Social Engineering

Did you know that 98% of cyber attacks rely on social engineering schemes?

(Purplesec, 2021)

WHAT IS SOCIAL ENGINEERING?

Social engineering obtains confidential information or access to physical assets by manipulating legitimate users. 

Most social engineering attacks are not designed to target a specific user but rather the corporate culture. 

3 COMMON TYPES OF SOCIAL ENGINEERING ATTACKS

PHISHING

Cyber-criminals will pose as a trustworthy source to lure confidential or sensitive information from unsuspecting sources. Phishing is done on multiple platforms such as email, text message, social media, etc.

TAILGATING

Tailgating is a physical type of social engineering attack. In these attacks, someone without the appropriate security validation follows an employee into a restricted area to gain access to sensitive information. 

SEARCH ENGINE PHISHING

Search engine phishing occurs when hackers create phony sites and get them indexed on popular search engines. For example, the hacker’s site may pose as a bank, social media or shopping site. Once an individual interacts with the phony website, the hacker gains access to the user’s sensitive information.

SOCIAL ENGINEERING ASSESSMENTS

Our Social Engineering Assessment uses various methods to test your organization’s cyber-attack susceptibility. Our security experts will use a series of approved techniques to improve your digital security posture effectively.

ONLINE'S SOCIAL ENGINEERING ASSESSMENT INCLUDES THE FOLLOWING STEPS :

KEY BENEFITS OF A SOCIAL ENGINEERING ASSESSMENT

IDENTIFY

Organizations can identify what channels their employees and executives are most vulnerable to social engineering attacks.

IMPROVE

A clear understanding of what an  organizations vulnerabilities are can be leveraged to improve future security training programs. 

PREVENT

By improving awareness and training programs relating to social engineering schemes, organizations can better respond to future attacks. 

"Social engineering is about hacking people rather than computers."

Steve Levinson, Vice-President, RSP, Online Business Systems
BLOG: DON'T TRUST UNTIL YOU VERIFY

Fast forward to modern times, where the power of information has allowed technology to advance in many ways. Unfortunately, while these advances have brought many benefits ("Alexa, what's the weather going to be today?"), they have also opened a plethora of new attack vectors to be used by nefarious individuals, crime gangs, cause-driven groups, and nation-states to influence innocent people like you and me to do things that are not in our best interest or to think something that isn't true.

PRACTICE OVERVIEW:
TECHNICAL SECURITY SERVICES

Interested in learning more about Online's technical security services? Download our practice overview to see the full scope of security services offered by us.

CONNECT WITH OUR TEAM

Will Bechtel


Director,

Technical Security Services

ROB HARVEY


Managing Director,
Risk, Security and
Privacy

Secure By Design
(Part 1)

BLOG

Application Development is Like Building a House

BLOG

When to get a Threat-Based Risk Assessment

BLOG