Social Engineering and Spear Phishing

Our assessment for Social Engineering and Spear Phishing is designed to protect your business from devastating data breaches. It is the ultimate defense against advanced cyber attacks that are prevalent today. Our highly advanced techniques simulate real-world attacks to test your employees’ awareness and response to social engineering tactics.

Our Methodology

We evaluate employees’ compliance with company policies and capability to safeguard company resources from misleading emails, websites, or messages that deceive individuals into clicking on harmful links, installing malicious software, or sharing personal data like passwords or credit card details.

Our method involves customized Phishing Emails, Spear Phishing, Vishing, and SMIshing techniques that combine established approaches with our knowledge and are customized to meet your unique requirements.

Social-Engineer
Framework

Social-Engineer Framework

  1. Attack Formulation
  2. Information Gathering
  3. Preparation
  4. Develop Relationship
  5. Exploit Relationship
  6. Debrief
  7. Goal Satisfaction
Know More

Open Source Security Testing Methodology Manual

Open Source Security Testing Methodology Manual

  1. Information Gathering / OSINT
  2. Active Reconnaissance / Covert Observation
  3. Attack Planning
  4. Pretexting
  5. Exploitation
  6. Post-Exploitation
  7. Report writing
Know More

Our Approach

Open-Source Intelligence
We gather as much information as possible about the target. This is done through passive reconnaissance and Open-Source Intelligence (OSINT). This is one of the most critical steps in the process because it helps to examine your organization from the perspective of a “threat actor” and enables our team to see everything an attacker would do by utilizing public tools, such as Google Earth, social media platforms, and job boards. In addition, this approach makes learning a great deal about the business, its surroundings, and the environment possible.
Pretexting
We craft a custom plan of attack. The plan of attack for an email phishing engagement includes creating a Pretext (the story being used and who will be shown as the sender of the phishing email), the email content, the email addresses, and names of targets, the goals of the engagement (i.e., RBTSec attempt to gather credentials, will the email infrastructure be tested to determine if they filter malicious files), timing, etc. RBTSec will also work with the client contact to obtain approval for the content and the format of the phishing emails.
Execution
Our team executes the email campaign in this phase and monitors the results. Generally, phishing emails will be sent out in a phased manner, over hours or days, depending on the number of employees in scope. Then the email campaign will stay open/active for a week or two to allow for recipients who do not read their emails timely.
Goal accomplishment / Reporting
We provide a detailed report that includes our observations and recommendations. Also, we include in the report the pretext/content included in the email, a summary of the results (who read the email, who took action, etc.), and then each target’s results. You can use the results to develop or enhance your security awareness training.
Follow-up / Re-Testing
Conduct additional testing to ensure the remediation measures have successfully addressed the identified vulnerabilities.
Previous slide
Next slide

Do You Want To Boost Your Business?

Trust us to safeguard your business from cyber attacks with our comprehensive cybersecurity services.
Our team of experts will work with you to ensure your online presence is always secure

drop us a line and keep in touch