Solved

some suggestions on Social Engrg tests

Posted on 2016-08-16
2
102 Views
Last Modified: 2016-08-17
Need some suggestions on some SOcial Engineering tests, esp ones for banking environment
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Assisted Solution

by:bbao
bbao earned 250 total points
ID: 41757750
basically for banking environment a social engineering test is intended to manipulate bank staff into allowing unauthorised access to confidential information including customer profiles and transactions as well as business secrets of the bank. this aims to test the bank's security policy and their staffs adherence to that policy.

therefore some key points for the testers:

1. obtain the authorisation in writing from the management before doing anything.

2. make sure no bank staff (except the management) acknowledges the test. it should be a pure blind test, in order to check the actual conduct of bank staff and their procedures in use.

3. have a good understanding about the bank's business model, team structure, people and culture. this is very important for onsite and remote employee impersonation.

4. have well predefined scenarios and stories to make sound excuses or exceptions to bypass the bank's policy.

5. cover both onsite and remote engagement tests. be aware remote tests can be via phone calls, email phishing and third-parties.

6. details matter. make sure every little thing looks like real though probably everything is fake, from accent to uniform and from email wording to story telling.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 41758003
For banking specific, should have test on phished email revolving the context on
- Beware of Ransomware telling to install AV or special helpdesk service or mobile apps  
- Detecting Transaction Fraud such as increase limit or adhoc transfer from personal account,
- Identify CEO Fraud on authorisation,
- Identify HR or Finance Urgent Fund transfer,
- Reveal Red flag on online pay scheme like paypal asking account changes
-Verify Sensitive information for relogin to confirm of transfer originate from true source
- Verify Mobile PIN received on smartphone or token in web page link

Cjheck out more templates - https://blog.knowbe4.com/new-knowbe4-phishing-templates-a-summary-7/30/2016
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Barracuda WAF Training? 2 69
encrypt SQL Server 2008 port 1433 3 48
Application of a group policy 11 72
Windows 10 14 39
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
The goal of the tutorial is to teach the user how download Skype and make an account and set it up. This tutorial will be in three parts.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question