Social Engineering

Adopt an offensive and awareness-raising approach!

Phishing, Phoning, USB dropping...

hacking man

Social engineering" consists of deceiving the vigilance of an employee in order to obtain sensitive information or to carry out malicious actions (opening files, scamming the president, etc.). Synetis auditors can adopt an offensive and awareness-raising approach by contextualizing their attacks (USB dropping, phoning, vishing, smsing, whatsapping, etc.).

In 2015, it was estimated that one in five employees had a tendency to plug in a "forgotten" or "gifted" USB flash drive. Without any precaution beforehand, this behavior can be dangerous for several reasons such as infections via ransomware or other, use of the USB Killer device, etc. Synetis is able to create malicious USB keys and then "abandon" them in order to trap employees.

Phishing is a widely used method for attackers to detonate their malicious payloads directly on your organization's network. These types of attacks can also invite users to log in on fake authentication checks in order to compromise secrets.

We can carry out social engineering type campaigns using several vectors:

Phishing remains one of the main vectors of cybercrime. This type of attack aims to get the recipient of an apparently legitimate email to transmit their bank details or login credentials (for example, to financial services in order to steal money). Phishing can be used in more targeted attacks to try to obtain an employee's access credentials to professional networks to which he or she may have access or to execute code contained in a malicious attachment.

Do not hesitate to contact us to discuss the modalities of realization of these campaigns.

Protection and monitoring of

Our Audit experts
answer your questions