Social Engineering

Social Engineering is an ever-growing and effective tactic that attackers are using on institutions today. This tactic usually involves significant research, planning and careful execution to be successful. Social Engineering often times is not conducted via means of technology but rather institutions employees are targets of these attacks. New techniques are continually being developed and targeted specifically at Financial Institutions.

 

A common statement that summarizes and is essentially the basis Social Engineering is: “it is much easier for someone to tell me their password then for me to figure it out.” It is a series of techniques used to persuade an individual to providing confidential information. There are also Social Engineering tactics that do not include an individual at all.

HEIT has been extremely successful through the years in performing Social Engineering Testing on Financial Institutions. In many instances this has provided HEIT direct access to the test subject’s internal network. There are many different forms of social engineering and new ones are continually being used by attackers. HEIT utilizes many of these forms during testing. Most effective Social Engineering tests are conducted in combination with a Vulnerability/Penetration tests. This allows any information that is acquired to be used to gain access to institutions sensitive information or networks. Since the large majority of Social Engineering is targeted at institutions employees, following testing completion HEIT can assist with remediation methods and employee training programs.

Common Types of Social Engineering

• Persuasion
• Impersonation
  
• Phishing
• Phone Phishing
• Virus & Trojan Horse
• Reverse Social Engineering
• Road Apple
• Dumpster Diving