Phishing Campaign

Phishing is an attempt of a foreign entity pretending to be a legitimate entity, extracting sensitive information such as passwords, usernames or financial data.

Phishing is usually performed through an impostor sending messages or e-mails under the name of someone familiar, by sending a link with leads to a fake site where the user is required to enter a user name and password and other sensitive data.

Bugsec provides a Phishing service in order to raise awareness among the organization employees and to thereby reduce events of sensitive information leakage. Depending on organization’s needs, the service can be provided once or on a periodic basis, and can be target-focused or widespread.

Bugsec will provide a presentation that summarizes the activities and includes examples, screenshots and more. In addition, the customer can get statistics and a full mapping of workers’ actions to help them to improve in the future and to assess the success of the campaign.

phishing

Social Engineering

Alongside advanced technology and the development of computer and network systems, human resources remain the most important and influential force in the world we live in.

Looking at the business world, it is easy to see that human creativity is an irreplaceable asset in the success of an organization, but creativity is fraught with many dangers.  In addition to threats from outside the organization,  there are those who work toward personal gain at the expense of success, stability and survival of the organization.

There are various ways and methods used by malicious entities for obtaining information and other resources from your organization. Among these ways can identify two main trends:

Exploiting weaknesses in information systems / computer systems / organizational communications.

Exploiting the weakness of the human factor in the organization to reach a desired resource.

Identifying the human element as one of the weak links in the organizational chain, and as vulnerable and exposed to more manipulations than any infrastructure or system, increases the need to deal with the issue extensively at all levels of social engineering.

Bugsec has established an operational training unit on social engineering, which is operated by employees with experience in different units.  We perform social engineering activities, including setting up the methodology, staffing and treatment chain of these events.  The activities include intelligence gathering from various means, building fraud schemes according to the outline given to customers, or prepared according to a  scenario developed by the company (Custom Attack Scenarios).

We set up Phishing fraud attempts, physical impersonation and attempts to infiltrate physical protection controls, identifying a specific target that we have gathered information on through visible means and others, going as far as attempts to insert malicious code to those organizations using the same targets.  We emphasize attention to detail, and the construction of reliable simulated attacks both at an advanced technical level and at the level of social engineering itself. These goals are achieved through a deep familiarity with the means of obtaining information and reconnaissance capabilities built over the years.