Abilities
Social Engineering
Employees can pose the greatest risk to your most important assets. Testers can help protect your organization's assets by testing your security posture and controls through a series of different social engineering campaigns.
Phishing Campaigns
Over 90% of successful data breaches started with a phishing email.*
Well-developed phishing campaigns can very cleverly deceive users into believing they are interacting with a trusted entity. Developers and testers have collaborated at Sprocket to emulate just that threat.
Is your organization using a third-party service, an intranet, or other daily tools? Sprocket's advanced reconnaissance team will identify these tools and generate campaigns that are highly targeted exposing the vulnerabilities of your organization's human element.
*According to a recent Proofpoint Survey
Alternative Social Engineering
Voice, SMS, chat, emails, watering holes & in-person social engineering can all be utilized during a breach.
Social Engineering evolves daily. Threat actors methodically utilize topical trends and themes to infiltrate valuable networks.
Not only will Sprocket provide your organization with sophisticated phishing campaigns, but our expert team of testers will also conduct a variety of alternative social engineering tests. Many of these tests are successful in emulating a breach because so many organizations have ignored the potential of these attack vectors.
Strengthen your teams
Gain insight into the human weaknesses discovered within your organization.
The Sprocket Portal allows teams to collaborate during live social engineering campaigns. Gain real-time insights and be alerted while the campaigns are active.
Empower management teams with advanced reporting tools and exportable reports.
How It Works
Social Engineering Tactics
Phishing
Impostering as a trusted entity using emails, website clones, and other techniques is used to deceive a user into providing personal login credentials. Once inside, Threat actors can move freely throughout your organization's network.
Vishing
Sophisticated social engineers will gain the trust of a targeted employee by impersonating an entity or individual using phone calls or voice messages. Once the trust is gained, the engineer will convince the employee to divulge sensitive company information.
Smishing
Utilizing SMS and other text messaging services, attackers will send messages to unassuming employees containing phone numbers to call or malicious links. These calls and links can lead to other social engineering methods such as vishing or watering hole attacks.
Quid Pro Quo
It is surprising how easily employees can be coerced into providing access to sensitive information. Quid pro quo includes offering value, such as tech support, in exchange for login credentials or access to an employee's computer.
Pretexting
Is that gentleman really your IT engineer? Pretexting creates a false scenario, allowing threat actors to coerce untrained employees to grant them access to important business infrastructure, leaving your network exposed.
Watering Hole Attacks
Organizations' websites and other frequently visited tools can be compromised by threat actors. Employees will then unknowingly provide sensitive information directly into the hands of the attacker, further compromising the network.
Continue Reading
Explore social engineering
tools & resources.
Preventing Social Engineering Breaches
It’s pretty common for companies to bundle social engineering into their penetration testing programs. But when the report shows up, you may find you’re surprised and frustrated at the rate of employees clicking links… read more →
Read moreContinuous Human & Automated Security
The Expert-Driven Offensive
Security Platform
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.
Expert-Driven Offensive Security Platform
- Attack Surface Management
- Continuous Penetration Testing
- Adversary Simulations