Social Engineering
What is Social Engineering?
Social engineering is the act of obtaining useful or confidential information by the social manipulation of legitimate persons (aka: target(s)). A Social Engineer will pose as a trusted person, work to earn the trust of his or her targets, or use technology to socially engineer information out of the target. The most common technologies used in Social Engineering attacks are the telephone and email. Phishing is a strong example of Social Engineering which has a very high success rate.
The vulnerability that social engineers attempt to exploit is the natural human tendency to trust other humans. It is for this very reason that many information security professionals consider employees to be the weak link in information security. It is this weak link that makes social engineering possible and gives it a 95% success rate.
What can a Social Engineering Test do for My Business?
Social Engineering services can help you identify points of weakness within your businesses that could lead to disclosure of trade secrets, user credentials, administrative credentials, maintenance schedules, and much more. Social Engineering tactics are often deployed in conjunction with Vulnerability Assessments, Penetration Tests, Web Application Assessments or even as a standalone service.