Social Engineering
Humans are often the weakest link in an organization. Our specialists are capable of performing detailed phishing, vishing, whaling, and other advanced social engineering attacks with an end goal of evaluating your company’s social engineering posture as well as gaining access to requested sensitive data, information, PII, and more as determined by the client.
Our Methodolody
All testing performed under this service based on the NIST SP 800 - 115 Technical Guide to Information Security Testing and Assessment, OWASP testing Guide (v4) plus other customized testing frameworks.
PLANNING
Customer goals are gathered and rules of engagement obtained.
DISCOVERY
Perform scanning and enumeration to identify potential vulnerabilities, weak areas and exploit.
ATTACK
Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.
REPORTING
Document all found vulnerabilities and exploits, failed attempts, company strengths and weaknesses.
Thorough Testing
Activities performed during social engineering include but not limited to:
Email attack (phishing)
High-profile targeted attacks (whaling)
Phone-based attacks (vishing)
Physical-based attacks
Targeted attacks (spear phishing)
Text message attacks (smishing)
Other attacks depends on specific customer content and footprint.