Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or for financial gain.
Social engineering is a popular tactic among hackers because it is often easier to exploit users’ weaknesses than it is to find a network or software vulnerability.
Social engineering, in the context of information security, refers to psychological and social manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access. It differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.
Barton Cyber+ will execute Social-Engineering attacks on an organisation’s target employees. Social-Engineering provides a baseline to the effectiveness of the education and awareness programme and how well an organisation can withstand a targeted social engineering attack.
Social engineering attacks have been increasing in frequency, due to the ease of attack and the ability to circumvent a number of security controls to gain access to sensitive information. Attackers are finding it significantly easier to circumvent stringent perimeter defenses by targeting the organisation’s user population.
Barton Cyber+ performs a varying level of social-engineering attacks based on the maturity level of the organisation which increases in sophistication as the information security program is enhanced.
Any website, online service, phone call or text message that poses as a company or brand you recognise.
Any contact like this is designed to convince you to hand over valuable personal details or your money, or download something that infects your computer. The three terms are all plays on the word ‘fishing’, in that the fraudsters fish for potential victims by sending emails, social media messages or text messages or making phone calls with urgent messages in the hope of persuading someone to visit the bogus website.
Use simulated phishing attacks to assess your risks
A Simulated Phishing Attack aims to establish whether your employees are vulnerable to phishing scams, so you can take immediate action to improve your cyber security. This service gives you an independent assessment of employee susceptibility to phishing attacks and provides a benchmark for your security awareness campaigns.
After completing the simulation, the results of the test can be shared with employees. As part of this feedback, Barton Cyber+ has developed an e-learning module to help your staff understand how phishing attacks work, the tactics that cyber criminals employ to lure inattentive users, and how to spot and avoid a phishing campaign.