Remote Social Engineering is ideally performed on a semi-annual basis to provide an accurate representation of your employees’ security awareness. It includes a wide range of attacks, each specially designed to give important information on employee reactions.

There are several options for remote social engineering:
Option 1

Phone-based Phishing: DDI will place calls to your internal staff members and, upon request, to your suppliers in an effort to assess their security awareness. We specifically attempt to obtain information that could be used to gain unauthorized or falsely authorized access to your network resources or data.

Option 2

Vishing: DDI will send targeted emails with an action request for the user to call a local number for more information. DDI answers the call and conducts social engineering (i.e. “vishing”). We specifically attempt to obtain information that could be used to gain unauthorized or falsely authorized access to your network resources or data.

Option 3

Web-based Phishing: DDI will send targeted emails with an action request for the user to visit a website which is designed to elicit sensitive information (i.e. phishing). This involves creating a custom webpage which has the look and feel of your intranet or public site, and then capturing the input involved.

Option 4

Email-based Phishing: DDI will send employees targeted emails with an action request for the user to reply back to the message with information (i.e. phishing). Data is then captured at DDI, and analyzed for sensitivity.

Option 5

USB Drops (physical based): DDI will obtain USB drives and load them with custom-developed software that, when executed by the user, will transmit the username, hostname, and IP address in a secure fashion to DDI. The intent is to determine how susceptible staff are to opening these USB drives. DDI will report on the number of incidents of users running this software, the associated username, system name and IP address.