A phishing assessment attempts to gain sensitive information from users through decptive emails. This approach is particularly effective, as attackers can often leverage publicly available information to craft compelling emails while attempting to impersonate someone of credibility, even individuals within the client organization.
The main concern with an organized phishing campaign is attackers often use this as a segway for further attacks. Solid Rock tailors each phishing assessment to the organization and explores the potential of a successful compromise with unparalleled depth.
What is Phishing?
Phishing is the process of sending emails to a target with malicious intent. Typically, attackers will accomplish this under the premise of a credible individual or organization. The attacker may go to great lengths to establish credibility and then coerce the target to provide personal information such as passwords, SSN's, or PIN numbers.
Despite this being an older technique, phishing attacks continue to be effective and remain a consistent threat against security
Social Engineering Methodology
Solid Rock Innovations utilizes a detailed and repeatable methodology. We ensure this process is used during each engagement to ensure our assessment is reliable and reproducible. To get these results, we utilize the following steps listed below:
1. Reconnaissance and Information Gathering
- Identify the environments to be scanned
- Perform discovery scan
- Analyze & document IP scope of systems
- Analyze & document URL scope of web apps
2. Create Pretext Scenarios and Payloads
- Deploy scanning tool for internal scans
- Validate communication to scanning tool for internal scans
- Configure scanning for assets in scope
- Assist client with any coordination with third-party providers
- Schedule scan to align with timeframe provided
3. Engage Targets
- Initiate scans that have been scheduled
- Gather scan results
4. Assessment Reporting and Debrief
- Evaluate results data by severity
- Validate and reproduce significant findings
- Develop recommendations
- Produce scan assessment report
5. Employee Education
- Update report per Customer feedback (if applicable)
- Securely deliver report