Social Engineering

TrustedSec will execute Social-Engineering attacks on an organization’s target employees. Social-Engineering provides a baseline to the effectiveness of the education and awareness program and how well an organization can withstand a targeted social engineering attack. Social engineering attacks have been increasing in frequency, due to the ease of attack and the ability to circumvent a number of security controls to gain access to sensitive information. Attackers are finding it significantly easier to circumvent stringent perimeter defenses by targeting the organization’s user population.  TrustedSec performs a varying level of social-engineering attacks based on the maturity level of the organization which increases in sophistication as the information security program is enhanced.

With TrustedSec, you can:

  • Simulate advanced threat emulation with targeted attacks and test both education and awareness as well as technical controls from advanced attackers.
  • Evaluate the success of user education and awareness training.
  • Increase end-user information security awareness.
  • Evaluate the effectiveness of your IT security defenses and controls.
  • Improve training for defenders.
  • Supplement awareness training, required by PCI DSS, SOX, FISMA, HIPAA, etc.

Phishing attacks can include (but are not limited to):

Email Phishing

Emails sent to a large quantity of targets with the intent of tracking clicks and enticing the surrender of credentials.

Email Spear Phishing

Target a small group of users to coerce clicking an embedded link, surrendering network credentials, command and control, and executing malware via email.

Phone Phishing

Entice users to divulge sensitive corporate information, resetting users’ passwords, or further reinforcement of Email Spear Phishing via telephone calls.

Simple Messaging System (SMS) Phishing

Target a small group of users via SMS or text messaging to visit a malicious website, call an impersonated telephone number, etc.

Chat Platform Phishing

Attempt to connect to your federated Skype for Business and entice users to click links or launch other attacks via background processes.

On Site Phishing

Focus on attempting to gain physical access to intellectual property, sensitive information, and access to critical systems.

Featured Content

Why Penetration Testing Needs Continual Evolution: Going Purple


Talk with an Expert