About Social Engineering Testing
Overview
We tailor assessments based on the audience, and test that audience using the threats that we can expect them to encounter (malicious invoice/resume, email from a friend/co-worker, etc.). Testing activities remain in a controlled environment, and assessment results provide actionable remediation. For all social engineering services, we provide a detailed description of the assessment, results, and our recommendations. We also offer an in-depth debriefing to discuss findings and remediation with your stakeholders. Our social engineering methodology follows these standard phases:
Information Gathering
- Find out who works for the company, what their jobs are, and the types of email that they receive
- Identify what companies send the email, and what the email looks like
- Determine when and why they might receive a particular message
Campaign Execution
- Launch attack, and monitor responses
- Update customer, and provide debriefing
Scenario Preparation
- Present available scenarios
- Select scenario for campaign
- Purchase domains, create accounts, and author emails
- Setup infrastructure, run tests, and get customer approval
Daily Briefings
During the test, we communicate with you daily to let you know who opened the email as well as who clicked on the link or opened the attachment. Giving you an opportunity to ask questions or get more information.
Executive and Technical Reports
At the conclusion of the test, Hellfire provides you with two reports: one for executive management so that they can see who is putting the company at risk and one for the IT department, demonstrating the attacks and a record of who fell for what and when.
Types of Tests
Media Drop
Hellfire Security identifies who pick up that USB stick or DVD and connect it their system.
Phishing Email
Hellfire Security finds who in your firm will open that email, click on that link, complete that form, or download that attachment.
Phone Calls
Hellfire Security finds who in your firm will open that provide personal or business information over the phone.