Social Engineering Testing and Phishing
Simulated Social Engineering attacks on various elements within your organization helps in gauging the level of information security awareness and helps develop resilience against real world attacks
Social Engineering Testing and Phishing Drill
Most successful, high profile attacks against large organizations have breached the security perimeter by targeted social engineering attacks against vulnerable people within the organization. Our simulated social engineering attacks will effectively identify an organization’s susceptibility to social engineering attacks through various channels like email, IM, phone and face to face engagements.
Seniors IT ‘ expert social hackers design techniques that identifies failure points by performing both on-site and off-site social engineering testing and expose weaknesses that can otherwise be leveraged by an actual attacker.
Off-site Social Engineering
Seniors IT’ security specialists start with passive reconnaissance aiming to get as much information as possible about the target company. Active off-site methods like phishing, smishing and Vishing are used to make employees divulge information intended for internal use only.
On-site Social Engineering
Various methods like impersonation techniques are used to gain access into restricted and private areas within the client infrastructure. Attempts are made to gain access to networks, including wireless networks using various methods. Staff is approached directly or indirectly pretending to be employees, vendors or business partners to gain access.
Reverse Social Engineering
This technique is a form of social engineering penetration testing where the victim unwittingly goes to the attacker. An ethical hacker uses traditional social engineering attack first to establish trust-based relations as a result, victims reveal a lot more corporate-sensitive information, because they go to the hacker themselves.
This technique involves inspecting employees’ trash cans for printouts and pieces of paper that were not shredded or destroyed but may contain sensitive corporate information.