The Advanced Lab
Social Engineering
Social engineering focuses on the human aspect of a network. With the vast majority of cybersecurity breaches caused by human error and hackers constantly evolving their tactics, social engineering testing helps get in front of dangers.
Testing is performed to check for users clicking unknown links, divulging company information, giving up credentials, or otherwise giving the Red Team a leg up on the attack. The goal of social engineering is to get the target to take a specified action that reveals desired information to the hacker. Testing can be done in a variety of ways to include:
- Phishing – Deliberate fraudulent emails containing “malicious” attachments or links sent to users to get them to reveal sensitive information, such as passwords and credit card information
- Vishing – Deliberate fraudulent phone calls or voicemails placed throughout the test to try and gain sensitive information, such as passwords and credit card information
- Smishing – Deliberate fraudulent SMS text messages with “malicious” attachments or links sent to users to get them to reveal personal information, such as passwords or credit card information