People are your weakest link, not technology. Security awareness is more important than ever. Your employees must understand the importance of their role in protecting the business. Social engineering tests and validates the strength of your policies, the comprehension and compliance of staff, and the viability of technical controls.

Social Engineering uses technical and non-technical means to overcome impediments posed by information security measures. Lies, impersonation, and tricks are used to gain unauthorized access to a valued system and the information that resides on that system.

Pretexting is the act of creating and using an invented scenario to persuade a target to release information or perform an action. It is more than a simple lie as it usually involves prior research and the use of pieces of known information to establish legitimacy in the mind of the target.

Methods of Attack

1. Physical Includes attempts to gain physical access to the premises, obtain records, discover passwords, realize network access, remove equipment, and more. All tests are conducted in a very strict and professional manner
   
   
2. Phone Calls SMP calls designated personnel with a series of telephone calls, SMP Consultants attempt to acquire passwords, usernames, and other useful information that would help us gain access to a system and acquire protected information. These telephone conversations will be used to try to manipulate people into performing actions or divulging confidential information.
   
   
3. Phishing Emails SMP will craft a phishing-style e-mail intended to trick recipients clicking on a link to a bogus e-mail. SMP will send emails out to a number of individuals identified by the Customer. SMP analyzes the results and creates a report that provides the number of employees that clicked the bogus link and the response times. All scripts are approved by the client before they are sent.

SMP’s Social Engineering Assessment reports areas of concern, identifies failures in best practice, documents compliance issues, and provides recommendations for improvement. SMP can help remediate weaknesses and assist in the development and implementation of security awareness training programs.

Printable version of SMP's Social Engineering Assessment services