Social engineering assessments icon

Social engineering assessments

Your best defensive strategy against social engineering is to raise employee security awareness and to educate on good practices.

A social engineering assessment can be used to direct your security training, create data handling guidelines, and security policies

Staff can be vulnerable

Staff can be vulnerable

Staff within your company can often be a vulnerable point within the system, whether they are users, system administrators, or technical security professionals. Claranet Cyber Security provides full social engineering attacks to establish whether we can get users to provide sensitive information. Our approach includes much more than simple phishing attacks. We also utilise "smishing" (sms phishing) and "vishing" (voice phishing) tools and information. Gaining access into the physical building, baiting individuals, and watering hole attacks are some of the other methods we use.

What next

What next

A social engineering assessment from Claranet Cyber Security allows you to see how susceptible your staff might be when presented with an attempt by an attacker to trick them. The result of a social engineering assessment can be used to direct training, create data handling guidelines, and to help formulate your security policies.

How we go about it

  • Scoping and planning

    Our security consultants will work with you to select the right activities and prepare the business for the engagement.

  • Information gathering

    Each activity has its own unique information requirements. For example, a phishing campaign needs email addresses, a calling operation needs a phone list. We use this to build an attack plan.

  • Develop the relationship

    Social engineering attacks work because they are effective in gaining trust. Each approach aims to build rapport with the target to make them susceptible to exploitation.

  • Exploit the target and execute

    Having gained the trust of the target, the social engineer will aim to influence the target to perform an action, resulting in the execution of the exploitation.

  • Reporting and follow-up

    Full reporting follows each exercise. Analysis will highlight trends in the way the targets responded and we provide a range of follow-up services to help with the mitigation of the discovered risks.

Typical social engineering engagements

Physical access

Physical entry

Attempting to gain unauthorised access to buildings

Phishing

Phishing campaigns

Phishing and spear phishing techniques to trick users via email

Baiting

Baiting

Tempting users into disruptive actions that threaten security

Impersonating

Impersonating

Impersonating members of staff to obtain information or access

Targeting

Watering hole attacks

Used to target members of a particular group

Dumpster diving

Dumpster diving

Your rubbish may lead to direct network compromise or provide leverage

Frequently Asked Questions

  • What is social engineering?

    Social engineering includes all attacks that aim to manipulate human behaviour to gain leverage or knowledge about a target.

  • Is social engineering just about phishing attacks?

    Attacks can be as simple as an indiscriminate phishing campaign or they can be highly complex multi-layered attacks harnessing both digital and physical techniques.

  • Why social engineering assessments?

    Social engineering assessments can help you to quickly identify where areas of vulnerability exist and direct where efforts should be focused to mitigate risks.

Our accreditations

Crest
Check
Cyber essentials
ISO 27001
CEH Accreditation
CCISO Accreditation
CISSP Accreditation
CRISC Accreditation
OSCE Accreditation
OSCP Accreditation