social engineering

As a part of PRE-ATTACK, an attacker may employ Social Engineering techniques to coerce unaware employees into disclosing information or performing a task. While operations security policies should be used to prevent and reduce the likelihood of success of social engineering campaigns, this use case focuses on identifying policy failures and instances where technical controls have failed to provide adequate protection.

In the context of computer security, social engineering refers to the practice of tricking people into disclosing personal information or other confidential data. It is a catch-all term for phishing, pharming, smishing, vishing and other forms of manipulation.

Benefits of social engineering exercises

Social engineering is the practise of using deception to persuade people to reveal confidential or personal information that could be used to commit fraud against company employees. The goal of social engineering pen testing is to see how well employees follow security rules and procedures set by management as well as measuring an increase in success of training over time.

What Are The Risks Of Social Engineering?

Through social engineering techniques, any user, including those with experience and those in positions of authority, can be conned into providing data and access to services to those who are not entitled to them. Users can be duped or socially engineered into inadvertently providing information or access to a malicious actor.

Other services

Web Application Testing

Web application attacks range in size and complexity, from the exploitation of vulnerable open source components, to app-specific attacks which take advantage of user controls. Internal web applications are at risk too, from disgruntled or malicious users who may find loopholes and use their position to wreak havoc. Learn more >

Product Assessment

If you develop a software product or service, are you confident that it’s as secure as it can be? Your clients rely on you to keep their data secure, so if you’ve not had your product or service independently assessed, your reputation is at risk if a vulnerability is discovered. Learn more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.