Share :
Phishing, Phoning, USB dropping...
Social engineering” is the practice of deceiving an employee’s vigilance in order to obtain sensitive information or carry out malicious actions (opening files, scamming the president, etc.). Synetis auditors can adopt an offensive and awareness-raising approach by contextualizing their attacks (USB dropping, phoning, vishing, smsing, whatsapping, etc.).
In 2015, it was estimated that one in five employees had a tendency to plug in a “forgotten” or “gifted” USB flash drive. Without any precautions in advance, this behavior can be dangerous for a number of reasons, such as infection via ransomware or other means, use of the USB Killer device, and so on. Synetis is able to create malicious USB sticks and then “abandon” them to trick employees.
Le phishing is a method widely used by attackers to allow their malicious charges to be detonated directly on your organization’s network. Such attacks can also invite users to log in to false authentication patterns to compromise secrets.
We can carry out social engineering type campaigns using several vectors:
- Phishing by e-mail (use of a domain name close to the company, such as typosquatting or "forgotten" domains) or telephone call;
- Phishing with booby-trapped USB keys ;
- Telephone calls to retrieve sensitive information (passwords, customer data, etc.).
Phishing remains one of the main vectors of cybercrime. This type of attack is aimed at getting the recipient of a seemingly legitimate e-mail to give out bank details or login credentials (for example, to financial services in order to steal money). Phishing can be used in more targeted attacks to try to get an employee’s credentials to access professional networks that they can access or to execute code contained in a malicious attachment.
Please do not hesitate to contact us to discuss how to carry out these campaigns.