Social Engineering

Test the susceptibility of employees for email phishing,
telephone vishing, and physical attempts
to compromise security.

Ensure that your employees aren’t susceptible to the number one cybersecurity threat for businesses—social engineering attacks.

Social Engineering:
A Cybersecurity Must Have

Even if it weren’t the current #1 cybersecurity threat for businesses, social engineering attacks are also the fastest growing security threat today. Social engineering attacks, which rely on human interaction and fraudulent behavior to trick people, are the driving force behind speer phishing, email compromises, and ransomware. It’s for these very reasons that, here at MainNerve, we view social engineering as a mush-have service for every business and organization. And it’s why we offer social engineering assessments for email phishing, telephone/text, and onsite/social pretexting.

Ensure your Employees aren’t the Weak Link in your Security

Although traditional cybersecurity attacks leverage technology-based system vulnerabilities, such as misconfigurations and software bugs, social engineering attacks take advantage of human nature and the inherit vulnerabilities in people. And they’ll use deception in order to trick targeted victims into performing acts that end up harmful. At MainNerve, we make social engineering process painless and simple. Our team has conducted and successfully delivered numerous social engineering assessments for businesses of all sizes and types… and we can help you protect your employees.

Social Engineering-based Scams

Spear Phishing

Spear phishing is a highly-targeted form of attack. Spear phishers use carefully crafted emails alongside social engineering tactics to convince individuals to both open and engage with the email.

Consumer Phishing

Consumer phishing is a type of attack in which a criminal sends a deceptive email that appears to come from a respected brand. This is usually done in order to gain individual account credentials.

Data Breach

Data breaches are frequently the result of intrusions caused by credential theft or the installation of malware. This is in turn fueled by social engineering and identify deception techniques.

Ransomware

Ransomware is a form of malware that infects the computers of its victims. From there, content is encrypted, and the victim is required to pay a ransom in order to regain access to their content.

Email Compromise

Email comptonization, or Business Email Compromise (BEC), is a sophisticated email attack in which a criminal sends a victim’s emails to an organization’s employees. It’s also known as CEO fraud.

THE MAINNERVE PROCESS

MainNerve’s team of highly-qualified and experienced security experts will test your employees in order to determine their level of resistance to the ploys of nefarious actors and social engineers.

Social Engineering

A social engineering test can be used as a one-time method of assessing the effectiveness of a security awareness campaign, or to support new and current training programs. Using the latest intelligence on social engineering techniques, a social engineering test can evaluate employees against general phishing and “spear-phishing” attacks that are intended to exploit trust and lack of security awareness.

  • Phishing Email Attack: Deploys a distinct simulated phishing email to test whether employees click on malicious links that they should not. It is a single test where no exploitation occurs, but only collects general information on the effectiveness of the attack and the employee’s response.
  • Phishing Data Attack: Tests user security awareness by manipulating individuals in your organization to perform malicious actions or provide sensitive information over email. The content used in these scenarios ranges from generic, spam-like messages to client-specific emails that are designed to appear to originate from internal users, third-party service providers, or clients.

MainNerve recommends that the names and/or email addresses of the intended recipients that will be included in the social engineering test be provided beforehand. If such a list is not provided where MainNerve must search or otherwise build a list through manual research, additional costs will be incurred.

  • Customer-Provided List (Gray Hat): The customer provides a list of email address of its employees, that will be included in the social engineering test. This type of social engineering test represents the simpler and quicker method as research is not required in order to build a list.
  • Manual Research (Black Hat): The customer does not provide a list of employees to MainNerve, but relies on MainNerve to gather a list of employees through manual research. Research includes employing tools and techniques for harvesting names and email address from open source directories, social media sites, and customer web sites.

VALUE-ADDED SERVICES

Checklist

Network Penetration Testing

Network penetration testing assists with the identification and examination of vulnerabilities for external, Internet-facing and internal, intranet systems. A network pen test will help determine whether an attack can exploit and compromise targeted systems. Take the next step to improving your business’ security with a network pen test.

Checklist

Compliance Solutions

MainNerve’s compliance solutions are designed to help fill one of the biggest challenges for businesses: staying in alignment with the exhaustive list of Governance, Risk Management, and Compliance (GRC) requirements. From PCI DSS and HIPAA, to CJIS and FINRA, MainNerve can help your business navigate the GRC landscape with specialized penetration tests.

Checklist

Web App Penetration Testing

Web application penetration testing is designed to assess and test the state of your web-facing applications, and provide actionable remediation recommendations for enhancing your security. Ensure that your web applications are protected from malicious cyber threat actors. MainNerve web app pen tests are designed to review all types of web servers.