Skip to main content

Social Engineering Security Assessment

Social Engineering is the art of manipulating people to give up confidential information. Stratejm’s Social Engineering Security Assessment utilizes the below social engineering attacks to obtain a true view of existing vulnerabilities and threats:

Phishing: Phishing employs the use of email messages, websites, and phone calls that are designed to steal credentials or launch a malicious cyber-attack. Adversaries aim to compromise trusted users by obtaining their private credentials (i.e. password and login information) or through installing malware on the corporate system or network.

Baiting: Baiting mimics the Trojan Horse tale to get inside the walls of an organization unsuspectingly. In this attack, the adversary leaves a malware infected floppy disk, CD-ROM, or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and enticing labels (i.e. Payroll) and simply waits for the victim to use the device.

Quid Pro Quo: Quid Pro Quo means like for like. The Adversary calls random employees at a company, claiming to be calling back from technical support. Eventually the Adversary will hit someone with a legitimate problem and have the user type commands that provide access or the ability to covertly launch malware.

Best Suited For: Any organization who takes security seriously. Social Engineering seeks to exploit an organizations weakest link: its people.

If you have a question or wish to learn more about Stratejm’s Social Engineering Security Assessment we encourage you to contact us:

Telephone: 888.876.0504