Social Engineering
About
Unlocking the Human Firewall: Elevate Your Defense with Social Engineering Expertise
Social Engineering is a nontechnical type of intrusion that relies on human interaction with the purpose of tricking others into breaking established security procedures.
What Elevate Can Do For You
Email Phishing: Elevate develops customized emails and sends them to individuals and groups within your organization in order to attempt to entice the users to click on an external link that will either attempt to gather sensitive information or deliver a malicious payload onto their desktop, laptop, or server. Elevate works with our clients to plan, develop, and execute this exercise according to your goals and requirements.
Vishing: Elevate conducts a reconnaissance phase to identify trusted individuals, usually Information Technology personnel, with the purpose of collecting sensitive information over the phone about other individuals working for you. Elevate will collect information using social sites, such as LinkedIn, Facebook, etc., to select the targets for the Vishing exercise. The information collected during the Vishing exercise is used during the “Onsite Impersonation” phase of the social engineering engagement. Social Engineering is a nontechnical type of intrusion that relies on human interaction with the purpose of tricking others into breaking established security procedures.
On-site Impersonation: The information collected during the Vishing exercise, as well as any other information obtained during the email phishing test, is used to impersonate an employee, vendors, etc. Elevate conducts intense reconnaissance into the target in scope by observing foot traffic and common dress style in the environment, noting security guard rotations, checking for any 3rd party suppliers, etc. Through the surveying and analysis of the target’s environment, the Social Engineer would then select the best approach to blend in with the environment and create an elaborate pretext to be able to infiltrate the facilities and premises. Many of these scenarios involve different costumes and attire and creating fake aliases and fake profiles, to attempt to convince the targeted employees.
Once access to the client’s facilities has been obtained, the next step will be to try to get access to critical systems and applications hosting sensitive data. The final phase is the exfiltration of data from the onsite facilities (Elevate will not execute the process of data exfiltration, but it will demonstrate the opportunity to do so by taking pictures, and/or other evidence that this has taken place.)