B & A Social Engineering Assessment Services
Social Engineering relies on a set of technological, psychological, and physical techniques that trick a user into breaking security protocols.
Our Techniques Include:
Phishing – Phishing occurs when an attacker masquerades as a credible source, and sends an email requesting that a user performs an action (ex: clicks a URL, or opens an attachment) and conveys confidential information. Spear-Phishing is similar, but the attacker targets specific individuals and includes relevant information to appear even more convincing.
Vishing – Malicious attackers will attempt to call various individuals or groups to gather information about a target or in order to influence an action. For example, a common scenario would involve a hacker calling a help-desk to request that a new account be created.
Impersonation – Pretexting as another person or presenting a false identity can allow an attacker to gain access to information, facilities, or secure systems.
All of these techniques rely on the exploitation of humans and its phycology. In order to minimize the likelihood and risk of a Social Engineering attack, Baretzky & Associates will work with your organization to test end user Security Awareness of Phishing, Spear Phishing and other Social Engineering attacks.
Baretzky & Associates Social Engineering Assessment Services test your organization’s susceptibility to Social Engineering techniques with safe, approved, and authorized replication email-based attacks on targeted employees. The goal of the engagement is to help an organization understand and improve upon its present security posture
The Social Engineering Assessment will:
- Assess security awareness by identifying users who click links in phishing emails
- Set phishing traps via web forms to flag data leakage risks
- Test end-user machines for exploitable vulnerabilities
Following the assessment, Baretzky & Associates will provide a final presentation as well as a report, outlining:
- Nature of the work performed including steps taken in exploitation
- Summary of the exposures identified
- Identification of data accessed
- Remediation recommendations