Phishing HookSocial Engineering

May be employed as part of a Penetration Test or Cybersecurity Awareness Training

Phishing – using specially crafted email, we will attempt to fool the recipients into clicking on a link or opening an attachment, and part with some personal information.  This is a way to discover how susceptible your employees are to this form of attack.  Since phishing represents over 90% of all approaches made by cyber-attackers, this information will allow you to quantify the risk this method poses in your organization.

Baiting – Baiting is accomplished by leaving flash drives of CD media out for people to pick up and “adopt” as their own.  They come preloaded with software that alerts the tester when they are used.  Baiting is a favored method of gaining network access in facilities where systems are “air-gapped” or not connected to the Internet, such as SCADA systems.

Tailgating – Gaining unauthorized access to a secure facility by following a badged employee in the door.  Unauthorized access attempts may also include posing as a service tech or vendor in an effort to gain access to the server room or networking closet.

– Using the telephone to trick the employee into revealing personal information, passwords, or other internal company information.