Are you expecting a Door Dash delivery, an office equipment technician, a vending machine supplier, an office supply delivery, or pest control? Do your employees wear corporate logo apparel to promote your brand? If so, your company may be at risk of a physical security breach. By simply “looking the part” and/or having the correct papers/credentials in order, a threat actor could pose as an employee, or impersonate a known company vendor and physically infiltrate your building.
Looking the part is all it took for a criminal to infiltrate a Walmart Supercenter in Picayune, Mississippi on June 27, 2023. The Miami Herald reports that a man, wearing a Walmart employee uniform disabled a fire exit, setting the stage for him to return to the store during the night. Security camera footage reveals that for seven hours he removed thousands of dollars in merchandise from the store undisturbed.
Test. Educate. Protect.
You may find it hard to believe that someone could simply disguise themselves as a Walmart worker and get away with stealing thousands of dollars in merchandise. However, that is exactly what happened. It’s actually quite easy to impersonate a Walmart employee. A quick internet search and you will find Walmart employee logo apparel for sale on sites such as eBay and Poshmark, demonstrating the real threat an impersonation attack poses to enterprises. To meet this threat, Social-Engineer provides security assessment services. We deploy professionally trained social engineers for onsite impersonation testing of vendor/visitor access policies and your physical perimeter security. We offer this service for either day or night testing. This is a full-scope program with multiple layers which may include badge cloning, credential harvesting, and network control. Are you curious how our expert social engineers prepare for and execute an onsite security assessment? Listed below are two insightful behind-the-scenes experiences from our expert social engineers.
Chris Hadnagy, CEO for Social-Engineer, and Chief Operating Officer, Ryan MacDougall, pose as pest control technicians – Social-Engineer Podcast Episode 184
Curt Klump, Human Risk Analyst for Social-Engineer poses as a GPS clock field technician – Breaking In for NOOBZ!: Social Engineering Onsite Infiltration
Protect your organization in 2023 by implementing security assessments to test commonly used social engineering attacks such as impersonation. Stay one step ahead of the criminals by educating and regularly testing your employees for possible physical security vulnerabilities.