Share:
Phishing, Phoning, USB dropping...
Social engineering" consists of deceiving the vigilance of an employee in order to obtain sensitive information or to carry out malicious actions (opening files, scamming the president, etc.). Synetis auditors can adopt an offensive and awareness-raising approach by contextualizing their attacks (USB dropping, phoning, vishing, smsing, whatsapping, etc.).
In 2015, it was estimated that one in five employees had a tendency to plug in a "forgotten" or "gifted" USB flash drive. Without any precaution beforehand, this behavior can be dangerous for several reasons such as infections via ransomware or other, use of the USB Killer device, etc. Synetis is able to create malicious USB keys and then "abandon" them in order to trap employees.
Phishing is a widely used method for attackers to detonate their malicious payloads directly on your organization's network. These types of attacks can also invite users to log in on fake authentication checks in order to compromise secrets.
- Phishing by e-mail (use of a domain name close to the company such as typosquatting or "forgotten" domain) or phone call;
- Phishing with booby-trapped USB keys;
- The phone call to retrieve sensitive information (password, customer data, etc.).
Phishing remains one of the main vectors of cybercrime. This type of attack aims to get the recipient of an apparently legitimate email to transmit their bank details or login credentials (for example, to financial services in order to steal money). Phishing can be used in more targeted attacks to try to obtain an employee's access credentials to professional networks to which he or she may have access or to execute code contained in a malicious attachment.
Do not hesitate to contact us to discuss the modalities of realization of these campaigns.
