Social Engineering involves attackers using social skills to solicit information. Attempts could seem as innocent as a client asking questions in person or a reputable company offering services via email. There are many ways an attacker can use human interaction to infiltrate an organization’s network. Which is why, Hermetic Networks offers to conduct Social Engineering Assessments physically, by visiting your company site(s), or remotely by using email, phone, and other vectors to attempt to gain access. To assess your company’s security exposure, we conduct Social Engineering Engagements in three phases–information gathering, target validation, and attack scenarios.
Hermetic Networks collects public information in order to understand the structure of the organization. Sources used to obtain information include internet searches, domain name enumerations, and any other publicly available source.
Once publicly available information is obtained, targets are aggregated. These targets are submitted to the client point of contact for approval. Once approved, aggressive information gathering efforts are employed to further validate and refine targets. This process entails contacting targets by phone, email, and possibly other human interactions.
After targets are approved, attack scenarios are created based on the information gathered. Hermetic Networks builds story-boards for each scenario and practices the best plans before the live execution. Our attacks include schemes such as email phishing campaigns and phone calls encouraging information exposure or electronic manipulation. You can expect any form of physical human interaction.
More on Phishing and Social Engineering
Phishing Attacks are a particular form of Social Engineering. Roughly 156 million phishing emails are sent globally every day. By tricking the unsuspecting user with a variety of manipulative tactics, malicious attackers can leverage their way into your company’s systems and networks to install malware and steal personal information. Hermetic Networks presents clients with a complete end to end solution for addressing phishing scams and raising the security awareness of your end users. From testing technical, social and physical controls, to developing testing programs, we’ve got you covered. Our services include:
- Onsite Security Awareness Training
- Testing Plan Development
- Malicious Payload Testing
- Click Counting
- Spear Phishing Tests
- Whaling and APT Style Attacks