Manipulating the Human Factor
Social Engineering, as the name indicates, is the social and non-technical side of (cyber)security. It is a method in which we use psychological manipulation to identify vulnerabilities in an organisation caused by people. The techniques we use are ‘phishing campaigns’ and ‘physical intrusion’.
Phishing Campaign
Simulated phishing campaigns target employees within our client’s organization. Our consultants will create tailored emails to target employees to increase the chance that “dummy malware” will be installed or that credentials be obtained. These simulated attacks require no white-listing or prior credentials, meaning that not only your employees will be tested but also your networks defenses against phishing emails.
Physical Intrusion
HackersHub provides physical intrusion services which test many aspects of both physical security on locations and human based defenses. Our IT Security consultants will assess all possible physical attack vectors and conduct in-depth research to locate any potential weaknesses that may be present.
Pricing Options
Little Phish
- Target up to 20 Employees
- Tailored Emails
- Customizable attack vectors
- Discounted Phone Phishing add-on
- -
- -
-
Big Phish
- Target up to 75 Employees
- Tailored Emails
- Emails spread over multiple campaigns
- Customizable attack vectors
- Phone Phishing Included
- -
-
Whale
- Target up to 150 Employees
- Tailored Emails
- Emails spread over multiple campaigns
- Customizable attack vectors
- Phone Phishing Included
- Continuous Attack over 6 working days
The Process
Reconnaissance
Assessment of public exposure of the company and staff, for example: social media, data dumps and other public sources. Identify software and services used within the company, such as online services. This is done by analyzing documents published by the company and their DNS records.
Planning
Determining the type of approach, such as: phishing emails, phone, physical intrusion. Planning of the contents of the campaigns. This will be based on several factors such as time of the year, think Christmas party invite.
Preparation
Registration of typo domain names. Cloning of familiar websites to the employees or creation of new ones based on familiar styling. Formulation of phishing emails with language use and markup of the company.
First Campaign
The initial group of potentially vulnerable staff members will be targeted. The goal of the initial campaign is to get a feel for the level of awareness within the company such as the willingness to click a link in an email.
Follow Up Campaigns
Progressively the campaigns become more intrusive, initially employees are enticed to click a link. After that they will be asked to enter credentials and eventually install malware. As employees fail each campaign they will be carried over to the next.
Reporting and Education
Delivery of the report and presentation of the results. Training of the employees who failed the campaigns.
Request a free consultation
Not sure what IT Security consultancy you are looking for? Speak to one of our knowledgeable technicians to see what best fits your needs and what it will cost...
Give us some info