Social Engineering is the method of manipulating the weakest element in the cybersecurity chain: The person. Through smooth talking a social engineer is capable of persuading a person to either let them into a secured area he didn’t suppose to have access to, or to divulge confidential information. The social engineer generally works in (among others) a method like this:
- The social engineer creates a problem, then appears to solve it for the victim, the victim is thankful for the help and now owes the engineer a favor which he can later use to persuade the victim to do something he/she normally wouldn’t do (like mailing a phonebook or something to someone/somewhere it shouldn’t go to)
- The social engineer imitates a higher ranking person in a company and orders some employee to send money somewhere or create an account for someone etc. and applies pressure on the person to increase the odds of them complying.
- The most popular one has got to be the Microsoft Helpdesk randomly calling people to inform them their computer has been infected with a virus and they need help to remove it because Microsoft’s system said so. The unsuspecting victim then downloads a remote administration tool which gives the attacker access to their systems, in some cases people may be persuaded to get a subscription to said software. This is classic Social Engineering.
ID Control simulates these kinds of attacks to show businesses where their weaknesses lie.
What we do:
- Slipping into an organisation to see if protocols are followed.
- Dropping/sending USB sticks with our own software on it to see if employees plug them in.
- Phishing (Sending fake emails to see if people open attachments).
- Vishing, similair to phishing only now we call the organisation to see if we can get your employees to divulge sensitive information.
Please contact one of our cybersecurity consultants via +31 (0) 888-SECURE!