Next Steps
This form does not yet contain any fields.
    IT Security Incident DB, Australia/NZ

    Social Engineering Testing


    HackLabs has provided Social Engineering testing to many organisations throughout the world. During the Social Engineering testing, HackLabs' experts attempt to manipulate an organisation’s employees into allowing unauthorised access to confidential information. This allows the organisation to test their Information Security Policy and their employees’ adherence to that policy. By hiring HackLabs to perform this test, the organisation can identify failure points and train its staff in order to prevent an actual breach. HackLabs has designed techniques that can be performed both onsite and remotely.

    During an onsite engagement, HackLabs will use various techniques to gain physical access to obtain records, files, and/or equipment that may contain confidential information.

    The onsite engagement techniques typically include:

    • Dumpster diving
    • “Trusted Authority” disguises, such as fire inspectors, air conditioning repairman, pest control man, etc.
    • Employee Impersonation (IT HelpDesk, New Hire and Auditor)

    The onsite engagement tests for the following vulnerabilities:

    • Proper Disposal of Sensitive Data
    • Privacy Policy Awareness and Implementation
    • Institution Policy Adherence
    • Violation Reporting
    • Access Privileges
    • Sensitive Area Security
    • Device/System Compromise
    • Technical Preventive and Detective Controls

    The remote Social Engineering engagement involves the manipulation of the organisations by telephone or email in an attempt to get employees to divulge user names, passwords, customer NPPI (Non-Public Personal Information) or other confidential information.

    The remote engagement techniques typically include:

    • Pretext Calling (e.g Employees and Help Desk Teams)
    • Phishing
      • Email based (Attempting to get employees to login to orgainsation branded portals)
      • Physical honeypots (CD's & USB Keys - This uses items planted to lure employees to run payloads)

    The remote engagement can include tests for the following:

    • Privacy Policy Awareness and Implementation
    • Institution Policy Adherence
    • Violation Reporting
    • Access Privileges
    • Privacy Filtering
    • Technical Preventive and Detective Controls


    Why Should I Perform Social Engineering Testing ?

    Social Engineering allows organisationsto test the response to an active attack and allows an it to measure the effectiveness of the Information Security Awareness of it's employees.