Social Engineering

The term "Social Engineer" was popularised by Kevin Mitnick in the early 90's however, these techniques have been around for as long as humans have been.

Generally speaking, social engineering attacks are the platform for the majority of breaches. According to a report by Cofense, social engineering scams stole over £4 billion worldwide from 2013-2016 cofense

Data suggests that only about 3% of malware attempts to exploit an exclusively technical flaw. The other 97% instead targets people directly through social engineering.

In some cases, attacks are meticulously planned to gain access to the information they want for any host of nefarious reasons. Creating complex pretexts involving full social media personas, with backstories and friends they communicate with. Simply to gain access to some information that would seem trivial at first, such as an employee's email signature.

"A lot of companies are clueless, because they spend most or all of their security budget on high-tech security like fire walls and biometric authentication - which are important and needed - but then they don't train their people."


Then switching to another persona, one of an employee they have identified using open source intelligence gathering techniques.

Finding as much information on the employee as possible utilising public resources such as popular social media portals (Linkedin, Facebook, Instagram). All in an attempt to try understanding this character and identify whom this person may communicate with (colleagues), then mimic them via yet another email.

Social engineering is one of the most common vectors for compromise, this proves true for malware delivery, account compromises and CEO Fraud.

Using similar techniques as the threat actors, Laneden can present the risks associated with social engineering, whether that be phishing or trying to manipulate your employees over the phone to gain access to your network or accounts.

Laneden can provide an on-site debriefing of the all findings explaining how attackers could potentially gain control of your systems and/or exfiltrate data.

A comprehensive report is collated containing an executive summary which is consumable by anyone in the organisation regardless of their technical background. Along with enough detail to allow you to not only understand the attacks but also concise and clear guidance on how to remediate relevant concerns, and help your employees identify future social engineering attempts.