Our Process for Successful Social Engineering Attacks
Your social engineering strength test kicks off on a call with Kevin Mitnick himself, our team and your relevant team members. We’ll use this opportunity to thoroughly discuss the engagement rules, what to expect and how to alert you if something is being detected during the testing phase.
Since our testing goes so far beyond simple baiting for link clicks, we’ll identify your most guarded / sensitive information to target for access and exfiltration. We also use this time to identify any specific targets you want tested or excluded (contractors, CEO, C-Suite staff, interns etc).
Once testing commences, we’ll begin by gathering information on your organization and anyone with access to information systems or sensitive data. Then, our master social engineers develop the ruse, pretext, and situations we’ll use to influence the people being tested. Our superior skill set allows us to develop plausible situations that are realistic, credible, and trustworthy.
If necessary, we work closely with your team to define and customize the test scenarios to test specific policies, procedures, and processes. If your organization has incident response procedures for reporting suspicious phone calls, text/instant messages, or emails, Mitnick Security can test these procedures and the overall effectiveness of your existing security awareness-training programs.
Throughout the testing, we’ll be in constant communication with your team through dedicated communication channels. You’ll also be advised as we begin to wrap up and write your detailed, peer-reviewed report.