Social Engineering Testing


Running a fack social engineering attack is essential for organizations in order to:

 

Define the weak points early and fix them.

Fulfill compliance requirements.

 

TSS  work hand in hand with you to design, perform and measure the full social engineering test.

application penetration testing

Information Gathering

To understand the org culture and environment

Craft Attack Scenarios

Write scripts, content, links, apps to be used in the test

Run fake Attack

Send emails, Call victims,...etc

Reporting

Monitoring & reporting victims interactions and behavior

Caller ID spoofing is the practice of causing the telephone network to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. These can be used in a social engineering situation to display that a call is coming from a remote office, Inside the office, a partner organization, a utility/service company, a superior or a delivery company.

TSS Social Engineers can use many ways to perform Phone Spoofing attacks such as:

  • Spoof Cards
  • VOIP (Asterisk)
  • Spoof Apps on IOS & Android
  • Voicemails

Contact us

We will customize a testing plan for you!

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Phishing emails may contain links to websites that are infected with malware.

Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users and exploits the poor usability of current web security technologies.

TSS Social Engineers able to use Social Engineering Toolkit “SET” (on Kali) with all types of Social Engineering Attacks and tools such as:

  • Spear-Phishing Attack Vectors: This tool allows you to send e-mails with a malicious file as payload.
  • Website Attack Vectors: This tool allows you to create a malicious website link.
  • Mass Mailer Attack: This tool will send e-mails to the target.
  • Preparing phishing emails with different scenarios based on customer business and surrounding environment
  • Preparing backend fake applications with like-reality links to be inserted into the phishing email and with topics to attract the victims to click on these links.

Contact us

We will customize a testing plan for you!