Social
Engineering

Know the risks. Stay protected.

Social engineering can be used as part of an exhaustive and complete penetration test, or by itself to help train your employees about your security protocols. TSG can use techniques that include deception by way of Vishing and Phishing.

 

Vishing

Our simulated attack will begin by finding individuals or groups willing to divulge information that could lead to a malicious attack. A common scene used by attackers is to simply call the IT help desk and ask for a new account to be set up. This act could give a black hat hacker instant access to your most valuable data.

 

Phishing or Spear Phishing

This attack will begin with our "attacker" disguising as a credible source requesting information from the entire workforce. The user may click on a unsuspecting URL, or open an attachment that gets our attacker in your network. Spear phishing is a similar attack method, but targets specific personnel with pertinent information to appear more convincing.

 

If these two attacks fail, our attacker will present false identities to see if we can gain access to your secure systems and the entire facilities in order to get valuable information.

 

TSG will work with your business to test the end user's security awareness in order to decrease the likelihood and risk of human attacks. Our tests will help you evaluate your organizations susceptibility to these types of attacks. TSG will only use approved and safe tactics to target employees. The intent is to improve your company's security understanding and create a solid base of employee involvement.

 

We will only divulge security lapses to your security team by identifying users that click phishing attempts. TSG will present an assessment and final presentation to let you know the exploitation steps taken, identify exposures, identify what data could be accesses with the waged attacks, and give you remediation recommendations to firmly secure these vital areas.