Social Engineering Services


If you are only testing your security through traditional means of compromising computer systems, you are potentially overlooking the area of greatest risk to your organisation – attacks against your people.

A determined attacker, who is targeting you, will look for the easiest point of access to your systems and data. In many cases, this will not be a weakness in your technology infrastructure, but rather by taking advantage of the trusting nature of your people, aka, the ‘human element’.

This threat of exploiting the ‘human element’ – social engineering - is very real and is typically an attack vector with the greatest chance of achieving an outcome against you, (when compared to more traditional ‘hacking’ methods by targeting software vulnerabilities).

Whilst we understand that there is always going to be the risk of the ‘human element’, there are various ways to reduce these risks. Since 2003, Securus Global has helped our clients do just that through our social engineering services.

These social engineering exercises are fantastic ways to justify a security budget and to help understand exactly how susceptible your company is and to recognise the potential consequences, to such attacks.

Our Services:

SG Red Cell: This is our traditional form of testing, where we will work with you to develop a testing approach and then replicate the role of the attacker targeting your company in various social engineering scenarios. [See below for details].

Social Engineering Web Service: This is our new and unique set of services that allows you to control and customise the testing, at your own pace for your organisation. Here, you can monitor the progress for all your activities on your own SG Social Engineering Web Service secure dashboard.
Below are details of what this currently includes, however our team are completely flexible in terms of options depending on your business requirements. We are willing to work with you to address specific social engineering concerns or to develop and conduct further tests as appropriate. 


Social Engineering Services – Manage yourself or engage the Securus Global team;

 

Web Service

 SG RedCell

SG Red Cell Assessments.

This is our established set testing services, where our team works with you to develop various social engineering attack scenarios, simulates the role of an attacker in carrying out these scenarios, then provides a full report to you on the extent of success of each attack scenario performed.

Throughout this process, our team will work with you to ensure each social engineering scenario is tailored to your specific business environment, as it would be in a real-world targeted attack. Follow-up security awareness training for your staff is also available after each engagement.

This service includes, but is not limited to; face-to-face social engineering, email and phone social engineering, secure area bypass, alarm system avoidance, physically tailing, badge access testing and security system exploitation. In addition, your SG Red Cell assessment strategy may also include some, or all of the offerings available in the Social Engineering Web Service.

 

Yes

Email Phishing Service (New and Updated Service)

While email phishing is not a new technique, it continues to flourish today. With our customised phishing service, we can quickly identify how susceptible your organisation to this type of attack and to test the security awareness of your staff.

Results are monitored by your organisation on your own SG Social Engineering Web Service secure dashboard, where you can control what information you want to see and how you want to track it, with options ranging from full information disclosure to no collection of individually identifiable information.

Yes

Yes

Trojan USB Keys (New Service)

Simulate a real world USB drop attack with our trojan USB keys service. We will work with your team to supply custom USB keys, pre-loaded with software designed to record instances of these USB sticks being picked up and used - you customise, manage and control your own testing.

People are naturally curious and will want to see what resides on a USB stick. Test to see if your security training and awareness programs are working and if your employees are appropriately cautious about what they bring into your network.

Yes

Yes

 

Trojan Keyboard

Order trojan keyboards that will log keystrokes typed by the user and will send the number of keystrokes entered to a monitoring server via a mobile network, simulating a real-world instance of a wireless key logging attack.

An advanced level of service and attack but is your data and systems valuable enough for someone to want to launch such advanced attacks? For many of our clients, this is most definitely the case.

Yes

 

Yes

Disguised Data Exfiltration Device

This is an innocuous looking, functional device with inbuilt Ethernet sockets. If a victim were to plug in their network cable (to protect their computer from power surges) it would connect both their workstation and an embedded computer with 3G/GSM connection that is hidden inside, allowing simulated access to your network with out of band data exfiltration.

How easy would it be for someone to exfiltrate data from your network? This is another advanced level of attack service which again, allows you to demonstrate how easily your data and systems can be compromised.

Yes

 

Yes

 

Malicious QR Codes

Malicious QR Codes is a service that allows the user to generate QR codes that link back to a simulated malicious website. This QR code could then be distributed internally (for example, as leaflets in staff car parking areas).

As the attack vectors into your organisation expand, Securus Global can help you to expand how you test the security awareness of your staff.

Yes

 

Yes

Malicious Website Generator

This service allows you to generate a simulated malicious website (or a replica of say, an internal login page) and a link which you can then pass to your employees. Statistics will be recorded on how many users have accessed the page and also if users entered credentials into the page (NB: the credentials themselves will not be stored).

The applications and types of tests you can perform are limited only by your imagination and the results you are interested in finding out about. This type of test is simple to set up and typically proves effective with high success rate.

Yes

 

Yes

Malicious Wireless Access Points

How do you know you can trust a Wireless Access Point (AP)? One of the more popular attacks to gain user information and target organisations.

Our customised malicious wireless access points is a service that allows you to order an inconspicuous wireless network device and plug it into your network to monitor how many users connect to it. This device, configured with a specified SSID, will log connection attempts and send statistics to the monitoring server – allowing you to track in real-time what information could be flowing out of your company.
 

Yes

 

Yes

SMS Spoofing Service

The SMS Spoofing service will allow a user to send spoofed message to any mobile device on behalf of another user.

This could be used to further augment an existing social engineering scenario, or develop new social engineering scenarios to test your staff security awareness.
 

Yes

 

Yes