Manipulating the Human Factor

Social Engineering, as the name indicates, is the social and non-technical side of (cyber)security. It is a method in which we use psychological manipulation to identify vulnerabilities in an organisation caused by people. The techniques we use are ‘phishing campaigns’ and ‘physical intrusion’.

Phishing Campaign

Simulated phishing campaigns target employees within our client’s organization. Our consultants will create tailored emails to target employees to increase the chance that “dummy malware” will be installed or that credentials be obtained. These simulated attacks require no white-listing or prior credentials, meaning that not only your employees will be tested but also your networks defenses against phishing emails.

Physical Intrusion

HackersHub provides physical intrusion services which test many aspects of both physical security on locations and human based defenses. Our IT Security consultants will assess all possible physical attack vectors and conduct in-depth research to locate any potential weaknesses that may be present.

Pricing Options

Little Phish

  • Target up to 35 Employees
  • Tailored Emails
  • Customizable attack vectors
  • Discounted Phone Phishing add-on
  • -
  • -
    -
± €2200 Request Quote

Big Phish

  • Target up to 75 Employees
  • Tailored Emails
  • Emails spread over multiple campaigns
  • Customizable attack vectors
  • Phone Phishing included
  • -
    -
± €4300 Request Quote

Whale

  • Target up to 250 Employees
  • Tailored Emails
  • Emails spread over multiple campaigns
  • Customizable attack vectors
  • Phone Phishing Included
  • Continuous Attack over 7 working days
± €6500 Request Quote

The Process

Reconnaissance

Assessment of public exposure of the company and staff, for example: social media, data dumps and other public sources. Identify software and services used within the company, such as online services. This is done by analyzing documents published by the company and their DNS records.

Planning

Determining the type of approach, such as: phishing emails, phone, physical intrusion. Planning of the contents of the campaigns. This will be based on several factors such as time of the year, think Christmas party invite.

Preparation

Registration of typo domain names. Cloning of familiar websites to the employees or creation of new ones based on familiar styling. Formulation of phishing emails with language use and markup of the company.

First Campaign

The initial group of potentially vulnerable staff members will be targeted. The goal of the initial campaign is to get a feel for the level of awareness within the company such as the willingness to click a link in an email.

Follow Up Campaigns

Progressively the campaigns become more intrusive, initially employees are enticed to click a link. After that they will be asked to enter credentials and eventually install malware. As employees fail each campaign they will be carried over to the next.

Reporting and Education

Delivery of the report and presentation of the results. Training of the employees who failed the campaigns.

Request a free consultation

Not sure what IT Security consultancy you are looking for? Speak to one of our knowledgeable technicians to see what best fits your needs and what it will cost...

Give us some info
X Close

Get in touch