Social Engineering Testing
Social Engineering is a sub-class of penetration testing that focuses on identifying and validating vulnerabilities associated with your employees ability to follow documented policies and procedures and security best practices.
Real-World Stories
Below are Real-World Outcomes of Social Engineering Testing:
• A Spinetech Universal engineer was on the phone with “Jane,” pretending to be “Joe, the IT guy” and asking her to change her password to one that he chose. Then customer-friendly Jane offered, “As long as I’m here, would you like me to change the password on all the other workstations?” How could we refuse?
• As soon as our engineer started in on his social engineering script — “Hi, I’m working with Jack over in IT, and…” — the person on the other end of the line said, “Is this a social engineering call?” and hung up on us. This is exactly what we hope to see!
• While doing an email social engineering test we sent a link to a new web-based email system supposedly set up by IT. It was really just a malicious page that was designed to steal user credentials. We felt bad when we got the following response from an employee:
• “You ROCK!!!!!!!!
Thank you!!! I’ve been asking for this for years!!!!
:)”
Our most frequently requested social engineering exercises include:
Remote
Test and measure your employee’s response to outside emails and phone calls requesting sensitive information…
Read More
Onsite
Test and measure physical security at sensitive locations and your employee’s security awareness…
Read More
Other
Do you have some other scenario or policy you want tested that is not listed here? Send us your requirements, and we will custom tailor an assessment for your environment.