Social Engineering
According to the IC3, $1.2 Billion was lost in 2018 from email account compromise.
Spear-Phishing Assessment
Our team will simulate an advanced attacker and conduct Open Source Intelligence (OSINT) collection on a set of employees and carefully develop a scenario around them. These campaigns can be email or phone-based with the primary objective of remote code execution on an employee workstation.
Typical findings:
-
Employees are susceptible to executing malicious commands from an attacker impersonating corporate IT
-
Payroll/HR divulges Personally Identifiable Information (PII) of targeted employees over the phone or through email
-
IT Help Desk will bypass policy to reset employee passwords
-
Automated Phone Directories allow an attacker to contact specific employees for compromise
Metrics-Driven Assessment
A unique scenario will be developed that matches your corporate environment and used to target a large group of employees. Detailed metrics derived from the results will determine where your current training program is working and how it can be improved.
Typical Findings:
-
Security controls fail to detect domain impersonation
-
Employees accept malicious 2FA push once credentials are compromised
-
Current training program does not account for latest phishing techniques