The latest Verizon, Ponemon, and other reports have suggested that Phishing – cleverly crafted emails that look authentic – will continue to be a key way to get to credentials, system access, and eventually data. Similarly, other forms of social engineering such as call campaigns continue to glean critical info from unwitting participants.

 

Webcheck Security is frequently asked by its clients to conduct social engineering as part of awareness vulnerabilities and education. Highlights of these engagements include:

 

• Phishing of a designated number of participants, retaining credential stats and reporting in the pen test documentation.

• Call campaigns of designated participants, maintaining and reporting stats (and we have one engineer in particular that is very good at this!)

• Physical testing campaigns, in which we do USB drops or pose as delivery personnel to try and gain access to buildings and install Rasberry Pi’s or other surveillance methods

 

Webcheck has a methodology for conducting physical security surveillance to try and gain access for authorized reports – talk to us about your specific needs and we will craft this into your penetration test scope.