Email phishing is one of the most common social engineering methods. Users of critical data are tricked into revealing passwords or clicking on links that contain malware. As a part of Coalfire’s social engineering services, we conduct controlled phishing assessments in order to measure employees’ IT security awareness.
In pretexting, social engineers invent scenarios to engage targeted victims in such a way as to increase the possibility of obtaining sensitive data. To protect your organization from pretexting, Coalfire conducts controlled pretexting assessments to identify weak points in your employee defenses.
Physical Social Engineering
Criminals often take advantage of vulnerabilities in an organization’s physical environment in order to walk directly into an office to get what they want. Generally, the social engineer looks and acts as if they belong in the office in order to avoid suspicion. To ensure the security of your physical environment, Coalfire’s experts conduct physical social engineering exercises in an attempt to circumvent your security measures and identify vulnerabilities.
For all social engineering services, Coalfire provides a detailed description of the assessment, the results, and our recommendations. We also offer an in-depth debriefing to discuss findings and remediation with your stakeholders.