SOCIAL ENGINEERING

DEFEND FROM WITHIN

Our social engineering solutions can help you ensure the value of security policy, and prevent costly internal leaks

TAILORED SOLUTIONS

QUICKLY IDENTIFY YOUR BUSINESS’S MOST SIGNIFICANT WEAK SPOTS AND BOLSTER THEIR SECURITY


What is social engineering?

Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.

EDUCATION
WHERE YOU
NEED IT MOST

Our social engineering solutions can spearhead thorough employee education, helping you deliver multi-layered training programs and increasing awareness of the most damaging social engineering techniques.

We can deliver comprehensive social engineering solutions for businesses that use POS systems and keep customer card information on-site, helping maintain your reputation and give your loyal customers greater peace of mind.

PUT
YOUR CUSTOMERS
FIRST

social engineering techniques:

Pretexting

An invented scenario is used to engage a potential victim to try and increase the chance that the victim will bite. It's a false motive usually involving some real knowledge of the victim (e.g. date of birth, Social Security number, etc.) in an attempt to get even more information.

Diversion Theft

A 'con' exercised by professional thieves, usually targeted at a transport or courier company. The objective is to trick the company into making the delivery somewhere other than the intended location.


Phishing

The process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering. Also see Spear Phishing.

Spear Phishing

A small, focused, targeted attack via email on a particular person or organisation with the goal to penetrate their defenses. The spear phishing attack is done after research on the target and has a specific personalised component designed to make the target do something against their own interest.



Water-Holing

This technique takes advantage of websites people regularly visit and trust. The attacker will gather information about a targeted group of individuals to find out what those websites are, then test those websites for vulnerabilities. Over time, one or more members of the targeted group will get infected and the attacker can gain access to the secure system.

Baiting

Baiting means dangling something in front of a victim so that they take action. It can be through a peer-to-peer or social networking site in the form of a (porn) movie download or it can be a USB drive labeled “Q1 Layoff Plan” left out in a public place for the victim to find. Once the device is used or malicious file is downloaded, the victim’s computer is infected allowing the criminal to take over the network.

Quid Pro Quo

Latin for 'something for something', in this case it's a benefit to the victim in exchange for information. A good example is hackers pretending to be IT support. They will call everyone they can find at a company to say they have a quick fix and "you just need to disable your AV". Anyone that falls for it gets malware like ransomware installed on their machine.

Tailgating

A method used by social engineers to gain access to a building or other protected area. A tailgater waits for an authorised user to open and pass through a secure entry and then follows right behind.

Organizations reduce their security risks by:

Standard Framework

Establishing frameworks of trust on an employee/personnel level (i.e., specify and train personnel when/where/why/how sensitive information should be handled)

Scrutinising Information

Identifying which information is sensitive and evaluating its exposure to social engineering and breakdowns in security systems (building, computer system, etc.)

Training to Employees

Training employees in security protocols relevant to their position. (e.g., in situations such as tailgating, if a person's identity cannot be verified, then employees must be trained to politely refuse.)

Event Test

Performing unannounced, periodic tests of the security framework.

Review

Reviewing the above steps regularly: no solutions to information integrity are perfect.

ACHIEVE CYBER RESILIENCE

PROTECT AND SURVIVE THE GROWING THREAT LANDSCAPE

WANT TO RECEIVE NEWS ON THE LASTEST THREATS AND TRENDS

Sign up to receive the latest developments and news in the industry.

For information about how we handle your data, please read our privacy notice

TOP