Social
Engineering

OVERVIEW

What is social engineering?

All of us have heard about cyber-attacks in which you are lured into performing specific actions such as providing a password or clicking on malicious links. Such deceptive attacks fall under Social Engineering. While phishing emails are the most common form of social engineering attacks, other forms of such attack – phone calls, text messages, social media, or, in some cases, physical interactions – are possible too. A deception technique such attacks employ is including personified information. When one sees one’s name or any other personal information in a social engineering attack, they are more likely to fall into the trap. This requires a bit of research which is a critical difference between simple automated phishing tools and professional social engineering.

Several major cyberattacks in the recent past have involved sophisticated social engineering mechanisms. Targeted spear phishing engagements and Vishing support calls, to name a few techniques, have been used by hackers to dupe employees and gain unauthorized access. Social engineering assessment will help you:

Assess risk from social engineering attacks
Be proactive and train users against such attacks
Prioritize security training for employees
Raise awareness of social engineering among employees

At Intellisec Solutions, we follow a structured process for social engineering assessments. The major steps in such assessments are as follows.

What We Offer?

Phishing Assessment

Intellisec Solutions’s phishing engagements go far beyond the automated tools found in many comparison services. We not only provide highly targeted, sophisticated scenarios for each client, but also research both the client organization and its employees to create sophisticated campaigns that ensure the best assessment of your organization.

Vishing (Voice Call) Assessments

These are attacks over voice phone calls in which users are coaxed into performing an unauthorized action, such as providing sensitive information or downloading an untrusted file. A common scenario is impersonating IT personnel to obtain passwords of employees or convincing them to install malicious software. Although less common, vishing is an effective attacking method if an immediate, personal connection with the target users can be established.

On-Site Assessments

While less frequent than email or phone social engineering, attacks via personal interactions are possible. Intellisec Solutions’s security team can help you assess such risks by identifying potential threats and protections you put in place to lower your exposure. Some common methods reviewed include ‘baiting’ the area with infected USB drives, tailgating employees through locked doors, and creating fake company badges to gain access to sensitive areas.

Testimonials

Intellisec Solutions has always been able to put in place very advanced proofs of concepts that allow our high management team to fully cognize risks related to the vulnerabilities identified during the security assessments.

Intellisec Solutions has a team of consultants who are able to fully absorb the client's requirements and direct them to the services most suited to the risks that apply to their business area. This approach was of great use to us who do not have specialized cybersecurity teams.

In addition to their advanced technical skills and their diversified experience in the offensive security field, Intellisec has the ability to translate the assessments results into a short, medium and long-term plan which could quickly be validated and confirmed by high management.

Intellisec Solutions offers a turnkey solution that ranges from technical testing to risk identification as well as corporate security governance.

Social
Engineering

OVERVIEW

What is social engineering?

What We Offer?

Phishing Assessment

Vishing (Voice Call) Assessments

On-Site Assessments

Testimonials

We work with wide organizations across a range of industries.

Finance

Legal

Retail

Transport

Healthcare

Energy

Free Quote!