Social Engineering Penetration Testing is where a malicious actor attempts to persuade or trick users into giving them sensitive information, such as a username and password.
Common types of social engineering attacks used by pen testers include:
- Phishing Attacks
- Vishing
- Smishing
- Tailgating
- Imposters (i.e. Fellow Employees, External Vendors, or Contractors)
- Name Dropping
- Pre-texting
- Dumpster Diving
- Eavesdropping
- Gifts
Why it is necessary?
According to recent statistics,98% of all cyber attacks rely on social engineering. This is because internal users are one of the biggest threats to a networks security and due to how lucrative the scams are.
Social engineering tests and awareness programs have proven to be one of the most effective methods of mitigating an attack.
For example, KnowBe4, the popular email phishing platform, simulates an email phishing attack. When the user clicks on the link they’re taken to a page that informs them that it was a phishing Test
Remediation training is then provided to help educate and inform users on the most current cyber attacks and how to avoid them.