Social engineering assessment
Our social engineering assessment helps businesses strengthen security by simulating social engineering attacks and training employees.
Understanding and combatting social engineering threats
Social engineering exploits people’s natural tendencies to be helpful, making even the most well-trained teams vulnerable if they aren’t equipped to recognise these threats. Cyber criminals often disguise themselves as legitimate customers or colleagues, manipulating your staff into revealing sensitive information. To combat this, it’s crucial to continually educate and test your employees on the latest social engineering tactics.
By fostering a mindset that balances customer service with vigilance, you empower your team to recognise potential threats and protect your organisation from malicious manipulation.
Methodology
Planning and reconnaissance
Cognisys will work closely with your team to understand your business operations and further information, such as your software stacks, to help plan the phishing campaign.
The goal is to tailor a convincing phishing attempt by understanding the target’s structure, behaviours, and vulnerabilities. A domain will be selected and purchased during this phase and utilised to send emails and the landing page.
Crafting the campaign
Utilising the information provided in the previous section, the team will work to craft a unique phishing email and landing page to meet your business needs. An example of this could be to pose as a member of IT support with a fake Office 365 login page being utilised.
More unique engagements can also be provided, such as posing as a customer attempting to get the staff members to open and execute a macro-enabled document.
Testing
After the phishing email and landing page are created and ready to be sent to the victims, Cognisys will reach out to you to check that the phishing campaign is delivered correctly and isn’t being blocked by any existing protections, such as Mimecast. You may be required to whitelist the phishing domain.
Execution (phishing delivery)
Once the message is ready, it’s sent to the target. The phishing email may contain a fake login page, a malware-laden attachment, or a link leading to a compromised website. This stage relies on the recipient not recognising the signs of a phishing attempt and taking the bait.
Reporting
After the phishing attack, whether successful or not, it’s crucial to analyse the outcome. In a controlled phishing engagement, the focus is on assessing how the target responded, identifying weaknesses in security awareness, and using the findings to enhance future training and security protocols.
Post-engagement training
Cognisys provides training that uses real-world scenarios to help your employees identify suspicious emails and links through interactive exercises like simulated phishing tests. This proactive approach enhances awareness and builds confidence, empowering your staff to serve as a vital security layer. Simulate attacks with Cognisys to strengthen resilience against social engineering.
Why choose Cognisys’ social engineering assessment?
Our testers are experienced in constructing and creating compelling social engineering campaigns. This allows the consultant to develop a bespoke campaign unique to the client’s requirements. This ranges from simulating an IT password reset request to imitating a customer sending a malicious document.
Post-assessment, we deliver detailed reports highlighting the findings from the social engineering campaign, such as the number of users interacting with the website, entering credentials or opening a malicious file.
FAQs
Let’s make things happen
Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.
info@cognisys.co.uk
Leeds office
5 Park Place
Leeds
LS1 2RU
info@cognisys.co.uk
London office
131 Finsbury Pavement
London
EC2A 1NT
