Social Engineering Strength Testing & Services

What Exactly is Social Engineering?

How easily would your employees spot and appropriately react to a real social engineering exploit? There’s only one safe, insightful way to find out: staging a simulated social engineering attack.

Social engineering is an extremely effective technique used by hackers worldwide to compromise internal systems and proprietary information assets. In fact, it’s one of the top two hacking techniques used by criminals to compromise organizations like yours.

With the use of savviness and Open Source Intelligence (OSINT) from social media or other publicly-accessible websites, malicious “social engineers” weave a convincing pretext via phone, email or in person— all with the goal of fooling members of your team into trusting them.

Safely Testing Your Team’s Readiness

Putting your team through social engineering training is one thing, but testing their awareness outside the training modules is another.

In a social engineering test, our white hat social engineers leverage all the attack vectors a real cybercriminal would use to trick management and employees. To truly test your team’s cybersecurity readiness, we may:

Send phishing emails to entice your team into sharing information, opening a malicious attachment, or clicking an infected link.
Make vhishing phone calls to individuals within your organization, posing as the IT helpdesk, a vendor, supplier, customer, fellow employee or even a manager to access private info.
Lure victims to a spoofed website that appears to be associated with your company or an app you use. Employees are enticed to log in with their company credentials, mimicking the way hackers capture sensitive login information.
Exploit a client-side software vulnerability and gain control of the system by tricking the user into visiting a URL or opening up a malicious attachment.

Rolling Out the Simulated Attacks

Once you’re onboard, we’ll kick off with a chat with Kevin Mitnick himself, our team and your relevant team members. We’ll use this opportunity to discuss the engagement rules, what to expect and how to alert you if something is being detected during the testing phase.

Since our testing goes so far beyond simple baiting for link clicks, it’s during this call that we’ll identify your most guarded / sensitive information to target for access and exfiltration. We also use this time to identify any specific targets you want tested or excluded (contractors, CEO, C-Suite staff, interns, etc).

Is the attack disruptive?

Because our goal is to be as unobtrusive as possible, we aim to gain access to your data or systems unnoticed. Your team may not even discover they’ve been compromised until you go over the findings with them directly.

Once testing commences, we’ll begin by gathering information on your organization and anyone with access to information systems or sensitive data. Then, it’s onto the fun part! Our master social engineers develop the ruse, pretext and situations we’ll use to influence the people— which involves extensive planning before any attack is made. It’s our superior preliminary research and strategizing that set allows our white hat social engineers to develop plausible situations that are realistic, credible and trustworthy. And it’s also the reason Mitnick Security is proud to boast a 100% success rate when using social engineering to test systems.

Need a Custom Test?

If necessary, we work closely with your team to define and customize the test scenarios to test specific policies, procedures and processes. For instance, if your organization has incident response procedures for reporting suspicious phone calls, text/instant messages, or emails, Mitnick Security can test these procedures and the overall effectiveness of your existing security awareness-training programs.

social-engineering-testing-email-phishing

Your Results

After a few weeks, or the specific terms of your testing period, we’ll schedule a final call to go over our findings.

Your detailed and easy-to-explain report will include a walkthrough of our simulated cyberattacks. You’ll know exactly which personnel were tested, the details of each attempt and our expert recommendations for fortifying your current policies. We’ll even help your IT team to implement new (or adjust old) security policies that reflect today’s social engineering threats and the results of our test.

Working with Kevin

Hire Kevin to Speak

Virtual Events & Webinars

Speaking Topics

Bureau Information

About Kevin

Speakers Bureaus

Media Kit

Penetration Testing

Incident Response

Computer Forensics

Expert Witness Services

Security Awareness Training

Vulnerability Assessment

Product Claims Testing

Red Team Operations

Social Engineering Testing

Books from Kevin Mitnick

Ghost in the Wires

The Art of Invisibility

The Art of Intrusion

The Art of Deception

In The News: More from Kevin Mitnick

Advice from Kevin Mitnick Featured in the Wall Street Journal Op-Ed

12 Ways to Defeat Two-Factor Authentication

We Need to Talk About NIST’s Dropped Password Management Recommendations

KnowBe4 Positioned as Leader in the Gartner Magic Quadrant for Second Consecutive Year

About Our Team

About Kevin

Global Ghost Team

In The News

Our Work

Our Clients

Testimonials & Reviews

Media Kit

Raising Your Security Posture with The Global Ghost Team

Resources

FAQs

Blog

Lockpick Business Card

Recent Articles

PCI Testing: Everything You Need To Know

The 4 Phases of Penetration Testing

What is Web Application Penetration Testing?

Social Engineering Testing

What Exactly is Social Engineering?

Safely Testing Your Team’s Readiness

Rolling Out the Simulated Attacks

Is the attack disruptive?

Need a Custom Test?

Your Results

Ready to get started?

SPEAKING

BOOKS

ABOUT

SECURITY SERVICES

RESOURCES

SEARCH MITNICKSECURITY.COM

Contact Us

Phone

Email

Join Our Mailing List