Social Engineering

Darn IT Group’s Social Engineering program relies on a set of technological, psychological, and physical techniques that trick a user into breaking security protocols.

These techniques include:

1. Phishing – Phishing occurs when an attacker masquerades as a credible source, and sends an email requesting that a user performs an action (ex: clicks a URL, or opens an attachment) and conveys confidential information. Spear-Phishing is similar, but the attacker targets specific individuals and includes relevant information to appear even more convincing.
2. Vishing – Malicious attackers will attempt to call various individuals or groups to gather information about a target or in order to influence an action. For example, a common scenario would involve a hacker calling a help-desk to request that a new account be created.
3. Impersonation – Pretexting as another person or presenting a false identity can allow an attacker to gain access to information, facilities, or secure systems.

All of these techniques rely on the exploitation of humans. In order to minimize the likelihood and risk of a Social Engineering attack, Darn IT Group will work with your organization to test end user Security Awareness of Phishing, Spear Phishing, and other Social Engineering attacks.