What Is Social Engineering?
Social engineering is employing the use of deceptive techniques to manipulate individuals into divulging sensitive information.
RedTeam Security offers four core social engineering services to test human susceptibility to persuasion and manipulation:
- Email Phishing
- Telephone Vishing
- Onsite In-Person Social Engineering
RedTeam is highly skilled at conducting social engineering tests and has publicly released tools and published a book (The Social Engineer’s Playbook: A Practical Guide to Pretexting) to improve the process. Our Social Engineering services include a full report of findings and mitigation recommendations which will be confidentially debriefed to your executive staff and security team to correct existing issues and prepare against future attacks.
Recently, correspondents and a film crew from Business Insider / Tech Insider wrote a story on their experience as they were embedded with RedTeam Security during some of our social engineering engagements. Read the full story here: How hackers smooth-talked their way past the security of a power company
The Social Engineer’s Playbook: A Practical Guide to Pretexting
The Social Engineer’s Playbook was written by RedTeam Security’s Jeremiah Talamantes. The Social Engineer’s Playbook is a practical guide to pretexting and a collection of social engineering pretexts for Hackers, Social Engineers and Security Analysts. Build effective social engineering plans using the techniques, tools and expert guidance in this book. Learn valuable elicitation techniques, such as: Bracketing, Artificial Ignorance, Flattery, Sounding Board, and others.
Social Engineering Services
Exchanges of sensitive information over email happen almost constantly, day in and day out. Yet, hardly any of these exchanges go through the proper channels for authentication and authorization. RedTeam Security’s social engineering testing uses email phishing and spear-phishing to target staff into visiting unknown websites, divulging sensitive information or getting them to perform an action they otherwise should not be.
Much like email, exchanges of sensitive information over the phone happen at an almost constant rate. These days, the mindset that a telephone call is enough to authenticate a person is all too common. However, bad actors are moving away from email toward telephone social engineering. RedTeam Security uses telephone social engineering to target staff into divulging sensitive information or otherwise getting them to perform an action they should not be.
Onsite Social Engineering
During a physical social engineering engagement, RedTeam engages staff directly (overt) or indirectly (covert) in an effort to identify weaknesses in the way they physically handle visitors and those pretending to be employees, vendors or business partners. RedTeam physical social engineering consultants masquerade as vendors, new employees, business partners and more in order to entice staff into divulging sensitive information or permitting access to sensitive areas of the facility.
Why Should I Conduct Social Engineering Testing?
A social engineering test is a simulated attack from the perspective of a bad actor, such as a malicious hacker. The objective is to simulate a cyber security attack and attempt to uncover security vulnerabilities that might otherwise be discovered by hackers. In doing so, you would gain valuable insight into the security posture of the assets and be able to fix them before hackers are able to cause serious damage by exploiting them.
Hackers who use social engineering are constantly coming up with new means of attack; that’s why it’s so important to work with third-party testing professionals who are on the cutting edge of the latest attack trends, rather than relying on a DIY social engineering approach alone.
How Much Does Social Engineering Testing Cost?
We get this question a lot and it’s not easy to answer until some level of scoping has been performed. Our scoping process is quick, online and painless. But overall, the complexity of the operation will ultimately determine its cost. For example, when determining the work effort, we take the following into account: the number of targets (email, telephone) and the number of physical locations (onsite), and travel time between physical locations, if applicable.
Social Engineering: Detect & Mitigate
Learn more about RedTeam Security's advanced Application, Network and Physical Penetration Testing, Social Engineering and Red Teaming services.