SOCIAL ENGINEERING

WHAT IS SOCIAL ENGINEERING?

Social Engineering is a malicious, fraudulent activity performed with the intent to acquire sensitive information. Phishing can be performed through email communications while vishing is performed through telephone communications. RedLegg provides social engineering testing, to better your security posture and increase security awareness in your organization.

Pen-Test-Pillar-Banner

Pretty much everything you'd need to know about penetration testing and assessments. 

LEARN MORE

BENEFITS

Benefits of Social Engineering performed by RedLegg include:

INSIGHT:

Gain insight into many of the risks faced within your enterprise by identifying shortcomings in your existing security program.

EFFICACY:

Prioritize the biggest threats to the organization and strategically plan the necessary roadmap to safeguard your organization.

PROACTIVITY:

Reduce the impact and likelihood of a successful breach and data exfiltration through testing and securing of your organization.

COMPLIANCE:

Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.

SOCIAL ENGINEERING METHODOLOGY

RedLegg’s Social Engineering engagement consists of one or more phishing or vishing campaigns, each consisting of one or more testing scenarios (waves) completed across six project phases.  Depending on the length and depth of the engagement, certain steps may be repeated as additional campaigns or individual scenarios are requested or added to uncover further potential security awareness and vulnerability issues in the employee environment.

The RedLegg methodology can be summarized as follows:

333
PHASE 1:
PROJECT KICKOFF
PHASE 2:
DATA GATHERING
PHASE 3:
CAMPAIGN CREATION
PHASE 4:
CAMPAIGN LAUNCH
PHASE 5:
RESULTS GATHERING
PHASE 6:
REPORT GENERATION

PHASE 1:
PROJECT KICKOFF

The Project Kickoff phase begins with a call with your project contacts and the RedLegg Delivery team. During this phase, RedLegg will review with your team the project goals and methodology (voice, email, or both), the number and frequency of campaigns, and the number of waves run for each to complete the engagement.

PHASE 2:
DATA GATHERING

Phase 2 is for completing the Data Gathering form. During the kickoff call, this form will be reviewed so that you know what information is needed before RedLegg creates the initial campaign for your environment. Once the form is complete, you will upload it to your secure Customer Portal, as this document will contain sensitive company information.

PHASE 3:
CAMPAIGN CREATION

Phase 3 is for the creation of customized phishing content and level of difficulty.  RedLegg will create a custom, hosted landing site to personalize the experience for your environment and to mimic real world attacker tools and techniques.

PHASE 4:
CAMPAIGN LAUNCH

During Phase 4, RedLegg will launch the newly created campaign against the pre-determined employee list or other contact targets. The typical campaign runs over a business week. This phase will repeat for each campaign launched.

PHASE 5:
RESULTS GATHERING

After the campaign is complete, the RedLegg delivery team will gather the results for report creation. This phase will repeat for each campaign that is launched, and results in an email with the tabulated results attached.

PHASE 6:
REPORT GENERATION AND DELIVERY

RedLegg delivers a comprehensive report for all campaigns conducted, including an executive summary, long- and short-term planning tips, and training or remediation recommendations. This phase concludes the Social Engineering Engagement, and includes a conference call, if needed, for reviewing the report.

  • PHASE 1:
    PROJECT KICKOFF

    • PHASE 1:
    PROJECT KICKOFF

    The Project Kickoff phase begins with a call with your project contacts and the RedLegg Delivery team. During this phase, RedLegg will review with your team the project goals and methodology (voice, email, or both), the number and frequency of campaigns, and the number of waves run for each to complete the engagement.
  • PHASE 2:
    DATA GATHERING

    • PHASE 2:
    DATA GATHERING

    Phase 2 is for completing the Data Gathering form. During the kickoff call, this form will be reviewed so that you know what information is needed before RedLegg creates the initial campaign for your environment. Once the form is complete, you will upload it to your secure Customer Portal, as this document will contain sensitive company information.
  • PHASE 3:
    CAMPAIGN CREATION

    • PHASE 3:
    CAMPAIGN CREATION

    Phase 3 is for the creation of customized phishing content and level of difficulty.  RedLegg will create a custom, hosted landing site to personalize the experience for your environment and to mimic real world attacker tools and techniques.
  • PHASE 4:
    CAMPAIGN LAUNCH

    • PHASE 4:
    CAMPAIGN LAUNCH

    During Phase 4, RedLegg will launch the newly created campaign against the pre-determined employee list or other contact targets. The typical campaign runs over a business week. This phase will repeat for each campaign launched.
  • PHASE 5:
    RESULTS GATHERING

    • PHASE 5:
    RESULTS GATHERING

    After the campaign is complete, the RedLegg delivery team will gather the results for report creation. This phase will repeat for each campaign that is launched, and results in an email with the tabulated results attached.

  • PHASE 6:
    REPORT GENERATION

    • PHASE 6:
    REPORT GENERATION AND DELIVERY

    RedLegg delivers a comprehensive report for all campaigns conducted, including an executive summary, long- and short-term planning tips, and training or remediation recommendations. This phase concludes the Social Engineering Engagement, and includes a conference call, if needed, for reviewing the report.

DELIVERABLES AND OPTIONS

Depending on the scope of your test, the following are potential deliverables and testing options:

  • TEST TYPE
  • CAMPAIGN FREQUENCY
  • TEST UPDATES
  • REPORTING

TEST TYPE

Choose a phishing and/or vishing campaign to test your organization.

CAMPAIGN FREQUENCY

Choose the frequency of your campaign: quarterly, monthly, or a personalized frequency.

You may also choose between a blast or staggered email frequency.

TEST UPDATES

Set your desired update type and frequency: weekly emails or weekly calls to discuss the progress of your test.

REPORTING

Choose from three levels of reporting: a basic deliverable consisting of tabulated results, an executive report as well as tabulated results, or a custom deliverable.

  • TEST TYPE

    • Choose a phishing and/or vishing campaign to test your organization.

  • CAMPAIGN FREQUENCY

    • Choose the frequency of your campaign: quarterly, monthly, or a personalized frequency.

    You may also choose between a blast or staggered email frequency.

  • TEST UPDATES

    • Set your desired update type and frequency: weekly emails or weekly calls to discuss the progress of your test.

  • REPORTING

    • Choose from three levels of reporting: a basic deliverable consisting of tabulated results, an executive report as well as tabulated results, or a custom deliverable.

OUR APPROACH

RedLegg is an innovative, global security firm that delivers managed cybersecurity solutions and peace of mind to its clients.

RedLegg’s approach to information security protects the confidentiality, integrity, and availability of critical data based on a sound risk management framework. This approach allows organizations to engage business owners in defining acceptable levels of risk and to participate in the process for evaluating threats.

RedLegg’s ARMEE (Assess, Remediate, Monitor, Educate, Enforce) methodology institutes a lifecycle that allows for an ongoing process to continuously improve the security posture of the organization. This methodology is designed to be portable to all business, legal, regulatory, and security requirements of the organization. It is flexible enough to account for the constant flux in the market place, attack vectors, and protection mechanisms.

ARMEElogo-1

GO DEEPER.

Reach out to our expert staff to dive into your security gaps and to protect your company from breaches.

DISCOVER MY SECURITY RISKS