Identify vulnerabilities in your processes which may be exploited by tricking your employees and work on improving internal policies to prevent information leakage.
The most valuable asset of any company is information. This is why it is so important to take care of it, not only at a technology infrastructure level, but also in terms of the information management performed by the company’s employees to prevent said information from being stolen.
About C&W Social Engineering:
C&W Social Engineering is a service that seeks to detect the non-technical shortcomings of existing security through multiple social engineering techniques and human interaction.
C&W Social Engineering aims to produce an extensive report in order to close any gaps found in the processes policies, and users’ training before a malicious attacker detects them.
Passive Internet Recognition
Using public access sources such as websites, search engines, and DNS records, all relevant information will be gathered, such as names, positions, phone numbers, and email addresses available online of the company and its employees.
External social engineering
Social engineering will be performed by making phone calls to people within the company. The purpose of these calls will be to induce users to disclose sensitive information over the phone, thus violating the company’s information security policies.
Attacks through email, “phishing”
Emails will be sent to individuals and groups within the company to entice users to click on an external link that will either try to get sensitive information or deliver a malicious download to their desktop, that may include buffer overflows to the browser and/or operating system, trojans, and keystroke loggers.