Social Engineering

Social engineering is the art of working methodically with people. We use this art to prepare you for possible social engineering attacks, which can take place through various mediums and forms. Therefore, our services in this field are just as diverse. 

The common feature of these assessments is to be in detailed agreement with the goals and non-goals, as well as constraints of the assessment for the protection of the employees. Since these tests are designed to find new security breaches, a definite non-goal is to attach possible wrongdoing during the assessments to individuals. We are strongly opposed to negative consequences for individuals coined from an assessment. Therefore, we censor content and imagery as much as possible and are in support of a transparent and fair review of the results.

A good starting point for the project planning is already existing training material of your company. Building on these we can design the assessments according to realistic current threats and incorporate your instructional material to foster awareness. 

Targeted Phishing Assessments

For this assessment we develop scenarios which are based on risk trends and your personal requirements to get the most out of training your personnel. 
This can include general texts or e-mails tailored to your company or groups of individuals within your company (spear phishing). Depending on the requirements the e-mails will include links and/or attachments with code prepared by us. Every assessment is unique and custom-fitted to your induvial needs.

Testing Technical Phishing Protection Measures
In this assessment we challenge your technical protection measures to see if they provide adequate protection against phishing e-mails. We thoroughly test your spam filter, antivirus solutions on the e-mail gateways and clients, endpoint protection software as well as data leakage prevention software.

Voice Phishing Assessments

With the rise of faked telephone calls to convince people to give out information or install malware, it is important to prepare employees for such attacks. We train your employees with fake caller IDs, fake phone numbers and AI-generated voice imitation for such attack scenarios.

CEO Fraud Simulations
CEO fraud describes attacks which target employees by impersonating management personnel and pressuring them into transferring money onto unknown bank accounts. Depending on your means of communications this simulation includes several social engineering tactics and mediums, like e-mail, WhatsApp, MS Teams or phone calls.

USB or Media Dropping

USB devices and even USB cables can contain malware. With this assessment we train your employees’ reaction to unaccounted devices or mediums, such as CDs or USB sticks, and help them understand the dangers of such finds.

Mystery Guest / Physical Awareness Engagements
As so-called mystery guest we visit your company and will try to reach the goals agreed upon with you, like getting access to internal information or IT systems without using specific hacking or physical attacks. The focus lays on social engineering and the security awareness of the employees, especially towards external people. During the assessment we will become more noticeable over time until we are discovered. This allows for an insight on the measurements which are already well implemented and internalised by the employees and offers a positive learning effect for everyone involved at the end.