What Is Social Engineering?
Social engineering is a technique that relies on exploiting weaknesses in human nature, rather than hardware, software, or network vulnerabilities.
RedTeam Security offers four core social engineering services to test human susceptibility to persuasion and manipulation:
- Email Phishing
- Onsite/Physical Pretexting
RedTeam is highly skilled at conducting social engineering tests and has publicly released tools and published a book (The Social Engineer’s Playbook: A Practical Guide to Pretexting) to improve the process. We frequently conduct social engineering penetration testing for clients and have a very high success rate of compromise as well as eliciting sensitive or confidential information.
Recently, correspondents and a film crew from Business Insider / Tech Insider wrote a story on their experience as they were embedded with RedTeam Security during some of our social engineering engagements. Read the full story here: How hackers smooth-talked their way past the security of a power company
The Social Engineer’s Playbook: A Practical Guide to Pretexting
The Social Engineer’s Playbook was written by RedTeam Security’s founder, Jeremiah Talamantes. The Social Engineer’s Playbook is a practical guide to pretexting and a collection of social engineering pretexts for Hackers, Social Engineers and Security Analysts. Build effective social engineering plans using the techniques, tools and expert guidance in this book. Learn valuable elicitation techniques, such as: Bracketing, Artificial Ignorance, Flattery, Sounding Board and others.
Social Engineering Services
Exchanges of sensitive information over email happen almost constantly, day in and day out. Yet, hardly any of these exchanges go through the proper channels for authentication and authorization. RedTeam Security’s social engineering testing uses email phishing and spear phishing to target staff into visiting unknown websites, divulging sensitive information or getting them to perform an action they otherwise should not be.
Much like email, exchanges of sensitive information over the phone happen at an almost constant rate. These days, the mindset that a telephone call is enough to authenticate a person is all too common. However, bad actors are moving away from email toward telephone social engineering. RedTeam Security uses telephone social engineering to target staff into divulging sensitive information or otherwise getting them to perform an action they should not be.
During a physical social engineering engagement, RedTeam engages staff directly (overt) or indirectly (covert) in an effort to identify weaknesses in the way they physically handle visitors and those pretending to be employees, vendors or business partners. RedTeam physical social engineering consultants masquerade as vendors, new employees, business partners and even employee family members in order to entice staff into divulging sensitive information or permitting access to sensitive areas of the facility.
Why should should I conduct social engineering testing?
A social engineering test is a simulated attack from the perspective of a bad actor, such as a malicious hacker. The objective is to simulate a cyber security attack and attempt to uncover security vulnerabilities that might otherwise be discovered by hackers. In doing so, you would gain valuable insight into the security posture of the assets and be able to fix them before hackers are able cause serious damage by exploiting them.
Hackers who use social engineering are constantly coming up with new means of attack; that’s why it’s so important to work with third-party testing professionals who are on the cutting edge of the latest attack trends, rather than relying on a DIY social engineering approach alone.
How long does it take to conduct a social engineering test?
The overall time depends on the size and complexity of the in-scope targets. That said, most tests take anywhere from one week to four weeks, start to finish. To learn more about what’s involved in social engineering testing, read our post on What’s In A Good Social Engineering Strategy.
How much does social engineering testing cost?
We get this question a lot and it’s not easy to answer until some level of scoping has been performed. Our scoping process is quick, online and painless. But overall, the complexity of the operation will ultimately determine its cost. For example, when determining the work effort, we take the following into account: number of targets (email, telephone) and the number of physical locations (onsite/physical), and travel time between physical locations, if applicable. To help us provide you with an accurate and detailed quote, click here to complete our scoping questionnaire.
TRUSTED BY TODAY’S LEADING ORGANIZATIONS
Our Penetration Testing, Social Engineering and Red Teaming services go beyond the checkbox to help prevent data breaches