Call now for more info & latest prices

0113 257 8955

Social Engineering Test

No_image

Button_enquiry

Button_callback

Button_expert

Sec-1 will conduct a test on your employees’ to determine how secure your network is against social engineering attacks from real sources.

What Is Social Engineering?

Social Engineering is the process of obtaining personal or organisational information, in order to gain access to data, financial information or simply to disrupt the network and IT systems.

What Form Can An Attack Take?

An attack may take on many guises including:

  • Unsolicited Emails – which may prompt an individual to visit a link or click on a file attachment
  • Google Groups and Online Forums – these can often be used to extract information, giving people a false sense of security that they are discussing a genuine issue, whilst details of their issue are being recorded in order for the system to be breached
  • Masquerading techniques, such as telephone conversation attacks

How Will The Test Be Conducted?

Sec-1 will need the contact details of 25 employees, this contact information will need to include:

  • User’s full name
  • User’s email address
  • User’s phone number
  • Company fax number

Sec-1 will then contact 12 of the 25 people in an attempt to gain any of the information listed below.

  • User name and password credentials
  • Operating system
  • Names/email addresses/passwords of other company employees

How Will Sec-1 Perform The Attacks?

Attacks will take the form of those most utilised by Social Engineering Attackers, in order to gain a real picture of the risks faced by your organisation and how improvements can then be made to your existing security structure and policies:

  • Phishing Attacks
    These may be used to gain information by email. A HTML email may be sent, where the user is prompted to offer information as part of a competition or prize draw. An example of this can be found by clicking here
  • Google Groups and Chat Rooms
    Google Groups and other online forums can often provide a wealth of confidential information pertaining to the IT infrastructure. For example, IT staff may post configuration information to support forums and Google Groups. In many cases encrypted user credentials or sensitive configuration information are available through posted log and configuration files or error outputs. Sec-1 will search forums for IT information that has been posted from your organisation.
  • Masquerade Techniques
    A search is performed to discover any information published by a business competitor or partner relating to the configuration of your network. For example, solution providers may use your company name in marketing or case study material, which could expose useful information to a hacker. Sec-1 will utilise masquerade tactics to influence individuals to answer questions posed about your network, access passwords, or sensitive personal or organisational information. This attack could be carried out over the phone or via email.

What Happens After The Test Has Been Carried Out?

Sec-1 will feed back the results of the test in a report which identifies areas of weakness. This report will then allow you to generate new, or update existing, security policies and training programmes for all employees.

Key advice to give to your staff members is basic, however it is vital for the security of your network and IT systems:

  • Don’t ever give out your password
  • Don’t keep password reminders on or around your desk
  • Don’t sign up your company email address to personal subscriptions or mailing lists of any kind
  • Don’t give out personal or company information over the phone to unsolicited callers