Social Engineering

In a social engineering attack, the perpetrator exploits the human vulnerability through virtual or physical manipulation techniques. With our Social Engineering Assessment, we help you raise employee awareness and improve your IT security. Every one of us has had a phone call or an e-mail that seemed strange. Sensitive data such as account information or passwords were requested. This is exactly the target of so-called social engineering.

Targeted Manipulation of People

A Social Engineering Attack often Marks the Beginning of a Hacking Attack

That makes social engineering dangerous. Conversely, it also means that if you succeed in preventing social engineering attacks, many attacks on your company will be ineffective.

Physical Security

For example, the attacker gains access to a building via social engineering, where he then has further opportunities to attack the system.

Attack Vectors

He writes a phishing email in order to obtain a password and thus secure initial access rights.

Phishing Mail

More than 75% of all social engineering attacks start with a phishing email. Only a fraction of existing exploits exploit a purely technical vulnerability.

Malware

In contrast, 97% of malware attacks the user with social engineering techniques.

Industries

Understand and Fend off the Attacker

Recognize and Fend off Social Engineering Methods

There is now a whole range of social engineering methods. For most employees, however, IT security is just an abstract concept that has no connection to your reality. In our social engineering assessment, we train you and your staff specifically on the attackers' approach so that you can recognize and fend them off in an emergency.

Methodology

Different Bethods of the Attackers

Every one of us has had a call or an email that seemed strange. Sensitive data such as account information or passwords were requested. This is exactly what so-called social engineering is aimed at. Perpetrators try to manipulate the human behavior of victims through trust and authority in order to get the desired information to implement their criminal intentions. Often, malware is also introduced into the systems via phishing e-mails.

Pretexting
Pretexting involves making up stories to gain the trust of victims. For example, these could be subject lines asking for help or planning surprises for the workforce. Employees are also called and asked for help, for example by the supposed system administrator who needs access and to solve fictitious problems. Often a great effort is made, own email addresses or websites are created for this purpose to verify the "authenticity".
Email Spear Phishing
Spear fishing is a targeted attack on individuals or companies. The mail address may look trustworthy and is often known to the employees. It may be another company or an acquaintance. However, on closer inspection, the mail addresses differ slightly.
CEO Fraud
This method aims to make the employee believe that the mail comes from a superior with a request for immediate disclosure of important data. Due to the supposed authority of the sender, victims often bypass security protocols.

Building Security

Physical Bethod

The global economy suffers billions of dollars in damage every year from social engineering attacks. Nevertheless, social engineering is an underestimated danger. Unlike a gap in the code, it is hard to grasp and at the same time represents the company's last line of defense. Nevertheless, the concrete consequences for your company can be serious, as passwords or critical information fall into the wrong hands.

Tailgating
Some perpetrators pretend to be a supplier, a building cleaner or a new employee in order to penetrate protected areas of the company. Pretexting or a phishing email is often used in advance to gain trust.
Media Dropping
This is a combination of virtual and physical methods. For example, tailgating is used to place a USB stick infected with spyware or malware in a conspicuous place. A suitable label is supposed to arouse the employee's curiosity to open the USB stick and thus smuggle the software into the system.

Added Value

Advantages of the Social Engineering Assessment

There is no software, no update and no device against social engineering. If you want to protect your company effectively against social engineering attacks, you need to train all employees regularly. This applies to the entire workforce: even if an employee only has simple access rights to certain systems - this gateway could be enough for an attacker to launch further deeper attacks. Every employee is a potential weak point, but hardly any employees have adequate security awareness. For most employees, IT security is just an abstract concept that has no connection to your reality. That's why they have a hard time recognizing and defending against social engineering attacks in an emergency.

Current information

Recent Blog Articles

Our employees regularly publish articles on the subject of IT security

Contact

Curious? Convinced? Interested?

Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: