Social Engineering

Fingerprint Icon

Typical exercises include email-based and telephone-based phishing, attempted physical intrusion through deception and masquerading, and use of public information to elicit exposure of private or commercially sensitive information.

Where permitted as part of the engagement, crafted attachments or spoof websites may be used to obtain internal access or user credentials, and fake social media profiles may be generated to support an assumed identity.

This exercise will often be most effective when combined with Internet and social media profiling.