Its often said that people are the weakest link in an organization's security chain. Given the rise of e-mail phishing attacks and impersonation campaigns, its clear that the saying is true. Highlighting the weaknesses in the human element is just as important as a technical audit, as this too can be an avenue for fraud and corporate espionage.
Positron Security excels at the following social engineering audits:
- Physical Intrusions
- We infiltrate sensitive offices and workspaces by building elaborate backstories and fabricating situations that grant us access. People often find our pretexts believable and allow us into restricted areas willingly. Other times, we employ a combination of tail-gating, lock picking, and/or exploitation of weak physical controls.
- Telephone-Based Social Engineering
- We call employees and impersonate executives and/or IT workers to extract company and customer information. This information is leveraged to gain internal network access in order to perform further penetration testing.
- E-mail-based Social Engineering
- Like with telephone-based testing, we impersonate customers and fellow employees to extract sensitive information and gain internal network access.
All findings, along with proof-of-concept examples, references, and solutions are documented in a final report.
Please contact us for more information, or to get a quote for our services.