Social Engineering

Social engineering refers to techniques such as phishing and pretext calling, which are commonly used to obtain non-public information or gain unauthorized access to an institution’s information systems. Banks of all sizes, as well as their customers, are vulnerable to the data breaches and worse which are the result of falling victim to scams involving bank social engineering.

Young & Associates offers several options for evaluating and improving the effectiveness of your financial institution’s employee training program in regard to social engineering. Our consultants can perform a one-time phishing test or pretext calling test as part of a Vulnerability Assessment or an IT Audit. We can also perform quarterly Phishing Training.

One-Time Phishing Test

For a one-time phishing test, our consultants will send phishing emails in an attempt to manipulate employees into providing information about the institution’s customers and information systems.

To do this, we will attempt to obtain sensitive information and/or unauthorized access to the institution’s information systems using the information provided by employees. Unauthorized access commonly includes access to employee email accounts, remote access to the network, or access to web-based applications.

The one-time test can be deployed as part of an overall Vulnerability Assessment or IT Audit.

Phishing Training Service

For ongoing security awareness training, we offer a quarterly Phishing Training Service. Unlike do-it-yourself services that require someone at your institution to develop their own phishing scenarios, send emails, and monitor the results, our consultants do all of the work. We have already developed highly effective training scenarios specifically for financial institutions.

Phishing Emails

Our consultants send the phishing emails, monitor the results, and provide a report of the results to your institution’s management team. As a result, your institution receives a customized phishing training program for your employees.

Pretext Calling

During this assessment, our consultants will also place phone calls to a sample of employees in an attempt to manipulate them into providing access to the institution’s information systems. This test will evaluate the institution’s employee training program and vendor authentication procedures.

During this testing process, our consultant will pose as a vendor of the institution and attempt to gain remote access to employee workstations.

As with the phishing test, our consultants will evaluate the results of the test and provide a report to your institution’s management team.

Contact us to learn more about our IT consulting services.