McCann E-Investigations Publishes New Case on Social Engineering Testing

Share Article

Social engineering testing takes the human factor into account when assessing IT network vulnerabilities.

McCann E-Investigations, a Texas-based computer forensics and private investigative company published a recent case on Social Engineering Testing. “As we continue to deal with cases of IT security network breaches, we find that our clients often don’t take into account how easy it is to trick key employees into disclosing confidential information.” said Dan Weiss, Partner at McCann E-Investigations. “That’s why we include social engineering testing to determine where vulnerabilities exist with staff and employees,” continued Weiss.

Social engineering is a term used to describe a tactic used by con artists and hackers which entails approaching individuals either on-line, in person or over the phone in an effort to manipulate their target into divulging key information about an organization or another individual. The information can be passwords, social security numbers, account numbers and any other confidential data which can be used to break into a computer network or to assume someone else’s identity. The information could be as simple as finding out what kind of software is being used, or the name of the IT department manager. Perpetrators can pose as coworkers, IT staff or repairmen or even police officers. The purpose of their scam is to appear to be a legitimate “need-to-know” authority in need of confidential information.

In order to not fall victim to these ruses, it is important for employees to always be suspicious and question anyone trying to gain confidential information. Scam artists will often create scenarios of great urgency which would create a greater likelihood that the victim will reveal confidential information. Often an authoritative tone and a few legitimate responses (often data gathered from previous social engineering scams) is all that is needed. The creation and utilization of these scenarios is called pretexting.

Social engineering testing is a tool that can be used in conjunction with internal and external network breach testing, penetration testing, wireless network security testing, etc. In cases where an organization’s IT network has occurred and theft of confidential customer information has occurred, it is key that all facets of IT security testing is performed. This includes ensuring employees are properly trained to avoid becoming victims of social engineering and pretexting.
Social engineering testing will include phone calls to key staff in the:

  •     Accounting Department in an attempt to manipulate the individual into divulging customer information such as account numbers, names, addresses, phone numbers, social security number, most recent billings, account balances, etc. This information could be used to impersonate someone else and make a more convincing argument to a manager. Or the social security number can be used in identity theft.
  •     IT Department in an attempt to gain key information about the IT network including usernames passwords, hardware and software information, names of key personnel etc. This information could be used by a skilled hacker to access the organizations IT network to set up spyware or malicious programs

Social engineering testing may also include phishing attacks directed at employees which will entice them to click on an external link that will attempt to collect confidential information. Or the external link may deliver malicious programs including Trojan horses and keystroke loggers.
Proper assessment of IT security must include the human factor. All of the internal and external breach testing in the world will not protect against one employee being tricked into revealing confidential and key information that would give hackers entry into an organizations IT network. A complete assessment of an organizations IT security must be performed and employees must be thoroughly trained so that they do not fall victim to skilled con artists.

About McCann EI: McCann EI's Texas-based digital forensics team provides a one stop solution for your Electronically Stored Information (ESI) investigative needs. McCann EI's computer forensics, digital forensics, mobile forensics, and electronic discovery investigators serve law firms, private industry, and government with the same dedication and expertise that has had clients turning to McCann for over 25 years.

Regardless whether your ESI is trapped in personal, corporate, mobile, or network drives, McCann EI's computer forensics team is experienced in electronic discovery and recovering your digital files. Our investigators have the experience to provide expert witness computer forensic testimony in courts across Texas. McCann EI services Companies, Law Firms, and Individuals Statewide. Call us toll-free at 800-713-7670 or our Local Offices Austin Computer Forensics: 512-377-6142 Houston Computer Forensics: 832-628-4904 Dallas Computer Forensics: 214-329-9059 Lubbock Computer Forensics: 806-589-0320 Lufkin Computer Forensics: 936-585-4070 Brownsville Computer Forensics: 956-465-0849

Our website can be found at


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Daniel Weiss
Visit website