DATA PROTECTION SERVICES
Social Engineering Testing
By now, you have probably become calloused to the barrage of phony emails from
banks and the dozens of other phishing and social engineering attacks we see on
a daily basis. However, social engineering attacks are far more intricate than those
Those emails are truly the bottom-of-the-bucket attempts by unsophisticated criminals.
But there are many other forms of social engineering attacks that are commonly being
used to gain access to critical and valuable data. Is your organization protected?
The Human Problem
The problem with good social engineering attacks is that they don’t seem like
attacks. Instead, they rely on human kindness, trust and the desire to please.
To the person being attacked, they seem like everyday types of situations – not
Consider these examples:
Social Engineering Example #1
A healthcare worker notices a USB key drive laying on a nursing
station. It has the hospital logo on it. "Must have been left here
by a doctor," they think to themselves. So they plug it into their computer
and open it up.
It looks empty to them, but what they don’t realize is that
key just deposited code on that computer that will search the hard drive and
any network drives it can find for any type of personal health information –
social security numbers, credit card numbers, billing information, etc.
Anything it finds is sent over the internet to the criminal organization who
left the USB drive at the nursing station earlier that day.
Social Engineering Example #2
An employee at a multi-office banking instituion receives a phone call from
someone identifying themselves as "Pete from IT". "Pete" asks if they
have had any problems with connectivity today and explains that they have been
receiving calls from two of the other branches in the same area. The employee
indicates that they haven’t and Pete thanks them.
Just as Pete is getting off the phone, he asks for the employee’s ID number
for reporting purposes. The employee thinks that makes sense and gladly
hands over their employee ID. "Pete" now uses that employee name and ID
to steal that employee’s identity.
These are just two examples of actual social engineering attacks that have worked
over the last twelve months. Is your company at risk? How can you be
sure? We can help.
Is Your Organization Susceptible to Social Engineering?
Our Social Engineering tests use creative approaches to evaluate whether your
employees, partners or suppliers are susceptible to behavioral attacks. We
work with you to agree on a strategy and how the social engineering tests will be
conducted. We agree on a timeframe and we communicate early and often to keep
you completely aware of how the social engineering test is progressing.
Upon completion, we deliver you a report which documents all details of our activities,
areas of vulnerability, and recommendations for employee awareness training and
any technology solutions that might help.
It is a sad state of our world that this type of service is necessary.
We take no pleasure in exposing these weaknesses. But we also recognize that
if we don’t help our clients in this manner, they are far more likely to fall victim
to the real social engineers. Please don’t let that happen to you.
Contact us today
to start discussing how we can help you evaluate your behavioral security preparedness.
These guys are on top of things. The productivity of my staff has improved significantly since they have been our IT department. It wasn't that we didn't know what to do, we just couldn't get to it all.
DT and CS