People are the weakest link.
A Social Engineering campaign is designed to review the human aspect of your environment’s security and will typically include:
A targeted Email campaign (Spear Phishing)
A targeted Social Media campaign, where staff are 'friended'.
A Physical access attempt using fake ID cards.
Social Engineering requires ongoing training of staff and this type of review determines if the training is effective. In most cases the attack does succeed and as such the business aim should be to reduce the number of staff who are affected by a targeted attack and learn process and procedures regarding response to a targeted attack.
Typical testing process
Mapping and reconnaissance
Research on the company.
Research on staff at the company.
Cold calling and similar intelligence gathering.
Planning and target selection.
Execution of plans.
Documentation and Reporting
