Social engineeringWhat is social engineering? In essence, social engineering is the act of manipulating people in order to gain an advantage. This advantage can be a piece of information, access to otherwise restricted places etc. Unlike most attack techniques in an information system, social engineering techniques target people. Experts agree that the weakest link in the protection of information system security is the human element. The branch of science that examines humans as the main attack vector is called social engineering.

The attackers are attacking people, employees or associates of the organization with the aim to:

  • Get (protected) information,
  • Persuade employees to do something that will endanger the safety of the system.

This is done by exploiting the human’s:

  • Willingness to help (a man in distress)
  • Fear of technology,
  • Shame of their own ignorance,
  • Respect for authority.

They use methods of fraud, seduction, flattery, etc. The degree of endangerment of employees is reviewed trough different methods of provocation and trough bait planting as it would do real attackers.

The result of this test is a statistical assessment of employees and organization’s endangerment and recommendations for specific programs for raising consciousness and education of employees.

 

Please feel free to check the price for our human resources penetration testing services using our Penetration testing calculator!

   
   

Articles  

   
© 2015 Nobium - Sva prava pridržana.