Social Engineering

Social Engineering can be used as a one-time test of the effectiveness of your broader security awareness campaign, or to help win over support for new training programs.

Social Engineering can be used as one-time test of the effectiveness of your broader security awareness campaign. It will also help win over support for new training programs.

Social Engineering is a technique used to trick the victims into leaking sensitive and confidential information that can be used in a criminal activity. Most often the targeted information is credit card and banking information, followed by social security numbers and passwords. The attacker may use various methods like e-mails, voice messages, or even in person visits masquerading as a legitimate, trusted source.

Tactics can include simply walking in the front door behind someone possessing a valid badge (also known as tail-gating), or dropping portable USB drives in the parking lot and waiting for an unsuspecting employee to plug them into their work computer.

Social engineering methods are limited only by the creativity of the person or persons perpetrating them. Whatever form social engineering takes, businesses and organizations are largely unprepared for how to effectively counter these attempts across their workforce. Getting employees’ attention and commitment to vigilance can be difficult without proving how easy those employees can be exploited.

CyberShield is designed to test your organization’s employee’s adherence to the security policies and practices.

PreTexting

The practice of presenting oneself as someone else in order to obtain private information. It is more than just creating a lie, in some cases it can be creating a whole new identity. Then using that identity to manipulate the target in leaking personal sensitive information.
CyberShield - Pretexting
CyberShield - Prevent Phishing

Phishing

The act of sending an email to a user falsely claiming to be an established legitimate enterprise. An attempt to scam the user into surrendering sensitive information.

Vishing

Also known as “VoIP phishing,” is the voice counterpart of phishing. Instead of attempting to gain access to confidential and sensitive information from the target via email, the attacker does this over a telephonic conversation. The objective behind such attacks is usually financial fraud and stealing your credit
CyberShield - Prevent Vishing
CyberShield Baiting

Baiting

The attacker will try to persuade the victim into using a device (such as a USB). Hackers may label it with attention-grabber words and placing this device in a location where it is sure to be found.