Why would an attacker spend time using high tech tools trying to crack your IT administrator's password when he or she could simply ask for it?
Social engineering is a term that describes a non-technical attack that relies on human interaction and often involves tricking people into breaking normal security procedures. A social engineer uses persuasive and deceptive tactics to exploit human - rather than technical - vulnerabilities to gain access to your information systems. This test is an excellent way to assess your policies, procedures and training to defend against such threats, or to lay the foundation for creating an effective security awareness program.
True employs innovative techniques to determine the set of activities appropriate for your organization. Common tactics include:
- Sending a seemingly legitimate/authentic email to a group of your employees requesting their response with a piece of information (phishing e-mail). Will the recipients reply with their password if they think the email is from your IT administrator?
- Attempting to gain unauthorized physical access to your office space. Once inside, we will search trash cans (dumpster diving) and unattended desks for company information, peer of unknowing employees shoulders to obtain access codes (shoulder surfing). Will our presence go unnoticed?
Upon completion, you will receive a report detailing all testing activities, the results, and specific recommendations for moving forward.
