Advanced Social Engineering

Social Engineering is a concept closely related to the discipline of human intelligence (HUMINT) and elicitation, referring to the ability to obtain information from human sources. In the context of cyber security, it refers to a complex fraud scheme that an attacker uses to gain unauthorized access to data or networks via an unknowingly human target that is tricked into facilitating such access. Section performs social engineering attacks to identify and mitigate security weaknesses.

Learn about social engineering

Social Engineering Attacks

What is Social Engineering?

The raison d’être of social engineering is that to almost every network is a user connected – a user that can potentially be exploited with less technical means than other forms of cyber attacks. More often than not, social engineering attacks are targeted against companies for either monetary gain or for industrial espionage, and the employees are merely the instruments of the social engineer as they have authorised access to the desired network or data.

The modus operandi of a modern social engineer is to animate an unknowingly employee to facilitate access to the company network, and only creativity sets the limit to the methods employed by the attacker. Common for all methods, however, is the element of deception. If perfectly executed, the target person will never suspect that they were subjected to a social engineering attack.

Section has in-depth experience with planning and executing advanced social engineering attacks that will leverage almost any company - regardless of their security level. Our methods are unorthordox, creative by nature, and with a clear focus of identifying vulnerabilities in our clients' security infrastructure, so we can assist in the mitigation process and provide them with greater resilience against advanced social engineering attacks.

Do I Need a Social Engineering Test?

If you want test whether your current security setup, including cyber security and physical security, can withstand advanced social engineering attacks performed in realspace, then an advanced social engineering test is the right choice for your company.

Most clients choose the advanced social engineering tests as an add-on to phishing tests performed in cyberspace, which works on the same premise as social engineering attacks performed in realspace.

A company may have recently changed their security protocols or have doubts about whether their existing protocols and policies are working or not, which is a good premise for having an advanced social engineering attack conducted that are designed to evaluate exactly this.

Section tailors social engineering attacks to your company's requirements. Each attack performed are more or less unique, as companies have very different security setups. We always consult our clients beforehand and agree to the full scope of the social engineering test, prior to conducting the attack scenarios, so the client knows exactly what will take place.

Social Engineering

Insider Threats

The most daunting of social engineering attacks is the insider threat. An insider threat refers to an employee, who already has the necessary authorization to access the network and/or sensitive data, and who will either exfiltrate data or inject malware to allow for remote access. Insider threats are very difficult to discover as they move freely and undetected within the company. This would constitute an intentional insider threat, which is often motivated by monetary gain from selling sensitive information.

There is, however, also the incidental insider threat, e.g. an employee that mistakenly shares information with the wrong people via email or incidentally have sensitive information lying around on their desks. This form of incidental exposure of otherwise company confidential information is common, and can be collected and utilised by a social engineer.

While these threats poses a significant risk for companies, there are effective methods for identifying potential insider threats. Contact us for more information about our solutions to detect and mitigate both intentional and incidental insider threats.

Social Engineering Attacks

Want to learn more about our social engineering services?

Contact Section for a talk about how we can help you identify vulnerabilities within your company, so you can become resilient against social engineering attacks and minimize risks.

Let's Get In Touch