We talk a lot about phishing, vishing, smishing, and impersonation here at SECOM, and there is a good reason for that. Those are the primary services we provide as a company for our clients. Not all clients use all of our services, and some companies don’t use any of our services for a multitude of reasons. Maybe they use another company to test these attack vectors, maybe they use an internal team, some don’t test them at all. Regardless of your company’s choice, it is important, at a minimum, to have an understanding of and assess your company’s risks when […] Continue Reading >
In 2019, Test Impersonation Attacks
At SECOM, we perform many forms of social engineering attacks, from phishing to vishing and smishing as well as impersonation. All of these attacks are used regularly by actual attackers and should be tested as part of a robust security assessment in every organization. Small and large businesses alike are vulnerable to these attacks. If you are currently training and testing your employees against phishing and vishing, as you should be, we encourage you, in 2019, to test impersonation attacks as well. What Are Impersonation Attacks The way SECOM describes an impersonation attack is the “practice of pretexting as another […] Continue Reading >
Are your employees trained to withstand vishing attacks?
While employees are increasingly becoming informed about the threat phishing attacks pose to organizations, attackers are now combining other types of vectors to compromise their targets. The one we see on an increase is the telephone. This vector is called vishing. Continue Reading >
Is a 100% Success Claim Realistic?
Guaranteed to give you a full head of hair…. guaranteed to make you lose weight… guaranteed to change your sex life…. These guarantees are often used in the marketing world to gain curiosity and to make the consumer take a peek at the offer. Now come on, you don’t have to admit it … but guaranteed: most of us reading this have taken a second gander at one of these offers at least once. I know I have However, even if you’ve fallen for this tactic in the past, you likely now realize that these claims are bogus or, at […] Continue Reading >
Creating a Culture of Security to Defend Against Social Engineering Attacks
The Fifth Annual Benchmark study on Privacy and Security of Healthcare Data by Ponemon Institute has recently revealed what others have long perceived: There has been a shift in the root cause of data breaches from accidental to intentional. While 90% of healthcare organizations represented in the study had experienced a data breach, for the first time, criminal attacks are the number one cause of these breaches. Continue Reading >
Risk Assessment in Social Engineering
What does a soldier charging into the fight have in common with a soldier that flees from combat? Both of these people have evaluated risk and made decisions based on their assessments. Our safety and well-being largely depends on how appropriately we gauge risks and react to them; this guides much of human behavior and bears relevance to the field of social engineering. Continue Reading >
Trust Your Sparring Partner
“I am the wisest man alive, for I know one thing, and that is that I know nothing.” ― Plato, The Republic Good martial arts instructors teach that in order to be prepared for a fight you must have your flaws exposed in practice. This requires that you step out of your comfort zone and invite vulnerability with high quality, trusted sparring partners so that you experience loss in a constructive manner. It is more important to know what you do not do well as opposed to “win” every time. Like a trusted sparring partner, a good penetration tester can help you uncover […] Continue Reading >