Social Engineering
In a social engineering attack, the perpetrator exploits the human vulnerability through virtual or physical manipulation techniques. With our Social Engineering Assessment, we help you raise employee awareness and improve your IT security. Every one of us has had a phone call or an e-mail that seemed strange. Sensitive data such as account information or passwords were requested. This is exactly the target of so-called social engineering.
Targeted Manipulation of People
A Social Engineering Attack often Marks the Beginning of a Hacking Attack
That makes social engineering dangerous. Conversely, it also means that if you succeed in preventing social engineering attacks, many attacks on your company will be ineffective.
- Physical Security
For example, the attacker gains access to a building via social engineering, where he then has further opportunities to attack the system.
- Attack Vectors
He writes a phishing email in order to obtain a password and thus secure initial access rights.
- Phishing Mail
More than 75% of all social engineering attacks start with a phishing email. Only a fraction of existing exploits exploit a purely technical vulnerability.
- Malware
In contrast, 97% of malware attacks the user with social engineering techniques.
Certificates
Understand and Fend off the Attacker
Recognize and Fend off Social Engineering Methods
There is now a whole range of social engineering methods. For most employees, however, IT security is just an abstract concept that has no connection to your reality. In our social engineering assessment, we train you and your staff specifically on the attackers' approach so that you can recognize and fend them off in an emergency.
Methodology
Different Bethods of the Attackers
Every one of us has had a call or an email that seemed strange. Sensitive data such as account information or passwords were requested. This is exactly what so-called social engineering is aimed at. Perpetrators try to manipulate the human behavior of victims through trust and authority in order to get the desired information to implement their criminal intentions. Often, malware is also introduced into the systems via phishing e-mails.
- Pretexting
- Pretexting involves making up stories to gain the trust of victims. For example, these could be subject lines asking for help or planning surprises for the workforce. Employees are also called and asked for help, for example by the supposed system administrator who needs access and to solve fictitious problems. Often a great effort is made, own email addresses or websites are created for this purpose to verify the "authenticity".
- Email Spear Phishing
- Spear fishing is a targeted attack on individuals or companies. The mail address may look trustworthy and is often known to the employees. It may be another company or an acquaintance. However, on closer inspection, the mail addresses differ slightly.
- CEO Fraud
- This method aims to make the employee believe that the mail comes from a superior with a request for immediate disclosure of important data. Due to the supposed authority of the sender, victims often bypass security protocols.
Building Security
Physical Bethod
The global economy suffers billions of dollars in damage every year from social engineering attacks. Nevertheless, social engineering is an underestimated danger. Unlike a gap in the code, it is hard to grasp and at the same time represents the company's last line of defense. Nevertheless, the concrete consequences for your company can be serious, as passwords or critical information fall into the wrong hands.
- Tailgating
- Some perpetrators pretend to be a supplier, a building cleaner or a new employee in order to penetrate protected areas of the company. Pretexting or a phishing email is often used in advance to gain trust.
- Media Dropping
- This is a combination of virtual and physical methods. For example, tailgating is used to place a USB stick infected with spyware or malware in a conspicuous place. A suitable label is supposed to arouse the employee's curiosity to open the USB stick and thus smuggle the software into the system.
Added Value
Advantages of the Social Engineering Assessment
There is no software, no update and no device against social engineering. If you want to protect your company effectively against social engineering attacks, you need to train all employees regularly. This applies to the entire workforce: even if an employee only has simple access rights to certain systems - this gateway could be enough for an attacker to launch further deeper attacks. Every employee is a potential weak point, but hardly any employees have adequate security awareness. For most employees, IT security is just an abstract concept that has no connection to your reality. That's why they have a hard time recognizing and defending against social engineering attacks in an emergency.
Range of Services for Cyber Security
Further useful Services within the Scope of an IT Security Audit
- Penetration Test
- Penetration tests are simulated attacks from external or internal sources to determine the security of web applications, apps, networks, and infrastructures and uncover any vulnerabilities.
- Cloud Security
- Due to the increasing complexity of cloud infrastructures, many services are misconfigured. We help you identify and eliminate misconfigurations and their effects.
- Phishing Simulation
- A spear phishing simulation is used to increase the detection ability of employees. We help you to sensitize your employees and thus strengthen the last barrier.
- Static Code Analysis
- Static code analysis, also known as source code analysis, is typically performed as part of a code review and takes place during the implementation phase of a Security Development Lifecycle (SDL).
Current information
Recent Blog Articles
Our employees regularly publish articles on the subject of IT security
Contact
Curious? Convinced? Interested?
Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: