Human beings are said to be the weakest link of any information system. Your employees hold valuable information that, in the wrong hands, could be used to exploit your company. Our Social Engineering services utilize a variety of methods such as phishing, baiting, or piggybacking in an attempt to extract key company information or gain access to restricted areas.
At a high level, our approach involves:
- Performing open-source intelligence gathering
- Creating phishing campaigns to target the general organization, IT or VIP personnel
- Cloning web sites / applications to capture employee credentials
- Dropping media (thumb drives, CDs, etc.) with exploit code
- Testing and attempting to bypass physical security controls
Our experience in performing social engineering engagements against a variety of organizations will provide immediate feedback regarding employee security awareness and susceptibility to external threats through various scenarios.