Social Engineering Testing

Social engineering is an attacker’s manipulation of the natural human tendency to trust. The hacker’s goal is to obtain information that will allow them to gain unauthorized access to a valued system and the information that resides on that system or within that organization. Since security is all about trust, we at Foreground Security believe the user is the weakest link in the security chain. The natural human willingness to accept someone at his or her word leaves many of us vulnerable to attack. No matter how much technology is bought and deployed, you only reduce the threat so much ... and then it’s up to your users.

At Foreground Security a comprehensive social engineering test is based on current “real world” scenarios. All testing is accomplished in a way that there is no actual infringement or damage on your network, computers, or users and no permanent installation of damaging programs or affect to your environment.

We customize our “attacks” by providing you an ever-changing list of potential test scenarios that cover current threat vectors and allow you to choose the actual scenarios to test. Test scenarios include but are not limited to the following:

  • USB – USB drives containing a simulated malicious program that runs as soon as the drive is plugged into a user’s computer are delivered via mail and/or physically placed in strategic locations.
  • Email – A uniquely crafted email is sent to a set of users that attempts to gather information or install a malicious program by having them click on a link to a “fake” web page (such as a fake Outlook Web Access page) or open a program.
  • Phone – Spoofing and social engineering methods are used in an attempt to extract sensitive information from an agreed-upon set of users by phone.
  • Physical access – Attackers attempt to gain physical access to your site based on a general set of rules (such as the attacker being a contractor or guest) and then attempt to extract sensitive information from staff or secure areas.
  • Social Networking – Spoofing and social engineering methods are used in an attempt to extract sensitive information from an agreed-upon set of users through social networking sites (such as Facebook, LinkedIn, or Twitter).

As with all of our assessments, after we finish the testing we will provide you with a complete, detailed report regarding the policies that were tested and the results of each attempt.