Social Engineering

The news is replete with instances of social engineering, from malicious emails to phone calls to snail mail purporting to be from the IRS. In one particularly notable example, phishers managed to convince John Podesta of the Hillary Clinton campaign to give up his credentials, leading to some rather embarrassing leaks of internal information at a critical time in the campaign.

What is social engineering? Simply put, it’s “people hacking.” We see it at work in the form of those ridiculous emails from the Nigerian prince offering to send us money, or more clever ones like the Google Docs scam. Sadly, yet another form is the advantage taken of the elderly by swindlers claiming to be from this or that organization. In all cases, the goal is simple: convince a human to do something foolish.

Sure, your employees are too savvy for this guy - Nigerian prince four-nineteen scam
But this one looked 99% real! - Google docs phishing scam

Nearly every organization is susceptible to social engineering; we have never seen a 100% success rate in repelling our tests. With even a single failure, your business may be at risk by giving attackers a backdoor into your network, or in convincing someone to cough up valuable organizational information.

Alasdair offers solutions to help curb the growing threat of social engineering:

In addition to specific social engineering solutions, we can help you should the worst happen and you indeed become a victim of a social engineering attack:

While it’s certainly preferable to help head off social engineering threats before they happen, it’s never too late to bring in a trusted partner to help deal with one that managed to get through. Alasdair stands at the ready to help educate and test, or put things back together.