Social Engineering: The Art of Gaining Access

Test your organization’s capabilities against social engineering attacks

Many organizations go to great lengths to protect their sensitive data with firewalls and access security systems, yet fail to realize that the weakest link in their data defenses is their own people. Today’s cyber criminals don’t need high-tech methods to hack into your computer systems. They take advantage of basic human behavior to get what they want. Social engineering is the most common—and highly successful—tactic used by adversaries to gain unauthorized access to your network. Social engineering is a non-technical intrusion that tricks unsuspecting employees into breaking normal security procedures and giving network access to attackers.

Social engineering assessments help you evaluate the risk of social engineering attacks, identify breakdowns in protections, and implement remediation strategies. Using processes developed over dozens of engagements, we help you strengthen your security program by mitigating the most common and devastating attack vectors used today.

We tailor assessments to your needs based on attack vectors to be tested and your end objective (employee security awareness, attack mitigation, etc.). Testing activities remain in a controlled environment, and assessment results provide actionable remediation.

Coalfire’s services include:

Open Source Intelligence Gathering

We use publicly available information to gather intelligence and inform targeted social engineering attacks.

Pretexting/Cold-Calling

This involves phone-based social engineering to gather critical information. In pretexting, social engineers invent scenarios to engage targeted victims in such a way as to increase the possibility of obtaining sensitive data. To protect your organization from pretexting, Coalfire conducts controlled pretexting assessments to identify weak points in your employee defenses.

Spear Phishing

Email spear phishing is a targeted email sent to designated personnel employing varying levels of sophistication based on threat objectives. Email phishing is one of the most common social engineering attack methods. Users of critical data are tricked into revealing passwords or clicking on links that contain malware. As a part of Coalfire’s social engineering services, we conduct controlled phishing assessments to measure employees’ IT security awareness.

Onsite Reconnaissance / Physical Social Engineering

Criminals often take advantage of vulnerabilities in an organization’s physical environment in order to walk directly into an office to get what they want. Generally, the social engineer looks and acts as if they belong in the office in order to avoid suspicion.

To ensure the security of your physical environment, Coalfire’s experts conduct physical social engineering exercises in an attempt to circumvent your security measures and identify vulnerabilities. Physical activities including attempts to gain access to specific locations, unauthorized physical network access, baiting, tailgating, dumpster diving, USB drops, etc.

Why Partner with Coalfire for Social Engineering Assessments

Ensure your organization is protected from social engineering attacks with our expertise and experience.  Coalfire’s social engineering services help you:

  • Evaluate how effectively your current security awareness training and operational readiness response is to combat social engineering tactics.
  • Assess your organization’s susceptibility to common network intrusions.
  • Analyze employee awareness of, and responses to, suspicious activity and improve incident responses to non-technical attack vectors.
  • Understand how to immediately improve your current security posture.

For all social engineering services, Coalfire provides a detailed description of the assessment, the results, and our recommendations. We also offer an in-depth debriefing to discuss findings and remediation with your stakeholders.