...

Social Engineering

Make humans the strongest link
NFIR beeldmerk kleur
NFIR beeldmerk kleur

Social Engineering

Make humans the strongest link

Social Engineering is a type of attack in which attackers employ psychological manipulation with the goal of tricking employees into providing personal or company-sensitive information.
Through convincing stories and invented scenarios, they play on human emotions to which every human being is susceptible to some degree, such as trust, helpfulness, curiosity, or fear.

Home

Why is security awareness so important?

Mystery visit

Security Awareness Presentations

Can malicious actors unobtrusively visit your organization and take advantage of physical and digital vulnerabilities?

Smishing

Security Awareness Presentations

How do your employees react to a strange USB flash drive? Are employees aware of the dangers of a strange, possibly infected USB flash drive?

Phishing simulations

Mail / Spear phishing

Gain insight into your employees' current awareness using email phishing simulations customized by our ethical hackers.

Voice phishing

Voice phishing

Does your employee give out confidential information over the phone, such as passwords? Test the extent to which your employees share sensitive information via a phone call to an unknown person.

Social engineering: make humans the strongest link

Social media phishing

Does your employee give out confidential information such as passwords, personal or financial information via Social Media.

CyberSecurity Event Zwolle



NFIR Social engineering

Are you interested in one or more social engineering solutions and want to strengthen the human firewall in a sustainable way? If so, please contact one of our account managers.

In the information security triangle of process, technology and people, people are the most fallible. In many cases, humans are considered the weakest link in information security. By conducting social engineering exercises, employees of your organization become more resilient in recognizing known social engineering techniques and your organization can make human beings the very strongest link.

Our ethical hackers use scenarios that are also used by real attackers in practice. We record the results in a clear, concise report. Discretion and anonymity of those involved is always guaranteed.

Social engineering services in brief: phishing simulations and location tests

Our social engineering service can be divided into two categories: phishing simulations and location testing. These categories are divided into different services that you can purchase separately or together.

Phishing simulations

  • Mail/Spear phishing is a form of cyber attack in which malicious people send emails that appear to come from a legitimate source to gain access to sensitive information such as login credentials to your systems.
  • Voice phishing is a type of social engineering attack in which an attacker uses a phone to try to trick a victim into providing sensitive information such as login credentials. It is also known as vishing.
  • Angler Phishing is a type of phishing attack that uses text messages to trick victims into providing sensitive information or downloading malicious software. It is a form of social engineering that attempts to trick victims into taking action that may compromise their security.

Location Testing

  • Mystery guest visits are a security assessment technique in which a person poses as a customer, employee or technician, for example, to test the security of a facility or system. It is used to identify potential security issues and assess the effectiveness of security policies and procedures. Spyware, malware and/or(hard)ware may also be left behind during a mystery guest.
  • USB dropping is a form of cybercrime in which malicious actors use USB devices to access a computer system and steal data or install malware on your systems.

Become resilient against the most common technique used by cybercriminals

Besides techniques and processes, humans are the most important link in reducing the likelihood of an incident.
Social Engineering gives you a good idea of how strong your human firewall is.

Frequently asked questions

Social engineering is a type of attack that relies on human interaction to gain access to confidential information or resources. It is a form of manipulation used by attackers to trick people into disclosing sensitive information or performing certain actions.

Social engineering is among the basic techniques used by cybercriminals and underlies most cyber incidents. This technique mainly plays on your organization’s employees, as social engineering exploits human traits such as the desire to be helpful. By making your organization more resilient to social engineering techniques, you strengthen the human factor. An indispensable link in the triangle of techniques, processes and people.

Organizations’ IT departments often go to great lengths to ensure that technical resilience is as high as possible. Information security is just more than the technical side. Many security incidents and data breaches do not arise from technical failure but often from unconsciously incorrect actions by employees.

SECURITY INCIDENT BIJ UW ORGANISATIE?

De volgende 30 minuten zijn van cruciaal belang​!

De eerste 30 minuten na een cyber security incident zijn cruciaal, omdat een snelle en adequate reactie de schade kan beperken. Daarnaast kan verdere verspreiding van de aanval worden voorkomen en kan essentieel bewijsmateriaal veiliggesteld worden voor nader onderzoek.

Ons Computer Emergency Response Team (CERT) staat 24/7 klaar om bedrijven en organisaties te ondersteunen bij IT-beveiligingsincidenten.

Heeft uw bedrijf professionele hulp nodig bij een beveiligingsincident? 

* LET OP: Wij werken uitsluiten voor bedrijven en organisaties.

SECURITY INCIDENT AT YOUR ORGANIZATION?

The next 30 minutes are crucial!

The first 30 minutes after a cyber security incident are crucial because a quick and adequate response can limit the damage.
In addition, further spread of the attack can be prevented and essential evidence can be secured for further investigation.

Our Computer Emergency Response Team (CERT) is available 24/7 to support businesses and organizations during IT security incidents.

Does your company need professional help with a security incident?

* NOTE: We work exclusively for companies and organizations.