Colin Hadnagy explains how valuable lessons he’s learned over the past 5 years with Social-Engineer LLC (SECOM) were made real, very real in his first onsite social engineering engagement. Now that you’re primed, enjoy the final installment in our 4-part series with Colin’s first onsite SE gig, “My First Onsite Social Engineering Engagement: Pretenders, Assemble!”
My First Pen-Testing Onsite Social Engineering Engagement
Shelby Dacko recently participated in her first pen-testing onsite social engineering engagement. In the 3rd installment of our 4-part series, Shelby shares key lessons she learned from her team and advice so you can avoid her mistakes in the blog, “My First Pen-Testing Onsite Social Engineering Engagement”. Continue Reading >
Breaking in for NOOBZ!: Social Engineering Onsite Infiltration
Curt Klump found himself standing in a server closet in a building’s network operations center (NOC), with an official employee escort. This is just one of the highlights of his first social engineering onsite infiltration job. In part 2 in our 4-part series, Curt tells his story in the blog “Breaking in for NOOBZ!: Social Engineering Onsite Infiltration”. Continue Reading >
An Inside Look at a Week in the Life of a Social Engineer
Recently, we sent 4 of our employees on an on-site social engineering engagement. We asked them to blog about their experience, tips and tricks, and lessons that they learned with our readers. As a special 4-part series, we will release one blog every week for the month of May. Each story is told from the individual’s viewpoint. Maxie Reynolds starts the series in her blog “An Inside Look at a Week in the Life of a Social Engineer”. She provides a list of helpful tips on what not to do on physical engagements and, maybe, a few things you should. Continue Reading >
Assess Your Risks
We talk a lot about phishing, vishing, smishing, and impersonation here at SECOM, and there is a good reason for that. Those are the primary services we provide as a company for our clients. Not all clients use all of our services, and some companies don’t use any of our services for a multitude of reasons. Maybe they use another company to test these attack vectors, maybe they use an internal team, some don’t test them at all. Regardless of your company’s choice, it is important, at a minimum, to have an understanding of and assess your company’s risks when […] Continue Reading >
In 2019, Test Impersonation Attacks
At SECOM, we perform many forms of social engineering attacks, from phishing to vishing and smishing as well as impersonation. All of these attacks are used regularly by actual attackers and should be tested as part of a robust security assessment in every organization. Small and large businesses alike are vulnerable to these attacks. If you are currently training and testing your employees against phishing and vishing, as you should be, we encourage you, in 2019, to test impersonation attacks as well. What Are Impersonation Attacks The way SECOM describes an impersonation attack is the “practice of pretexting as another […] Continue Reading >
Are your employees trained to withstand vishing attacks?
While employees are increasingly becoming informed about the threat phishing attacks pose to organizations, attackers are now combining other types of vectors to compromise their targets. The one we see on an increase is the telephone. This vector is called vishing. Continue Reading >
Is a 100% Success Claim Realistic?
Guaranteed to give you a full head of hair…. guaranteed to make you lose weight… guaranteed to change your sex life…. These guarantees are often used in the marketing world to gain curiosity and to make the consumer take a peek at the offer. Now come on, you don’t have to admit it … but guaranteed: most of us reading this have taken a second gander at one of these offers at least once. I know I have However, even if you’ve fallen for this tactic in the past, you likely now realize that these claims are bogus or, at […] Continue Reading >
Creating a Culture of Security to Defend Against Social Engineering Attacks
The Fifth Annual Benchmark study on Privacy and Security of Healthcare Data by Ponemon Institute has recently revealed what others have long perceived: There has been a shift in the root cause of data breaches from accidental to intentional. While 90% of healthcare organizations represented in the study had experienced a data breach, for the first time, criminal attacks are the number one cause of these breaches. Continue Reading >
Risk Assessment in Social Engineering
What does a soldier charging into the fight have in common with a soldier that flees from combat? Both of these people have evaluated risk and made decisions based on their assessments. Our safety and well-being largely depends on how appropriately we gauge risks and react to them; this guides much of human behavior and bears relevance to the field of social engineering. Continue Reading >
