Chat
Chat

Talk with experts

Close btn

Contact Us

Please get in touch using the form below

By submitting this form you agree to our Privacy Policy
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Contact Us

Message Sent

Thank you for contacting us. We will get back to you shortly.

Contact Us

Something has gone wrong!

Certifications & Accreditations

What is social engineering?

Social Engineering discovers unidentified business risks

Social engineering attacks encompass various activities intended to trick individuals into divulging personal or company information. Attackers deceive, influence, coerce or manipulate users to gain control of your computer systems. 99% of cyber attacks use social engineering to convince users to install malware. This malicious software is then used to infiltrate an organisation’s networks and servers.

Password

Phishing is by far the most common type of social engineering tool, and over 90% of all data breaches result from phishing. Approximately one in 99 emails contain a phishing attack, and these emails readily make their way to commercial and business users.

This social engineering technique sends emails that masquerade as emails from legitimate entities to acquire information such as login and credit card details. Phishing emails are often cloaked as emails from online banks, social media sites, IT firms and auction sites.

Phishing is one of the most expensive cyberattacks that costs an average of $4.65 million to remediate.

Vishing is the use of phone calls to achieve the same result as phishing, while smishing uses SMS/text messages.

Phishing

This is a form of cyber social engineering very similar to phishing, except that the emails are targeted at specific individuals. Attackers research the receiver and know who this individual views as trusted email sources. They could even mimic the victim’s personal emails and trick them into clicking on malicious links or attachments.

SpearPhishing

This is a recently popularised form of cyber security social engineering that uses malware such as rogue anti-spyware, anti-malware, scanners or scareware to deceive users. The hackers use rogue security software to mislead users into believing they can help them remove malware at a fee.

RogueSecurity

Pretext social engineering attacks involve an attacker impersonating someone in a powerful position. They could pretend to be company managers, auditors, members of the IRS or police officers. Since scammers demand information under the pretext of authority, victims are more likely to provide it.

Pretexting

Baiting is a way of luring victims by offering them something or piquing their interest. An example is a free download using social media engineering or even a USB drive with a provocative label. Once you download the file or use the infected device, malware is installed on your computer, giving access to the hacker.

Baiting

This is another one of the many methods of social engineering where a hacker pretends to be a member of IT support staff. They then call employees and claim they need to perform a system fix and need the employee to disable their antivirus software.

Hackers can also ask employees if they need technical assistance, and once an employee says they need help, they will be asked to provide personal user credentials. Employees who follow these instructions are likely to experience a malware attack.

QuidProQuo

This is a physical aspect of social engineering where intruders gain access to office buildings or business locations. An attacker can tailgate an authorised user by following them into the premises without their knowledge.

Piggybacking is very similar to tailgating, except the authorised entrant knowingly lets the intruder into the premises. They could hold the door open for someone with a heavy load or an employee who forgets their access cards.

TailgatingPiggyBacking
  • MCSL

    Don't open emails from unknown sources.

  • MCSL

    Do not rely on a single security measure to protect your organization.

  • MCSL

    Don't let offers or gifts from strangers lure you in.

  • MCSL

    Keep your laptop locked whenever you are away from your workstation.

  • MCSL

    Install antivirus software and keep the software updated.

  • MCSL

    Avoid listing employee email addresses on websites - use a web form instead.

  • MCSL

    Increase employee awareness of the risks of oversharing personal information online

  • MCSL

    Do not allow strangers or people without appointments into your office buildings.

  • MCSL

    Instill the mantra ‘think before you click’ in all employee activities and reduce the impact of human error.

SingleOrganization

Social engineering penetration test methodology

Microminder CS Social Engineering Penetration Testing Process

This is the social engineering reconnaissance stage of social engineering pen testing. It requires our team to collect information about your organisation from public sources.

This step is performed before conducting social engineering testing. We consult with your IT team to establish the assessment requirements and the scope of the social engineering penetration test

At this stage, Microminder’s social engineering penetration testing team attempts to breach your systems or office premises and collect sensitive information. Testing could involve using phishing services to send random phishing emails to employees and monitoring their different actions. A social engineering company will also attempt to enter business offices and obtain company data.

Microminder’s social engineering pen testing team takes the reporting of test results as a crucial part of penetration testing. We prepare a full technical report for software engineers that sets out the goals of the test, the social engineering testing methodology and the vulnerabilities we identify. We also provide an executive report more appropriate for managerial teams and other employees that summarises our activities.

Because employees are the biggest deterrent from social engineering attacks, we recommend investing in regular social engineering training. Conduct workshops or awareness exercises to give employees the skills to identify and respond to cyber threats.

We bring intelligence and mindset together.

Transform your cyber security strategy and make it your competitive advantage. Drive cost efficiency and seamlessly build a roadmap. Let’s do it right the first time!

Call   020 3336 7200

Microminder Cybersecurity

Blogs & Resources

Discover our latest content and resources