Social engineering assessment

Social engineering exploits people’s natural tendencies to be helpful, making even the most well-trained teams vulnerable if they aren’t equipped to recognise these threats. Cyber criminals often disguise themselves as legitimate customers or colleagues, manipulating your staff into revealing sensitive information. To combat this, it’s crucial to continually educate and test your employees on the latest social engineering tactics.

By fostering a mindset that balances customer service with vigilance, you empower your team to recognise potential threats and protect your organisation from malicious manipulation.

Cognisys will work closely with your team to understand your business operations and further information, such as your software stacks, to help plan the phishing campaign.

The goal is to tailor a convincing phishing attempt by understanding the target’s structure, behaviours, and vulnerabilities. A domain will be selected and purchased during this phase and utilised to send emails and the landing page.

Utilising the information provided in the previous section, the team will work to craft a unique phishing email and landing page to meet your business needs. An example of this could be to pose as a member of IT support with a fake Office 365 login page being utilised.

More unique engagements can also be provided, such as posing as a customer attempting to get the staff members to open and execute a macro-enabled document.

After the phishing email and landing page are created and ready to be sent to the victims, Cognisys will reach out to you to check that the phishing campaign is delivered correctly and isn’t being blocked by any existing protections, such as Mimecast. You may be required to whitelist the phishing domain.

Once the message is ready, it’s sent to the target. The phishing email may contain a fake login page, a malware-laden attachment, or a link leading to a compromised website. This stage relies on the recipient not recognising the signs of a phishing attempt and taking the bait.

After the phishing attack, whether successful or not, it’s crucial to analyse the outcome. In a controlled phishing engagement, the focus is on assessing how the target responded, identifying weaknesses in security awareness, and using the findings to enhance future training and security protocols.

Cognisys provides training that uses real-world scenarios to help your employees identify suspicious emails and links through interactive exercises like simulated phishing tests. This proactive approach enhances awareness and builds confidence, empowering your staff to serve as a vital security layer. Simulate attacks with Cognisys to strengthen resilience against social engineering.

Our testers are experienced in constructing and creating compelling social engineering campaigns. This allows the consultant to develop a bespoke campaign unique to the client’s requirements. This ranges from simulating an IT password reset request to imitating a customer sending a malicious document.

Post-assessment, we deliver detailed reports highlighting the findings from the social engineering campaign, such as the number of users interacting with the website, entering credentials or opening a malicious file.

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.

Learn how we helped In Parallel achieve their ISO 42001 certification, boosting their market credibility.

Insights and trends from recent cyber threats and vulnerabilities from September.

In this blog, we discuss what vulnerability management is, the lifecycle from discovering weaknesses to prioritising, resolving, and continuously improving defences to minimise cyber risks.