Social Engineering is the method of manipulating the weakest element in the cybersecurity chain: The person. Through smooth talking a social engineer is capable of persuading a person to either let them into a secured area he didn't suppose to have access to, or to divulge
confidential information. The social engineer generally works in (among others) a method like this:
-The social engineer creates a problem, then appears to solve it for the victim, the victim is thankful for the help and now owes the engineer a favor which he can later use to persuade the victim to do something he/she normally wouldn't do (like mailing a phonebook or something to someone/somewhere it shouldn't go to)
-The social engineer imitates a higher ranking person in a company and orders some employee to send money somewhere or create an account for someone etc. and applies pressure on the person to increase the odds of them complying.
-The most popular one has got to be the Microsoft Helpdeskrandomly calling people to inform them their computer has been infected with a virus and they need help toremove it because Microsoft's system said so. The unsuspecting victim then downloads a remote administration tool which gives the attacker access to their systems, in some cases people may be persuaded to get a subscription to said software. This is classic Social Engineering.
ID Control simulates these kinds of attacks to show businesses where their weaknesses lie.
What we do:
-Slipping into an organisation to see if protocols are followed.
-Dropping/sending USB sticks with our own software on it to see if employees plug them in.
-Phishing (Sending fake emails to see if people open attachments).
-Vishing, similair to phishing only now we call the organisation to see if we can get your employees to divulge sensitive information.