Social Engineering is the art of manipulating people to give up confidential information. Stratejm’s Social Engineering Security Assessment utilizes the below social engineering attacks to obtain a true view of existing vulnerabilities and threats:
Phishing: Phishing employs the use of email messages, websites, and phone calls that are designed to steal credentials or launch a malicious cyber-attack. Adversaries aim to compromise trusted users by obtaining their private credentials (i.e. password and login information) or through installing malware on the corporate system or network.
Baiting: Baiting mimics the Trojan Horse tale to get inside the walls of an organization unsuspectingly. In this attack, the adversary leaves a malware infected floppy disk, CD-ROM, or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and enticing labels (i.e. Payroll) and simply waits for the victim to use the device.
Quid Pro Quo: Quid Pro Quo means like for like. The Adversary calls random employees at a company, claiming to be calling back from technical support. Eventually the Adversary will hit someone with a legitimate problem and have the user type commands that provide access or the ability to covertly launch malware.
Best Suited For: Any organization who takes security seriously. Social Engineering seeks to exploit an organizations weakest link: its people.