Social Engineering

Did you know that 98% of cyber attacks rely on social engineering schemes?

(Purplesec, 2021)

WHAT IS SOCIAL ENGINEERING?

Social engineering obtains confidential information or access to physical assets by manipulating legitimate users. 

Most social engineering attacks are not designed to target a specific user but rather the corporate culture. 

3 COMMON TYPES OF SOCIAL ENGINEERING ATTACKS

PHISHING

Cyber-criminals will pose as a trustworthy source to lure confidential or sensitive information from unsuspecting sources. Phishing is done on multiple platforms such as email, text message, social media, etc.

TAILGATING

Tailgating is a physical type of social engineering attack. In these attacks, someone without the appropriate security validation follows an employee into a restricted area to gain access to sensitive information. 

SEARCH ENGINE PHISHING

Search engine phishing occurs when hackers create phony sites and get them indexed on popular search engines. For example, the hacker’s site may pose as a bank, social media or shopping site. Once an individual interacts with the phony website, the hacker gains access to the user’s sensitive information.

SOCIAL ENGINEERING ASSESSMENTS

Our Social Engineering Assessment uses various methods to test your organization’s cyber-attack susceptibility. Our security experts will use a series of approved techniques to improve your digital security posture effectively.

ONLINE'S SOCIAL ENGINEERING ASSESSMENT INCLUDES THE FOLLOWING STEPS :

Establish well-defined goals and ground rules prior to assessment.

Identify and report any vulnerabilities identified through the assessment.

Provide actionable advice to ensure vulnerabilities can be quickly and efficiently remediated.

KEY BENEFITS OF A SOCIAL ENGINEERING ASSESSMENT

IDENTIFY

Organizations can identify what channels their employees and executives are most vulnerable to social engineering attacks.

IMPROVE

A clear understanding of what an  organizations vulnerabilities are can be leveraged to improve future security training programs. 

PREVENT

By improving awareness and training programs relating to social engineering schemes, organizations can better respond to future attacks. 

"Social engineering is about hacking people rather than computers."

BLOG: DON'T TRUST UNTIL YOU VERIFY

Fast forward to modern times, where the power of information has allowed technology to advance in many ways. Unfortunately, while these advances have brought many benefits ("Alexa, what's the weather going to be today?"), they have also opened a plethora of new attack vectors to be used by nefarious individuals, crime gangs, cause-driven groups, and nation-states to influence innocent people like you and me to do things that are not in our best interest or to think something that isn't true.

keep reading
PRACTICE OVERVIEW:
TECHNICAL SECURITY SERVICES

Interested in learning more about Online's technical security services? Download our practice overview to see the full scope of security services offered by us.

show me more

CONNECT WITH OUR TEAM

mark van patten

Director

Technical Security Services

Let's Talk

ROB HARVEY

Managing Director

Risk, Security and Privacy

Let's Talk