Supplement awareness training, required by PCI DSS, SOX, FISMA, HIPAA, etc.
Phishing attacks can include (but are not limited to):
Emails sent to a large quantity of targets with the intent of tracking clicks and enticing the surrender of credentials.
Email Spear Phishing
Target a small group of users to coerce clicking an embedded link, surrendering network credentials, command and control, and executing malware via email.
Entice users to divulge sensitive corporate information, resetting users’ passwords, or further reinforcement of Email Spear Phishing via telephone calls.
Simple Messaging System (SMS) Phishing
Target a small group of users via SMS or text messaging to visit a malicious website, call an impersonated telephone number, etc.
Chat Platform Phishing
Attempt to connect to your federated Skype for Business and entice users to click links or launch other attacks via background processes.
On Site Phishing
Focus on attempting to gain physical access to intellectual property, sensitive information, and access to critical systems.
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.