Social Engineering Assessment Services

What is Social Engineering?

It is combination of psychological, and physical techniques that trick a user into breaking security procedures.

The techniques include:

Phishing happens when an attacker introduce himself as a trustworthy source, and sends an email requesting that demand an action from a user (ex: user clicks a URL, or opens an attachment) and takes confidential information. Spear-Phishing is similar, but the attacker targets exact individuals and includes relevant information to appear even more substantial.
Vishing  malicious attackers will try to call numerous individuals or groups to gather information about a target or in order to affect an action. For example, a common scenario would involve a hacker calling a help-desk to request that a new account be created.
Impersonation Pretexting often involves a scam where the liar pretends to need information in order to confirm the identity of the person he is talking to. After establishing trust with the targeted individual, the pretexter might ask a series of questions designed to gather key individual identifiers such as confirmation of the individual's social security number, mother's maiden name, place or date of birth or account number.

All of these techniques rely on the exploitation of humans. In order to minimize the probability and risk of a Social Engineering attack, Simenso will work with your organization to test end user Security Awareness of Social Engineering attacks.

Our approach

We test your organization’s susceptibility to Social Engineering trikes with safe, pre-approved, and authorized replication email-based attacks on targeted employees. The goal of the service is to help an organization understand and improve upon its present security posture.

The Social Engineering Assessment contains:
  • Assessment of security awareness by identifying users who click links
  • Designed phishing traps via emails and forms to flag data leakage risks
Reporting:
  • Summary of the identified exposures
  • Identification of accessed data
  • Recommendations of Remediation