SECURITY
ASSESSMENT

Social Engineering

Social Engineering evaluates user’s behavior in their interaction with the internet (user awareness) and in particular their reaction to suspicious email messages (email phishing), physical media with malicious software (such as a flash drive left in the elevator/parking lot of the company with infected software), or an actor pretending to need sensitive information (could impersonate a colleague, police officer, or bank employee over the phone).

In phishing email attacks, intruders attempt to exploit employees of a company to extract confidential passwords or sensitive information. The Phishing Simulation service simulates these attacks, attempting to deceive and manipulate people with the aim of breaching the information infrastructure, gaining access to network resources, and obtaining information.

In the framework of phishing simulation, we examine the security practices followed by users and their reactions in the event of an attack, thereby evaluating the extent to which the human factor poses a risk.

Upon completion of the phishing simulation, a detailed report is generated describing all the security gaps that the company needs to address before a real intruder can exploit them. Phishing simulation helps train company employees to detect and report real attacks, which range from a suspicious attachment to a suspicious link.

Furthermore, the company’s email spam filters are assessed for their effectiveness in identifying targeted phishing emails, given that phishing is one of the most common forms of Social Engineering attacks.

Benefits
for the company