social engineering in corporation

Social Engineering Testing

Real-world attack simulations against your first line of defence

Request a Quote

Social Engineering Testing

Over 30% of all hacks resulting in data breaches in the last year included some sort of social engineering attack such as phishing or telephone pretexting. Why? Because it works. Social engineering is a reliable and proven technique for by-passing technical security controls and obtaining unauthorised access to systems and information. System end-users are the weakest link. And yet, most companies focus solely on testing the effectiveness of the security hardware and software controls they’ve implemented on their systems to reduce the risk of unauthorised access. A hacker will follow the path of least resistance for gaining unauthorised access. Why bother hacking a firewall when they can pick up a telephone and trick an end-user into revealing their login credentials? If you have not already undertaken social engineering security testing, the question is why not? Risk Crew’s testing is scoped to meet your specific business or compliance requirements and we issue “Testing Certificates” to enable your business to produce evidence of compliance if required.

Risk Crew Deliverables

Risk Crew’s service provides a comprehensive report that details security vulnerabilities identified and specific actions for remediation, a courtesy workshop and on-call assistance.

Detailed Report

The report details specific vulnerabilities identified on the platform, how they were identified, methods and tools used to identify them and visual evidence if applicable. The report shall indicate a security vulnerability risk rating for risk reduction references.

Courtesy Workshop

The report is presented in a workshop with applicable business stakeholders to ensure their understanding of the findings and the risks associated with hosting the business information assets on the platform.

On-call Advice Assistance

We provide advice and assistance for 30 days following the report submittal and answer any questions that arise from implementing remedial actions and ensuring risk reduction.

Complimentary Retesting

We offer retesting to verify remedial actions were effective. Upon completion, we’ll provide you a summary report verifying remedial measures have been implemented.

Customer Promise

Risk Crew provides an unparalleled penetration testing solution covered by a 100% satisfaction guarantee.

Social Engineering Testing Benefits

Risk Crew has been designing and successfully implementing simulated social engineering attacks against companies in virtually every business sector for well over 15 years. Social engineering is not a science – it’s an art.

Risk Crew is staffed with social engineering artists. Each project is customised in terms of the time scale and objectives of the testing, and our consultants follow a stringent methodology for all engagements, ensuring all objectives are met within the agreed time and budget.

Some of the benefits of conducting Social Engineering penetration testing include:

✓Benchmarks the security awareness level of your end-users.

✓Identifies weaknesses in operational and business processes which could be exploited for unauthorised access.

✓Spotlights vulnerabilities you have overlooked.

✓Provides invaluable insight into the genuine level of security your information security risk management programme provides.

Why Choose Risk Crew

Our experienced security engineers implement detailed Social Engineering Testing methodologies, ensuring they can effectively assess your businesses capabilities to detect and mitigate attacks against your business systems. All engineers are thoroughly vetted and subject to in-depth professional, criminal and credit records checks.

When you choose Risk Crew, you’re electing to work with qualified experts.

Best Practice

Risk Crew follows best practices including OWASP and NIST

Accredited

Engineers carry CREST, C√SS, C│EH and GIAC credentials

Certified

Engineers hold ISACA CISSP, CISM and CRISC certifications

Subject Matter Experts

Risk Crew engineers are SMEs with published articles in industry journals & magazines

Help prevent Social Engineering attacks. Let Risk Crew’s artists identify vulnerabilities within your staff’s security awareness and day-to-day compliance to policies & procedures.

Contact Us

Frequently Asked Questions

How does Social Engineering work?
A social engineering attack relies on the manipulation of human behaviour. A person’s personality, good nature, beliefs, education, professional status or social etiquette can often easily be exploited, and they can be tricked into doing something that is in a hacker’s interests. This is how easily social engineering works and why it’s so dangerous. By and large, all social engineering attacks attempt to exploit one (or more) of the following four common human emotions:
  • Helpfulness: Our innate willingness to want to help others.
  • Obedience: Our inclination to comply with the law, a direct request or order from someone in a perceived position of authority.
  • Fear: An unpleasant emotion that is caused by the idea that something or someone can cause us harm.
  • Greed: A selfish desire for personal gain.
Social engineering requires nothing more than a basic understanding of simple behavioural psychology principles and some good acting skills.
What are typical social engineering attacks?
Successful social engineering attacks are delivered in contexts designed to exploit these human weaknesses. Typical social engineering attacks include scenarios such as:
  • Pretexting: Masquerading as someone else
  • Baiting: Enticing the victim with promises of something of value
  • Blackmailing: Threatening to reveal something that the target wishes to be kept secret
  • Offering Quid Pro Quo: Promising something to the victim in exchange for the victim’s help
Social engineers use their knowledge of how people think in a variety of ways. By targeting the human element, they increase their probability of a successful attack by bypassing defences designed to protect against “conventional” hacking.
Do most hacks include Social Engineering?
Yes. In general, any attack that relies on the participation of a system end-user usually involves some sort of social engineering aspect. Injecting malicious code that would allow unauthorized access, for instance, is usually done through “phishing”.
How do you defend against Social Engineering?
The best defence against social engineering attacks is to educate your end-users. Users must be made aware of the threat and the methodology. Social engineering attacks are designed to exploit the weaknesses in the way users think. All social engineering attacks boil down to trying to get someone to do something that they should not do or allow. They must be educated to question requests from unknown sources. The top 3 best practices to include in your user awareness training are to:
  1. Verify that the person is who they claim.
  2. Verify that the person is a current employee or has a need-to-know relationship with the company.
  3. Verify that the person is authorised to make a request.