What is Social Engineering?
All of us have heard about cyber-attacks in which you are lured into performing specific actions such as providing a password or clicking on malicious links. Such deceptive attacks fall under Social Engineering. While phishing emails are the most common form of social engineering attacks, other forms of such attack – phone calls, text messages, social media, or, in some cases, physical interactions – are possible too. A deception technique such attacks employ is including personified information. When one sees one’s name or any other personal information in a social engineering attack, they are more likely to fall into the trap. This requires a bit of research which is a critical difference between simple automated phishing tools and professional social engineering.
Several major cyberattacks in the recent past have involved sophisticated social engineering mechanisms. Targeted spear phishing engagements and Vishing support calls, to name a few techniques, have been used by hackers to dupe employees and gain unauthorized access. Social engineering assessment will help you:
- Assess risk from social engineering attacks
- Be proactive and train users against such attacks
- Prioritize security training for employees
- Raise awareness of social engineering among employees
At Intellisec Solutions, we follow a structured process for social engineering assessments. The major steps in such assessments are as follows:
- Phishing assessments
- Vishing assessments
- On-site assessments