Social Engineering
Social engineering is a process by which an attacker attempts to convince or trick target personnel into divulging sensitive information or granting the attacker with otherwise unauthorized access and is one of the most effective and successful ways to compromise a target environment. As such, social engineering should be considered as part of any penetration testing initiative.
We will perform social engineering of personnel to determine the likelihood that an attacker would be able to compromise a clients environment or gain access to sensitive information using these techniques. This social engineering may include:
- Phone calls to Client personnel
- Emails sent to Client personnel
- On site visits and face to face conversations with client personnel
When targeting end users, we will utilize these social engineering techniques to entice end users into providing us access to their computer. This is often done by getting the user to execute a program, enter a URL or click on a provided link. If successful, these actions can provide us with access to the target device.