Case Study
June 13, 2024

Helping a real estate firm identify security vulnerabilities through a social engineering assessment

No items found.
Ready to find your business’ potential?
contact us
back to insights

Elliott Davis was asked: “We are concerned that our employees are susceptible to scams and may share critical company information or provide access to attackers. Can you complete a social engineering campaign to test our people?”

  • A developer, investor and owner of commercial properties throughout North America
  • Wanted to test the baseline of the company's security awareness

Our Approach
  • Received list of email and phone numbers of users/targets (White Box Approach) and leveraged several Open-Source Intelligence (OSINT) techniques to gain insight into individuals, including:
    • LinkedIn to identify employee location, tenure, position and title
    • FastPeopleSearch for aggregated content of employees and the company
    • Dork Dump to find publicly accessible files on company’s website
  • Created two campaigns or plausible pretexts
    • Convince target to provide organizational password and PIN
    • Convince target to provide password and MFA codes to log into Outlook account

Customer Impact
  • Received detailed executive report of results from successful campaigns, including recommendations for remediation:
    • 1. Awareness training to never provide personal or sensitive information via phone or disclose MFA codes
    • 2. Implement procedures to validate and verify identification of callers/emailers
    • 3. Improve reporting of suspicious activity to IT
  • Implementing recommendations and improving overall security posture within the organization

We Can Help

For more information on how Elliott Davis can assist you and your business, contact a member of our team below.

The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.

links and downloads.

Ready to find your business’ potential?

get in touch

download the white paper

meet the author

meet the authors

No items found.

contact our team.