Social Engineering Testing

Cyber Security / Social Engineering Testing

DON'T LEAVE ANYTHING TO CHANCE

Social Engineering allows organisations to test the response to an active attack and measure the effectiveness of the Information Security Awareness of their employees.

During the Social Engineering Testing, FlatWorldWorks' team members create scenarios which attempt to manipulate and test an organisation’s employees and infrastructure to permit unauthorised or access to confidential information. This provides the opportunity for an organisation to test it's Information Security Policy and their employees’ adherence to that policy.

By hiring FlatWorldWorks to perform this test, your organisation can identify failure points and train its staff in order to prevent an actual breach that could potentially devastate a business. FlatWorldWorks has designed techniques that can be performed both onsite and remotely.

Flatworldworks tests for the following vulnerabilities:

  • Proper Disposal of Sensitive Data
  • Privacy Policy Awareness and Implementation
  • Institution Policy Adherence
  • Violation Reporting
  • Access Privileges
  • Sensitive Area Security
  • Device/System Compromise
  • Technical Preventive and Detective Control

The onsite engagement techniques typically include:

  • Dumpster diving
  • “Trusted Authority” disguises, such as fire inspectors, air conditioning repairman, pest control man, etc.
  • Employee Impersonation (IT HelpDesk, New Hire and Auditor)

The remote engagement techniques typically include:

  • Pretext Calling (e.g Employees and Help Desk Teams)
  • Phishing
  • Email based (Attempting to get employees to login to organisation branded portals)
  • Physical honeypots (CD's & USB Keys - This uses items planted to lure employees to run payloads