Our Social Engineering Assessment Services involves simulating real-world attacks to provide a current view of vulnerabilities and threats to a client environment. These "human-based" attacks consist of impersonating a trusted individual in an attempt to gain information and/or access to information or the client network infrastructure. The following types of social engineering security attacks can be scoped and added to an existing engagement.Offsite or remote Social Engineering Assessment
Our Social Engineering penetration test is for those companies that would like to test already established security controls and procedures by creating a series of ruses that simulate a real social engineering attack.
Email Phishing is a scam intended to steal credentials, such as usernames and passwords. Smishing has the same goal, but it is run through SMS (texting) technology.
BellTroX will test how your employees handle a telephone call from a "social engineer" trying to obtain unauthorized information
Onsite Social Engineering Assessment
USB Flash drives and CD-ROMs with enticing labels such as "Payroll" will be left in public areas such as hallways, restrooms and break rooms. The media will contain simulated malicious code that will attempt to grab sensitive host information such as the network configuration, list of running processes and a password hash dump.
Social engineers may pretend to be a service technician to obtain access to your servers. BellTroX will identify high-risk areas and test all security options like: