- Network Pentesting
- Application Pentesting
- About us
- Contact us
The service includes multiple types of phishing attacks via phone calls, text messages, and emails that are designed to convince an employee to disclose sensitive information or to perform malicious/inadvertent actions (e.g. disclosing their password, running a malicious code, opening an "entrance gate" to the company, etc.). For the tests, we use our internally-developed framework and methodology that simulates a real attack.
The purpose of social engineering tests is to verify employee security awareness. The test results in a report that contains a detailed analysis of the conducted tests with an executive summary.
The cost of the social engineering test depends on the depth and complexity of the test, and the size of the tested company. The price is determined after customer consultation, which determines the scope, type of test, and other requirements from the customer.
The test can be performed using the BLACK BOX (no information about the tested company), GREY BOX (partial information about the company) or WHITE BOX (all necessary information about the company) method. Depending on the agreed method, the first phase of the test will be adapted accordingly. The first phase deals with the collection of information about the company being tested (information on employees from publicly available sources / social networks, used IT assets, etc.).
We offer several types of tests that vary in the scope and depth of the test. After discussing with the customer, we recommend the type and scope of the appropriate company-specific test.
A phishing / spear phishing email attempts to force the people being tested to make an unwanted action (password change, visiting a website with malicious code (drive-by attack), visiting a fake site, downloading an attachment, and executing a malicious code (RAT, ransomware, keylogger, etc.)).
Unlike classic phishing, this type of phishing is performed via phone call or text message. This type of attack also aims to attempt to obtain confidential, commercial data, or make an unwanted action (password change, etc.). If possible, the caller/sender ID is fake (spoofed).
A physical version of a social engineering test, where portable media (CDs, DVDs, USB keys) are left around the premises of the tested company. The media contain a malicious code (RAT, ransomware, keylogger, etc.) or only an executable code that serves the final evaluation of the test.
If you are interested in this service or would like to know more,
please contact our expert who will be happy to help you.