OSINT Component
Our professional Social Engineers perform an Open Source Intelligence (OSINT) investigation on your company and/or high-value internal personnel. We collect data from publicly available sources. Such as social media platforms, public records, interest and hobby sites, as well as other online databases. Our goal is to find information that would enable an attacker to access your facilities, accounts, or other sensitive information. Knowledge regarding the vulnerability of your company helps prevent targeted attacks against your employees.
Impersonation Component
The on-site component to our SE Teaming Service tests your organization’s human network. Specifically, it tests their understanding of visitors and unknown personnel identification and access policies. During this component, we also test employees’ adherence to policies related to unknown or discovered USB keys and other media or network connected devices.
Our professional Social Engineers attempt to gain physical access to restricted areas of your company. Such as data centers, record storage areas, and/or offices. They may do this by posing as a trusted third-party partner. For example, they may pose as an employee, contractor, or person of authority. They may also pose as a completely unknown individual attempting unauthorized access.
Vishing Component
The Vishing component to our SE Teaming Service tests your organization’s human network for their understanding of policies relating to vishing attacks. Our professional Social Engineers attempt to elicit sensitive data over the phone. They try to influence employees to visit previously unknown websites, emulating potentially malicious sites to compromise user credentials or their workstations. They may do this by posing as a trusted third-party partner. For instance, they may pose as an employee, contractor, or person of authority. They may also pose as a completely unknown individual attempting access or asking for assistance.
Phishing Component
The Phishing component of our SE Teaming Service tests your organization’s human network for their understanding of policies relating to phishing attacks.
Our professional Social Engineers attempt to elicit sensitive data via email. They also try to influence employees to visit previously unknown websites, emulating potentially malicious sites to compromise credentials or their workstations. Using discovered OSINT data our professional social engineers craft custom phishing themes and messaging. They may pose as a trusted third-party partner such as an employee, contractor, or person of authority. Additionally, they may also pose as a completely unknown individual attempting access or asking for assistance.
SMiShing Component
Upon request, we can also include a SMiShing component to our SE Teaming Service test. This will test your organization’s human network for their understanding of policies relating to SMS attacks.
Summary of Assessment
Upon completion of the Social Engineering Teaming Service, we provide a comprehensive report, detailing the information discovered in the time allowed for testing. Stakeholders can see for themselves the information that is available online about themselves or their employees and company. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated attacks. This enables stakeholders to see the possible vulnerabilities in employee adherence to company policies as they relate to phishing, vishing, and impersonation attacks.