Social Engineering
Assess your organization's resistance to social engineering scenarios
Social engineering” consists in deceiving an employee’s vigilance in order to obtain sensitive information or to carry out malicious actions (opening files, scamming the president, etc.). Our auditors can adopt an offensive and awareness-raising approach, contextualizing their attacks (USB dropping, phoning, vishing, smsing, whatsapping, etc.).
In 2015, it was estimated that one in five employees had a tendency to plug in a “forgotten” or “gifted” USB flash drive. Without any precautions in advance, this behavior can be dangerous for a number of reasons, such as infection via ransomware or other means, use of the USB Killer device, etc. Synetis is able to create malicious USB sticks and then “abandon” them to trick employees.
Test your organization's vigilance against phishing techniques
Phishing is a method widely used by attackers to detonate their malicious payloads directly on your organization’s network. This type of attack can also prompt users to log on to false authentication cre dentials in order to compromise secrets.
- Phishing by e-mail (use of a domain name close to the company, such as typosquatting or "forgotten" domains) or telephone call;
- Phishing with booby-trapped USB keys ;
- Telephone calls to retrieve sensitive information (passwords, customer data, etc.).
Phishing remains one of the main vectors of cybercrime. The aim of this type of attack is to get the recipient of an apparently legitimate e-mail to transmit bank details or login credentials (for example, to financial services in order to steal money). Phishing can be used in more targeted attacks to try to obtain an employee’s access credentials to professional networks for which he or she has rights, or to execute code contained in a malicious attachment.
Please do not hesitate to contact us to discuss how to carry out these campaigns.