Social Engineering Security Awareness

 

What is Social Engineering?

Social engineering is the art of manipulating people into performing actions or divulging confidential information. The term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.

Is your business in need of social engineering security awareness education?

There are many types of Social Engineering methodologies, below is a list of a few that can be attempted against your organisation. If you require a Social Engineering Test against your organisation, contact us below for a quotation.

– Pretext
The art of creating a scenario to engage the target in a way that allows you to obtain sensitive information from them. For example this may be used to trick someone into divulging customer information such as a telephone number or real world address.

– Diversion Theft
The art of tricking someone such as a courier into delivering at an address that is not part of the targeted organisation, thus allowing the attacker to receive the delivery and read the contents of the package and gather further intelligence.

– Spear Phishing
Often the most heard of attack method, which often involves sending an email to the target that appears to be genuine. The email will often look realistic, and ask the target for some form of ‘verification’, normally an Access Code or password, which when submitted will inadvertently send the sensitive information back to the attacker.

– Dumpster Diving
This is exactly what it says, your rubbish will be examined to see if sensitive or useful information can be gathered and used against the organisation. This could provide an attacker with all sorts of sensitive information, from client data to new or unreleased product information.

– Baiting
This is often an attack we see performed by an internal employee seeking to give access computer system access to competitors or rogue attackers. It involves running a backdoor on a computer system intentionally to give the attacker access. Often these attacks will be installed from removable devices such as a CD or USB stick.

There are many other social engineering attacks that can be performed against an organisation who are not prepared to deal with them.

Security Audit Systems Social Engineering Countermeasures Service

For all social engineering attacks there are specific countermeasures that can be used to stop the attack dead.

Countermeasures Document Available

This document is useful for educating staff in social engineering attack possibilities and countermeasures and covers the following:

– Classification of sensitive data
– Separation of duties
– Employee verification and identification cards
– Stronger Biometric systems integration
– Set Procedure documentation
– Periodic testing

Would you like your organisation to be tested?

Please get in touch today to discuss your security requirements. You may also like to consider our penetration testing services.

Phone Us: +44 (0) 207 0439 349 
Alternative Contact Information