Social Engineering Testing
Social Engineering is a sub-class of penetration testing that focuses on identifying and validating vulnerabilities associated with your employees ability to follow documented policies and procedures and security best practices.
Below are Real-World Outcomes of Social Engineering Testing:
- A Redspin engineer was on the phone with "Jane," pretending to be "Joe, the IT guy" and asking her to change her password to one that he chose. Then customer-friendly Jane offered, "As long as I'm here, would you like me to change the password on all the other workstations?" How could we refuse?
- As soon as our engineer started in on his social engineering script — "Hi, I'm working with Jack over in IT, and..." — the person on the other end of the line said, "Is this a social engineering call?" and hung up on us. This is exactly what we hope to see!
- While doing an email social engineering test we sent a link to a new web-based email system supposedly set up by IT. It was really just a malicious page that was designed to steal user credentials. We felt bad when we got the following response from an employee:
- "You ROCK!!!!!!!!
Thank you!!! I've been asking for this for years!!!!
Test and measure your employee's response to outside emails and phone calls requesting sensitive information...
Test and measure physical security at sensitive locations and your employee's security awareness...
Do you have some other scenario or policy you want tested that is not listed here? Send us your requirements, and we will custom tailor an assessment for your environment.