10/21/24
Penetration testing – Social Engineering Testing Social engineering testing involves assessing an organization's susceptibility to manipulation and deception by simulating various techniques used by malicious actors to exploit human psychology. The goal is to identify potential vulnerabilities in human behavior, awareness, and security practices. Unlike typical penetration testing, social engineering penetration testing is about exploiting human psychology and social interaction rather than technical security controls or system vulnerabilities. Your aim is to trick another human into giving you access to a target’s environment This is a critical component of a good cybersecurity program, as it addresses the human factor in security. Regular testing helps organizations strengthen their employees' awareness, resilience to manipulation, and overall security posture against social engineering threats.
company confidential
31
Penetration testing – Social Engineering Testing Different types or Social Engineering: • Phishing: • Definition: Phishing involves sending fraudulent emails, messages, or websites that appear to be from a trustworthy source. The goal is to trick individuals into revealing sensitive information, such as login credentials or financial details. • Example: A phishing email claiming to be from a bank, requesting the recipient to click on a link and provide their account credentials. • Vishing (Voice Phishing): • Definition: Vishing involves using voice communication, often through phone calls, to manipulate individuals into divulging sensitive information. Attackers may impersonate trusted entities or use urgent scenarios to create a sense of urgency. • Example: A phone call claiming to be from IT support, requesting the user's password for system maintenance . • Impersonation: • Definition: Impersonation occurs when an attacker poses as a trusted individual or entity to deceive individuals. This can involve pretending to be a coworker, a service technician, or a delivery person to gain access or information. • Example: An individual dressed as a maintenance worker gaining entry to a secure building by claiming to fix a non-existent issue.
company confidential
32
16
Made with FlippingBook - Online catalogs