Social Engineering
You are here: Home \ Professional Services \ Social Engineering

Social Engineering

IT security experts spend the vast majority of their time and effort to the technical aspects of security including optimizing their SIEM’s, threat and vulnerability management, and penetration testing. However, the vast majority of successful attacks bypass traditional security by using phishing, whaling and other techniques to trick their unsuspecting victims.

Social Engineering is a collection of techniques used to manipulate people into performing certain actions or divulging confidential information to break normal security procedures. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access, and in most (but not all) cases, the attacker never comes face-to-face with the victim.

Objectives and Methodology

Above Security’s Social Engineering service allows you to detect weaknesses to better address your staff-related security issues. An additional objective of a Social Engineering mandate is to establish solutions to increase the global level of the confidentiality, integrity and availability of your corporate data.

Above Security proposes a method to acquire access privileges to an organization or to obtain sensitive information about its assets by questioning its personnel through phone calls, emails, chat or technical forums.

Sample Scenario

social engineering1

1. Above Security chooses an individual based on the already acquired information concerning the personnel

social engineering2

2. We examine possible means of communication with this individual

null

3. We determine habits and priorities of the individual

social engineering4

4. We communicate with the individual and ask for information by acting as a person of authority with privileges

social engineering5

5. We collect the requested information

social engineering6

6. We list the level of privileged information acquired

Benefits

Whether they’re sophisticated or subtle, social engineering threats are far and away the most successful type of attack and pose a serious risk to your organization’s IT security. Our social engineering training will educate your employees on how to recognize and avoid the cyber criminals’ most successful scams and techniques in order to keep your employees and your organization’s data secure.

  • Get Trained with Real-Life Examples

    Our training provides an overview of how social engineering used by cyber criminals to trick even the most savvy victims into providing their personally identifiable information (PII) or other sensitive data in order to perpetrate fraud. We provide examples of real-world attacks and illustrate for users how to identify and avoid these threats in all of their forms.

  • Easily Identify Emails with Malicious Content

    Our training educates users on how to identify phishing, spearphishing and whaling emails. Users will learn how sophisticated these attacks can be and how to avoid manipulative content, malicious and disguised links, dangerous attachments, inappropriate data requests and other threats.

  • Better Protect Your Organization's Data

    Our training educates your employees about the risks of USB devices and other portable storage devices and media. They will learn about the appropriate use of off-premise storage like dropbox, box, and other technologies and will learn how to properly dispose of and destroy confidential data and files when appropriate.

[Blog] Top 10 Security Tips

Learn More >

Read Our Customer Case Studies

Learn More >

Download our Security Whitepapers

Learn More >

Talk to a Security Specialist