Social Engineering (Phishing, Vishing, SMSishing)

We reach your selected employees with fraudulent emails or phone calls, or directly try to get into your building by manipulating them.

We'll help you raise awareness and greatly reduce intrusion risk

The human factor is the primary security risk to data and information across all companies due to inadequate or inappropriately conducted training. Educating users using social engineering techniques significantly reduces the risk of data breaches, as first-hand experience has many times more impact than the hypothetical lessons realised from e-learning training. With social engineering tests, we tailor the training plan directly to you.

We will conduct a test including:
  • information gathering,
  • phishing,
  • vishing,
  • spear-phishing,
  • physical intrusion.
We present the comprehensive results in a report that identifies your organization's level of user awareness and vulnerabilities. We present specific actions you should take that are tailored to increase your protection against threats - both internal and external.
 

Phishing

It represents one of the most notorious attacks using social engineering. The goals of phishing from the attacker's perspective can be divided into delivering malicious data that provides access to remote attackers, collecting login credentials, and collecting other information useful for further attacks.

From an employee or user perspective, the goal of simulated phishing is to build the habit of making the right decision at the moment of opening a message, to recognize a potentially malicious email that pretends to come from a trusted source.

Thus, the goal of phishing as a service is to educate employees by simulating an attack. We send out an email that detects user behaviour as soon as it is delivered. The resulting statistics show to what extent employees are susceptible to the phishing attack vector and where further training will be required. The output is prepared into two separate reports. The first, an interim one, which reports on the actions taken by users and also includes the metrics measured. The second formal report, includes a description of the scenario, the data collected, a description of user behaviour, recommendations and comparisons with previous campaigns.
 

Vishing

Vishing can be defined as telephone phishing. During a phishing phone call, the attacker uses social engineering methods to entice the victim to share information or perform a certain action.

However, vishing as a service is also educational in nature. These are phone calls with a fully human-controlled approach. The service is carried out by a team of social engineers who use dynamic pretexting to continuously gather critical data from employees. In the internal penetration test, we use VoIP technology, with which we replace caller's ID with a confidential source (so-called spoofing), while in the external test, calls come from phone numbers outside the organization. We tailor the call scenarios and record individual calls for educational purposes. The output is a formal report that includes a detailed description of the scenarios, the metrics measured, user actions, comparisons to previous campaigns, and recommendations.
 

Penetration test using social engineering

In this comprehensive test we use a combination of phishing, vishing and physical infiltration. At the beginning of the test, the company identifies its critical assets. Our team of social engineers then performs a reconnaissance of information across the Internet and the darknet, focusing on the company's critical assets.

Based on the information gathered, we develop potential attack scenarios. This is followed by the actual execution of a penetration test to validate the existing process or policy against the defined assets. The output is a detailed report with a description of the scenarios, a description of user behaviour and recommendations.
 

KnowBe4

We offer a platform that enables you to conduct simulated phishing attacks right inside your organization. You can set up training and simulated phishing attacks yourself according to your organization's needs. KnowBe4 features a user-friendly environment and includes thousands of templates with unlimited use, as well as the largest library of security awareness training.

It also includes a range of interactive modules, videos, games, posters and newsletters. KnowBe4 enables you to run automated training campaigns with scheduled reminder emails. The resulting messages are then created from phishing tests and training sessions.

You can also find more information about social engineering on our product website: www.socialing.cz
 

Benefits

  • we will check the security awareness of your organisation's members.
  • we will identify weaknesses and report them to you.
  • once the test is complete, you will reduce the likelihood of future data leakage.
  • we have over 10 years of experience in social engineering.
  • our team consists of specialists with experience from hundreds of sub-projects.
  • we hold certifications such as eMAPT, CISSP, OSCP, OSCE, CEH and many others.
Share

DO NOT HESITATE TO
CONTACT US

Are you interested in more information or an offer for your specific situation?

By submitting the form, I declare that I have familiarized myself with the information on the processing of personal data in ARICOMA.