Social engineering is employing the use of deceptive techniques to manipulate individuals into divulging sensitive information.
RedTeam Security offers core social engineering services to test human susceptibility to persuasion and manipulation:
Transactions and interactions in every organization typically involve many people. Criminals are slick and will actively use social engineer tactics to target anyone associated with your organization with the intent to exploit them to gain access to sensitive information. Contact us today at 612-234-7848 to learn more about our social engineering testing processes.
RedTeam Security is highly skilled at conducting social engineering tests and has publicly released tools and published a book (The Social Engineer’s Playbook: A Practical Guide to Pretexting) to improve the process. Our Social Engineering services include a full report of findings and mitigation recommendations which will be confidentially debriefed to your executive staff and security team to correct existing issues and prepare against future attacks.
Recently, correspondents and a film crew from Business Insider / Tech Insider wrote a story on their experience as they were embedded with RedTeam Security during some of our social engineering engagements. Read the full story here: How hackers smooth-talked their way past the security of a power company
Format: Paperback, Kindle
Author: Jeremiah Talamantes (RedTeam Security)
Publisher: Hexcode Publishing
The Social Engineer’s Playbook was written by RedTeam Security’s Jeremiah Talamantes. The Social Engineer’s Playbook is a practical guide to pretexting and a collection of social engineering pretexts for Hackers, Social Engineers, and Security Analysts. Build effective social engineering plans using the techniques, tools, and expert guidance in this book. Learn valuable elicitation techniques, such as Bracketing, Artificial Ignorance, Flattery, Sounding Board, and others.
Exchanges of sensitive information over email happen almost constantly, day in and day out. Yet, hardly any of these exchanges go through the proper channels for authentication and authorization. RedTeam Security’s social engineering testing uses email phishing and spear-phishing to target staff into visiting unknown websites, divulging sensitive information or getting them to perform an action they otherwise should not be.
Much like email, exchanges of sensitive information over the phone happen at an almost constant rate. These days, the mindset that a telephone call is enough to authenticate a person is all too common. However, bad actors are moving away from email toward telephone social engineering. RedTeam Security uses telephone social engineering to target staff into divulging sensitive information or otherwise getting them to perform an action they should not be.
During a physical social engineering engagement, RedTeam Security engages staff directly (overt) or indirectly (covert) in an effort to identify weaknesses in the way they physically handle visitors and those pretending to be employees, vendors, or business partners. RedTeam Security’s physical social engineering consultants masquerade as vendors, new employees, business partners, and more in order to entice staff into divulging sensitive information or permitting access to sensitive areas of the facility.
A social engineering test is a simulated attack from the perspective of a bad actor, such as a malicious hacker. The objective is to simulate a cyber security attack and attempt to uncover security vulnerabilities that might otherwise be discovered by hackers. In doing so, you would gain valuable insight into the security posture of the assets and be able to fix them before hackers are able to cause serious damage by exploiting them.
Hackers who use social engineering are constantly coming up with new means of attack; that’s why it’s so important to work with third-party testing professionals who are on the cutting edge of the latest attack trends, rather than relying on a DIY social engineering approach alone.
We get this question a lot and it’s not easy to answer until some level of scoping has been performed. Our scoping process is quick, online and painless. But overall, the complexity of the operation will ultimately determine its cost. For example, when determining the work effort, we take the following into account: the number of targets (email, telephone) and the number of physical locations (onsite), and travel time between physical locations, if applicable.
While technology has given criminals ample opportunity to exploit organizations, social engineering is a classic technique these “bad guys” use to exploit an organization’s weaknesses to gain access to valuable information. RedTeam Security’s rigid social engineering testing will help your organization educate everyone on your team or access your information to learn how to protect and safeguard it from criminals. Our social engineering testing will highlight potential problems so you can use our findings to prevent a breach from occurring. To learn more, schedule your free virtual meeting with a RedTeam Security expert today at 612-234-7848.