Why conduct social engineering tests?
It is estimated that at least 90% of hacking attacks would be successful if it were not for unconscious human behaviour. This is why the social engineering tests performed on the methods fraudsters use to phish for data or gain access to a company’s network are so important.
What do I get after the Tests?
The result of the tests will be reliable information about where employees are aware of IT dangers and where gaps exist. How vigilant they are and whether they know what to do in case of suspicious behaviour.
CyberClue’s final report will also propose a range of training and awareness campaigns for employees and methods for conducting them effectively.
- E-maile z fałszywymi linkami
- SMSy przekierowujące na fałszywą stronę logowania czy płatności
- Telefony z próbą wyłudzenia danych
- Fizyczne nakłonienie pracownika np. do otwarcia serwerowni czy wpięcia zewnętrznego pendvive’a do komputera.
Każdorazowo sposób testowania jest uzgadniany z klientem.
Socio-technical tests, depending on needs and findings, include:
- Search for telephone numbers and email addresses from publicly available sources
- Breaking email server security to impersonate another user
- Attempted unauthorised log-in to user account
- Making phishing calls to several employees
- Creation of fake domains and pages to which employees are redirected after sending a fake email or SMS
- Attempted unauthorised entry to building, office, server room
- Attempting to access an employee’s computer
- Attempting to connect a memory stick
- Attempting to get an employee to install software from a flash drive