Social Engineering

System security breaches are often the result of sophisticated attacks from extremely competent hackers.  Recent attacks however indicate that more and more hackers are employing social engineering techniques to bypass system security features.

Social engineering is a technique to obtain access to a system through an authorised user of that system.  This is done by tricking the user to reveal their network authentication details to the hacker or to gain physical access to restricted areas or IT hosting facilities to compromise the targeted system.  It can be as simple as a fraudulent phone call professing to come from the IT department, a bogus email requesting a password reset or a more advanced attack such as setting up a “phishing” site or visiting your business pretending to be from a service company.

Risk Crew’s Social Engineering Testing Consultants experts are skilled at discovering and exploiting day-to-day operational weaknesses in business policies and procedures that could be exploited to gain access to restricted systems.  Our consultants can execute a customised and covert social engineering project designed to test the robustness of your security operations and employee security awareness level and provide cost-effective recommendations to prevent a real attack from succeeding.

Our portfolio of attacks include but are not limited to the following:

  • Pretexting
  • Phishing
  • Vendor scams
  • Typosquatting
  • Device covert placement
  • Malware piggybacking
  • Social media phishing
  • Whaling
  • Watering hole
  • Six degrees of separation
  • Vishing
  • SMSishing
  • Covert Physical security and access controls bypass
  • OSINT (Open-source Intelligence Gathering
  • CNI (Critical National Infrastructure) Cyber & Physical security testing
  • Full covert audio & video capturing

Each project is customised in terms of the time scale and objectives of the testing and our consultants follow a stringent methodology for all engagements, ensuring all objectives are met within the agreed time and budget.

Our experienced consultants hold CREST, C√SS, C│EH and GIAC credentials and many hold ISACA CISSP, CISM and CRISC certifications ensuring they consider and address your business objectives throughout the testing cycle.  All of our consultants are subject to full initial (and routine ongoing) background security checks.

Give us a call and tell us how we can help you.

For flat fee pricing structure and full service level agreements detailing service specifications, scope and deliverables for any of the above services or to place an order, contact Risk Crew.