As a part of PRE-ATTACK, an attacker may employ Social Engineering techniques to coerce unaware employees into disclosing information or performing a task. While operations security policies should be used to prevent and reduce the likelihood of success of social engineering campaigns, this use case focuses on identifying policy failures and instances where technical controls have failed to provide adequate protection.
In the context of computer security, social engineering refers to the practice of tricking people into disclosing personal information or other confidential data. It is a catch-all term for phishing, pharming, smishing, vishing and other forms of manipulation.
Benefits of social engineering exercises
Social engineering is the practise of using deception to persuade people to reveal confidential or personal information that could be used to commit fraud against company employees. The goal of social engineering pen testing is to see how well employees follow security rules and procedures set by management as well as measuring an increase in success of training over time.
What Are The Risks Of Social Engineering?
Through social engineering techniques, any user, including those with experience and those in positions of authority, can be conned into providing data and access to services to those who are not entitled to them. Users can be duped or socially engineered into inadvertently providing information or access to a malicious actor.
Other services
Web Application Testing
Web application attacks range in size and complexity, from the exploitation of vulnerable open source components, to app-specific attacks which take advantage of user controls. Internal web applications are at risk too, from disgruntled or malicious users who may find loopholes and use their position to wreak havoc. Learn more >
Product Assessment
If you develop a software product or service, are you confident that it’s as secure as it can be? Your clients rely on you to keep their data secure, so if you’ve not had your product or service independently assessed, your reputation is at risk if a vulnerability is discovered. Learn more >
