Social Engineering Assessments
Social Engineering is the act of using coercion and other malicious tactics to gain access to an organization’s data or physical premises. The primary purpose for having an assessment of this magnitide is in its usefulness for security awareness training and physical security enhancements.
WireHead performs the following techniques when engaged in a Social Engineering Assessment:
Phishing Attacks
“Phishing” attacks involve the crafting of an email to a person or group of people, pretending to be a valid company or organizational associate, with the intent of getting the user to click on a link to a site controlled by the attacker. These attacks have a very high rate of success and much information can be acquired using this method.
Phishing attacks not only test the effectiveness of security awareness training, but many times test the technologies in place designed to thwart these types of attacks.
Dumpster Diving
An age-old classic, which is still a very useful technique, is to go through an organization’s trash looking for usernames, social security numbers and credit card information. Oftentimes the most seemingly innocent data (such as an internal memo outlining an internal process) can yield devastating results.
Pretext Calling
Pretext Calling involves placing phone calls to individuals within an organization, claiming to be someone of power or an association that they can relate to. Although there are many techniques and scenarios possible with this attack, the goal is usually to get the target user to divulge sensitive information (such as their username or password) which can be used to mount future attacks against the organization.
Onsite Impersonation
Similar to Pretext Calling, Onsite Impersonation takes this type of attack to the next level. Typically, this attack involves mimicking or mirroring observed habits of other “authorized” individuals with the intent of gaining physical access to secured areas within an organization.
Surprisingly easy to pull off, this attack preys on the natural human desire to help others, and to not get into trouble by asking questions. We have a near 100% success ratio with this type of attack.
Any of the above services can be performed independently, together, or as part of our Penetration Testing services.
