Social Engineering

Your organization’s security controls, policies, and procedures are only as strong as the people implementing and following them.

Home » Services » Social Engineering

Services category: Cyber Security

Social Engineering

Social Engineering is a nontechnical type of intrusion that relies on human interaction with the purpose of tricking others into breaking established security procedures.

The basic goals of Social Engineering within an engagement are:

  1. To attempt to gain unauthorized access to locations, critical systems, or information assets in an attempt to compromise the confidentiality, integrity, and availability of all systems, and
  2. To attempt to disrupt the normal operations of the business.

Share this content

Social Engineering provides you with the information it needs to:

  • Remediate physical and electronic vulnerabilities that put your data, employees, and company at risk
  • Focus security awareness training programs on the areas and technologies that pose the greatest risk or validate the effectiveness of an existing training program
  • Limit the growing risk of CryptoLocker and Ransomware
  • Strengthen policies, procedures, and controls to reduce future risks
  • Provide assurance to management and executives that its users are aware of cyber security risks

Elevate performs the following social engineering exercises:

Email Phishing Social Engineering

Elevate develops customized emails and sends them to individuals and groups within your organization in order to attempt to entice the users to click on an external link that will either attempt to gather sensitive information or deliver a malicious payload onto their desktop, laptop, or server. Elevate works with our clients to plan, develop, and execute this exercise according to your goals and requirements.

Vishing Social Engineering (Telephone Hacking)

Elevate conducts a reconnaissance phase to identify trusted individuals, usually Information Technology personnel, with the purpose of collecting sensitive information over the phone about other individuals working for you. Elevate will collect information using social sites, such as LinkedIn, Facebook, etc., to select the targets for the Vishing exercise. The information collected during the Vishing exercise is used during the “Onsite Impersonation” phase of the social engineering engagement.

Onsite Impersonation Social Engineering

The information collected during the Vishing exercise, as well as any other information obtained during the email phishing test, is used to impersonate an employee, vendors, etc.

Elevate conducts intense reconnaissance into the target in scope by observing foot traffic and common dress style in the environment, noting security guard rotations, checking for any 3rd party suppliers, etc. Through the surveying and analysis of the target’s environment, the Social Engineer would then select the best approach to blend in with the environment and create an elaborate pretext to be able to infiltrate the facilities and premises. Many of these scenarios involve different costumes and attire and creating fake aliases and fake profiles, to attempt to convince the targeted employees.

Once access to the client’s facilities has been obtained, the next step will be to try to get access to critical systems and applications hosting sensitive data. The final phase is the exfiltration of data from the onsite facilities (Elevate will not execute the process of data exfiltration, but it will demonstrate the opportunity to do so by taking pictures, and/or other evidence that this has taken place.)

Good to know: Through our detailed and precise process, Elevate has been extremely successful in accessing clients’ offices and data centers.

CONTACT

>> This service article was last update on August 5, 2022
Contact Elevate today to learn more about Social Engineering

Elevate // +1 (888) 601-5351 // Monday to Friday 9am-6pm