Social Engineering

Social engineering is a method of gaining access privileges to an organization and its assets by querying gateway personnel over a communications medium, such as telephone, email, chat, bulletin boards, etc. from a fraudulent "privileged" position. Gateway personnel are those who have the authority to grant access privileges to others. Social engineering can take the form of multiple methodologies, techniques, and tools. Therefore, we will discuss the full methodology with you in the planning phase before beginning the testing.

Expected results include:

• List of access code methods
• List of valid codes
• Names of gateway persons
• Methods of obtaining this information
• List of information obtained

Tasks to perform for a thorough test include:

• Select a gateway person from information already gained about personnel
• Examine the contact methods for gateway person from the target organization
• Gather information about gateway person (position, habits, and preferences)
• Contact gateway person and request information from an authority or privileged position
• Gather information from gateway person
• Enumerate amount of privileged information disclosed

Get a Quote