Social Engineering

For a Government Contractor

Social Engineering

A government agency contacted RedLegg to test their current state of security awareness. RedLegg was engaged to run a series of social engineering testing campaigns to assess employees’ vulnerability to manipulation and their ability to detect nefarious electronic and voice communications that may result in divulging critical information.

A series of email and voice phishing campaigns were run focusing on publicly available information. The campaigns attempted to dupe recipients into clicking a fraudulent link that requested a user password, or to accept a phone call that sent them to a similarly fraudulent site. Such attacks are considered phishing. This initial test established the baseline social engineering awareness of the organization.

The initial test showed that over half of participants:

  • Clicked a fraudulent link in an email that mimicked a known or familiar sender and actually entered their passwords as requested on the fictitious site or
  • Accepted a phone call from an imposter and then visited the fictitious phishing site that mimicked an actual attack venue.

Participants were provided with immediate feedback and a training link that provided an opportunity for education and prevented employee anxiety. The agency now runs phishing campaigns monthly to monitor and improve employee awareness.

RedLegg Social Engineering services works with you to set up a baseline campaign and a custom testing schedule. Training courses are also available as lightweight but thorough and current modules easily digested by participants. Security training, which includes various levels of difficulty, custom scripts, games, quizzes, and even awards, can be added to your Learning Management System (LMS) or managed through RedLegg. RedLegg reporting enables tracking of current employee awareness levels, and areas requiring improvement, empowering your organization to stay current with the latest threats and phishing trends.