1 – Information Gathering
Reconnaissance is the start to any social engineering assessment. While often neglected in many commercial services, information gathering is a critical phase and often determines the success of the rest of the social engineering campaign.
While many clients offer to provide basic employee data, we recommend starting with no information at all. This ‘black box’ approach better replicates the research process of live attacks and provides useful intelligence on the information which can be found online – value which is missed when that information is provided.