Wat is social engineering?

Social engineering is a form of cyberattack where cyber criminals misuse behavioural techniques from psychology to deceive your employees. Through these attacks they attempt to gain access to information such as passwords, personal data or sensitive business information. Such attacks can take place both physically and digitally. 

Feel free to contact our specialists

Contactform    088-2986600    info@hoffmann.nl

Conversations with our specialists are always confidential due to our professional secrecy.

Examples of physical attacks include tailgating or baiting. Examples of digital attacks involve spoofing, phishing and smishing. Despite the different forms of attacks, the cybercriminal’s ultimate goal, and therefore the risk to your organisation, remains the same: to gain unauthorised access to confidential data. 

When it comes to information security, human behaviour is often decisive. Social engineering is therefore primarily aimed at individuals rather than technology or a system. Social engineering tends to work well in day-to-day practice. That is because cybercriminals capitalise on curiosity, helpfulness or the trust people have in each other. Cybercriminals thus rely on human weaknesses to cause damage to your employees and your organisation. 

Spoofing, email phishing, spear phishing, voice phishing, baiting, tailgating and more

To get a good picture of your organisation’s level of security awareness and the risks present with regard to information security, Hoffmann provides, as a minimum, the following social engineering services:

• Spoofing

In spoofing, we fake email addresses or phone numbers in order to obtain certain data or get employees to do something. For example, we can spoof your organisation’s helpdesk phone number so that the person called actually thinks they are speaking to a helpdesk colleague. 

• E-mail phishing

By sending an email to a large group of people, we try to obtain information from your employees and/or your organisation. For example, we may send out a phishing email requiring the recipient to click on a link and enter their login details to receive a token of appreciation. 

• Spear phishing

We attempt to gain access to your system by sending an email containing malware to a specific group of people. In theory, it works the same as email phishing, but the difference between it and spear phishing is that it targets a smaller, more specific group. 

• Voice phishing

We try to obtain sensitive information, such as a password, from your employees and/or organisation through telephone contact or, for example, contact using Teams. We can, for example, pose as a helpdesk employee who wants to help with a particular issue. And as also stated above, we can also use spoofing to accomplish this.

• Baiting

Baiting is leaving behind or sending a USB stick or other data carrier to install malware when the data carrier is opened. The idea here, of course, is that whoever finds or receives it will start looking at what is on it to find out who the USB stick belongs to.

• Tailgating

Tailgating involves tailing an authorised employee to enter a secure location. For example, someone might pose as a delivery driver and walk in with an employee to deliver a package. Alternatively, the person tailgating will often slip through an access point with the person in front of them.

• Smishing

By means of a text message, we try to obtain login details in order to gain access to your systems. This technique is becoming increasingly rare as people use fewer and fewer text messages, making smishing easier to spot.

• Walk-in test

By physically entering your organisation as a mystery guest, we check whether we can also gain access to company-sensitive information. One purpose of a walk-in test, for example, might be to see if we can access a server room or place a device in the CEO’s office.