Social Engineering

Social Engineering is the method of manipulating the weakest element in  the cybersecurity chain: The person. Through smooth talking a social  engineer is capable of persuading a person to either let them into a  secured area he didn’t suppose to have access to, or to divulge confidential information. The social engineer generally works in (among  others) a method like this:

  • The social engineer creates a problem, then appears to solve it for the victim, the victim is thankful for the help and now owes the engineer a  favor which he can later use to persuade the victim to do something he/she normally wouldn’t do (like mailing a phonebook or something to someone/somewhere it shouldn’t go to)
  • The social engineer imitates a higher ranking person in a company and orders some employee to send money somewhere or create an account for someone etc. and applies pressure on the person to increase the odds of them complying.
  • The most popular one has got to be the Microsoft Helpdesk randomly calling people to inform them their computer has been infected with a virus and they need help to remove it because Microsoft’s system said so. The unsuspecting victim then downloads a remote administration tool which gives the attacker access to their systems, in some cases people may be persuaded to get a subscription to said software. This is classic Social Engineering.

    ID Control simulates these kinds of attacks to show businesses where their weaknesses lie.

    What we do:

  • Slipping into an organisation to see if protocols are followed.
  • Dropping/sending USB sticks with our own software on it to see if employees plug them in.
  • Phishing (Sending fake emails to see if people open attachments).
  • Vishing, similair to phishing only now we call the organisation to see if we can get your employees to divulge sensitive information.

    Please contact one of our cybersecurity consultants via +31 (0)  888-SECURE!