×

Veracity | SOCIAL ENGINEERING

All companies and establishments possess data that, if made public or modified without permission, would have a negative impact on the organisation. What we’ve seen is that people who handle and use such data are often not aware of the misleading techniques they can fall victim to, nor of the fact that even seemingly unimportant pieces of information given to an attacker can significantly contribute to a successful attack against the organisation.


WHAT IS SOCIAL ENGINEERING SERVICES?


Social engineering testing Have you ever come across an email sounding real, maybe from a relative offering you a large sum of money? Perhaps a prince sharing his wealth with the world? These famous social engineering attacks have become common and are filtered by modern spam filters. Even if they do escape and manage to reach your inbox, it would not be tough for you to identify the fraud.

 

Social engineering attacks 2017 is all about spear-phishing, a more aggressive form of phishing that is well researched, targets specific groups of people, and is designed to sound legitimate to win your trust until you are ready to give them anything you need. Would your organisation as a whole be prepared to identify these emails before they cause damage?

 

Social Engineering Services will consistently address awareness and education on the latest trends in phishing through repeatable processes that will ensure employees tag, report, and avoid opening malicious emails. PHaaS programmes in phishing training decrease malware-related issues, adware, drive-by downloads, and laptop re-imaging, all while protecting precious company secrets and assets.


SOCIAL ENGINEERING  SERVICES – PREVENTION



Scope Outline

Social engineer training will include grouping your employees into categories that provide in-depth analysis, say department-wise. Phishing test tools will help recognise the nature of the threat to their organisation as a whole as well as to individual employees.

Phishing Test

A phishing website and a phishing email account will be created. Through the employee analysis, a target-oriented phishing email will be sent out that links to the test website. There will be all forms of material to obtain information, like questionnaires, usernames, passwords, etc. Through this exercise, we can deduce how many employees click to see the website and will be potential victims.

Social Engineering Testing Tools

Social engineering testing software PhishMe (using.csv files) will analyse employee behaviour at every level of the process so you can know all the employee concerns and escalation during the testing. PhishMe pricing may justify the incredible data analysis with easy-to-use modules.

Employee Education

Providing statistics to the employees gives insights into the impact of an attack. The exercises can be continued with different gamification techniques, e-learning modules, seminars, or workshops to track and measure the success of the programme.

Repeat the Process 

The repetition of the entire cycle periodically prepares the organisation to spot a malicious email almost immediately. This will turn your employees into the strongest defence against phishing. Although there are several free phishing simulation tools and phishing test sites available, employing credible creators will ensure confidentiality and provide practical solutions for the long run.



SOCIAL ENGINEERING AS A  SERVICE & BENEFITS IN INDIA

Social Engineering services in India

Social engineering as a service in India is provided by only a few organizations. Indian Cyber Security Solutions is one of them and is also regarded as the best service provider by the clients, as the methods and methods used by the professionals of ICSS for providing these services make them stand apart from the other organizations. The professional corporate services provided by ICSS strengthen the security posture of both organisations and individuals. Apart from all these, the mutual relationship that gets established between a satisfied client and the team remains intact forever.

Benefits

✓ After we have formed a picture of the maturity of the company’s security through our social engineering audit, we make suggestions regarding improvement steps and their priority.

✓ Via a combination of our service elements, we can not only assess security awareness at your company and increase it to a pleasing level, but we can also help you keep it at a sufficient degree.

✓ Our services help your enterprise significantly decrease the possibility of data theft and appropriation of pieces of information stored on data carriers.

✓ Our training programme delivers to each group at your company helpful and relevant information on security awareness.



OUR  METHODOLOGY:


Similar to technical assessments, Rhino Security Labs utilises a structured series of steps in a social engineering assessment for structured, repeatable assessments. This step-by-step format ensures consistency in key areas while providing flexibility in the specific context and scenarios created. This customization helps ensure a successful, effective engagement.


  • 1 – Information Gathering

    Reconnaissance is the start of any social engineering assessment. While often neglected in many commercial services, information gathering is a critical phase and often determines the success of the rest of the social engineering campaign.
  • 2 – Reporting and Debrief

    After completing the social engineering assessment and aggregating the results, the social engineering report is written, outlining both an executive summary and specific engagement details. Remediation steps and training guidance are also provided, directing the client to resolve the training and policy issues identified.
    Once the client’s team has reviewed the closeout report, a debrief meeting is scheduled to walk through the details and answer any questions.
  • 3 – Engage Targets

    Using the specified tactics and pretext, Rhino Security Labs’ assessors begin engaging specified employees with the appropriate emails or phone calls. For on-site assessments, a series of tests are started, including tailgating users and ‘baiting’ with USB drives left in parking lots or other common areas. For advanced engagements, which can incorporate social media or SMS to build rapport, the first of multiple interaction stages begins.

4 – Create Pretext Scenarios and Payloads

Once the full enumeration of the client organisation and its employees has been completed, focus turns to the pretext scenarios and payloads for the social engineers.
These details should answer the following questions:

  • Pretext scenarios: Which will raise interest or reduce concern?
  • Source information: Which domains or phone numbers are needed?
  • Validity: What else can be done to improve pretext legitimacy?
  • Payloads: What’s the target information or access to obtain?
  • 5 – (Optional) Employee Education

    As an optional addition to the standard assessment, Rhino Security Labs provides user training sessions for client employees. Whether hosted in a recorded online webinar or an in-house training session, provide quality security awareness training by the same experts who performed the original engagement!


Have Query ?

×

Notice!!

The cyber security attack that started last Friday has dominated the headlines around the world. This reflects the power and reach of the latest mutation of malware spread around a connected world. Unfortunately, the recent ransomware outbreak may be the first of a new strain that we will see terrorising any computer connected to the internet.