Social engineering is an attack method that typically uses a delivery tool , like email, a web page, or a USB key , to introduce a target and share sensitive information or perform an action that enables the attacker to compromise the system. You perform social engineering tests to gauge how well the members of an organization adhere to security policies and to identify the security vulnerabilities created by people and processes in an organization.
The overall data you may have gathered from a social engineering campaign can help paint a clearer picture of the risks and vulnerabilities that exist in an organization’s security infrastructure and policies. An organization can leverage the test results to strengthen their security policies, increase IT defense mechanisms and improve the effectiveness of their security training program.
A campaign is a logical grouping of the campaign components that you need to explore or phish a group of people. You can create a campaign in accordance with the following possibilities:
- Template: A reusable html shell that contains boilerplate can be shared between campaigns in the project. You may create and use a template to quickly generate web pages or email content for a campaign.
- Email, Webpage, and portal file- The delivery mechanism to social engineering attack.
- Target list: A list that defines the recipients and their email addresses that will receive an email.
SOCIAL ENGINEERING TECHNIQUES….GUIDANCE AND COURSE