Social Engineering (Phishing, Vishing, SMSishing)
We reach your selected employees with fraudulent emails or phone calls, or directly try to get into your building by manipulating them.
We'll help you raise awareness and greatly reduce intrusion risk
We will conduct a test including:
- information gathering,
- physical intrusion.
From an employee or user perspective, the goal of simulated phishing is to build the habit of making the right decision at the moment of opening a message, to recognize a potentially malicious email that pretends to come from a trusted source.
Thus, the goal of phishing as a service is to educate employees by simulating an attack. We send out an email that detects user behaviour as soon as it is delivered. The resulting statistics show to what extent employees are susceptible to the phishing attack vector and where further training will be required. The output is prepared into two separate reports. The first, an interim one, which reports on the actions taken by users and also includes the metrics measured. The second formal report, includes a description of the scenario, the data collected, a description of user behaviour, recommendations and comparisons with previous campaigns.
However, vishing as a service is also educational in nature. These are phone calls with a fully human-controlled approach. The service is carried out by a team of social engineers who use dynamic pretexting to continuously gather critical data from employees. In the internal penetration test, we use VoIP technology, with which we replace caller's ID with a confidential source (so-called spoofing), while in the external test, calls come from phone numbers outside the organization. We tailor the call scenarios and record individual calls for educational purposes. The output is a formal report that includes a detailed description of the scenarios, the metrics measured, user actions, comparisons to previous campaigns, and recommendations.
Penetration test using social engineering
Based on the information gathered, we develop potential attack scenarios. This is followed by the actual execution of a penetration test to validate the existing process or policy against the defined assets. The output is a detailed report with a description of the scenarios, a description of user behaviour and recommendations.
It also includes a range of interactive modules, videos, games, posters and newsletters. KnowBe4 enables you to run automated training campaigns with scheduled reminder emails. The resulting messages are then created from phishing tests and training sessions.
You can also find more information about social engineering on our product website: www.socialing.cz
- we will check the security awareness of your organisation's members.
- we will identify weaknesses and report them to you.
- once the test is complete, you will reduce the likelihood of future data leakage.
- we have over 10 years of experience in social engineering.
- our team consists of specialists with experience from hundreds of sub-projects.
- we hold certifications such as eMAPT, CISSP, OSCP, OSCE, CEH and many others.
Implementation of penetration tests to improve the security of ING
Our penetration tests identified and remediated vulnerabilities within the company Konica Minolta
Raising cybersecurity awareness at Broker Consulting
Security of clients and employees of ČSOB has been improved not only through penetration tests
Audits and sophisticated penetration tests for vulnerability identification for Škoda Auto
At T-Mobile, we performed security tests and audits
At Deutsche Telekom (T-Systems), we cover the areas of cyber security.
Cyber security training services for dozens of OTE employees
Implementation of security audits and penetration tests for ČEZ
- Increasing cyber security at the Hradec Králové University Hospital
You May Also Like
- Robust multi-level user and data protection of Military Hospital Olomouc
- BUDVAR systematically increases its cyber security
- Kofola has cybersecurity under control
- Data of CENTROPOL ENERGY customers and employees is safe thanks to the DLP system
- The first four companies adopt the new name Aricoma
- Complete management of the corporate IT of MORAVIA PROPAG
- Modern and secure IT infrastructure with operational services for Arkance Systems CZ
- We have joined the EDIH NORTHEAST BOHEMIA consortium’s digitalization project
- Faster and safer login to computers and applications at the Jihlava Hospital
- Companies in KKCG's technology pillar are changing. Qinshift to be spun off from Aricoma
- Security and remote management of thousands of commissioners' mobile devices for Census 2021
- AC Identity - Identity Management for the city of České Budějovice
DO NOT HESITATE TO
Are you interested in more information or an offer for your specific situation?