Social Engineering Testing

Australia Wide. Experts in Cyber Security

What is Social Engineering Testing?

One of the most successful methods spies and criminals use to gain access to a company is social engineering. Social Engineering Testing is a part of penetration testing that aims to identify and validate weaknesses associated with your staff’s ability to abide by detailed policies and methods. An attack is usually carried out by someone who intentionally influences a staff member’s judgement or general interest.

How we can help

Advances in computer and information security have made it increasingly difficult to hack into an organisation. Network defences, encryption and detection systems have forced cyber attackers to find easy targets. These targets are usually staff who may unknowingly divulge sensitive information. This could be at a social gathering, or by placing a USB drive that they found with their company branding on it into their computer thus infecting it with a Trojan.

Common methods social engineers use are:
  • Baiting – whereby the attacker leaves an infected peripheral such as a USB memory stick in a common staff area in the hope a staff member inserts it into their computer or hands it to the IT department.
  • Tailgating – whereby an attacker follows another staff member into a secure area before the door has closed.
  • Phishing – whereby an assailant sends an email masked as another staff member or a genuine source and directs the staff member to open the infected file or follow a link.
  • Pretexting – whereby the attacker persuades a staff member to hand over restricted material by mimicking someone else.