Social Engineering
Humans are the weakest link in Information Security.
Drive home security awareness
Social Engineering provides a baseline for the effectiveness of your education and awareness program and how well staff can withstand a targeted social engineering attack.
Social engineering attacks have been increasing in frequency due to the ease of attack and the ability to circumvent a number of security controls to gain access to sensitive information. TrustedSec performs varying social-engineering attacks based on your maturity level, which increases in sophistication as the InfoSec program is enhanced.
With TrustedSec, you can:
- Perform advanced threat emulation with targeted attacks and test education and awareness as well as technical controls from advanced attackers
- Evaluate the success of user education and awareness training
- Increase end-user InfoSec awareness
- Evaluate the effectiveness of your IT security defenses and controls
- Improve training for defenders
- Supplement awareness training required by PCI DSS, SOX, FISMA, HIPAA, etc.
Types of Phishing Attacks:
Email Phishing entails sending emails to a large number of targets with the intent of tracking clicks and enticing the surrender of credentials.
Email Spear Phishing targets a small group of users to coerce them into clicking an embedded link, surrendering network credentials, and establishing command and control via email.
Phone Phishing entices users to divulge sensitive corporate information, reset passwords, or further reinforce Email Spear Phishing via telephone calls.
SMS Phishing targets a small group of users via SMS or text messaging to visit a malicious website, call an impersonated telephone number, or surrender information.
Chat Platform Phishing attempts to connect to a federated messaging platform and entice users to click links or launch other attacks via background processes.
On-Site Social Engineering attempts to gain physical access to intellectual property, sensitive information, and critical systems.
Larry Spohn
Practice Lead, ForceLarry Spohn is a highly experienced security consultant with over 20 years of experience in the industry and a proven track record of success in assessing and improving the security posture of organizations of all sizes. Larry is not only a skilled technical analyst with a deep understanding of security threats and vulnerabilities, but he is also an excellent communicator and trainer who is adept at conveying complex security concepts to both technical and non-technical audiences.
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.