Social Engineering Service

Home>Cyber Security Services>Social Engineering Service

Social Engineering Services

Social Engineering is an effective, non-technical means for an attacker to infiltrate the organization and secure a foothold by exploiting the “good nature” of human personality. As an example, one common route for social engineering involves an individual contacting a help desk claiming to be someone they aren’t. As a result of the help desk staffer wanting to help the individual on the phone, they either disclose information they shouldn’t have disclosed or give unauthorized access to someone they shouldn’t have.

To kickstart a social engineering assessment, CynergisTek utilizes client-supplied information to quickly determine the most likely areas for social engineering success. With this information gathered. We:

  • Request and review the policies, support information and processes of the target within the organization
  • Identify potential attack vectors, either provided by the customer or identified during the data gathering and review phase
  • Construct an attack around those specific attack vectors and provide a window of time that the attacks will be run (communicated only to the key stakeholders)
  • Construct a limited communication plan that details the appropriate measures that should be taken to manage any support or incidents that may arise during the orchestrated attacks

Our Experts are Waiting!

Contact us to learn more about our social engineering services and how we can help your organization.

Information Review

Vector Identification

Attack Execution

Communication Plan Development

Phishing Assessments

Phishing is actually a sub-category of social engineering that is very specific to email and was identified by healthcare IT executives as the top future cybersecurity threat. It has been the root cause of many recent breaches and even led to an expensive OCR settlement.

In a standard phishing scheme, an attacker constructs an email to look as close as possible to one coming from a trusted source (e.g., bank, insurance company, well-known brand, etc.) with the intent that the recipient will assume the contents of the email must be trustworthy because they came from a trustworthy source. In reality, the links in the email are to a nefarious location constructed to extract information from the recipient through various technical means. The data lost in these types of attacks can be as simple as a user being tricked into typing in their user credentials to “confirm them” (thereby giving the attacker their credentials to log into their account) or as extensive as theft of data residing on the target computer by way of a web-based script that retrieves select information from the target’s computer without them ever having done anything other than click on a few links.

To facilitate a phishing assessment, CynergisTek utilizes a combination of insider knowledge and the latest trends in phishing to achieve a realistic scenario designed to entice employees into investigating the email and handing over restricted or sensitive information. Findings from this study provide insight into the workforce’s ability to take a critical eye to suspicious emails, as well as deliver detailed reporting about how far into the phishing net they swam (and the information they might have divulged should it have been a real attack). Our phishing assessment has helped thousands of users become more knowledgeable of deceptive phishing efforts, and it will help you create a culture of cybersecurity awareness and empower your staff to be more cautious of suspicious emails.

What Our Clients Say

CynergisTek’s social engineering and phishing service was an excellent training tool for our organization. A third-party assessment of how our policies and procedures would stack up against a real threat was eye-opening and provided us with valuable information we can leverage to continue to enhance our security posture.

Joe Egan, Director of Information Security, Valley Children's Hospital

As a trusted partner for the past decade, CynergisTek provides periodic evaluations of our systems and expert advice to keep us on pace with evolving security threats and priorities, like cybersecurity. The assessment was invaluable in terms of gleaning solid metrics regarding our personnel and raising awareness of pertinent threats. Now, we are better equipped to identify, respond and better educate our workforce to a phishing campaign targeting our organization.

Larry G. Pierce, Manager of Information Security and Enterprise Management, Atlantic Health System

Related Resources