Social engineering is a group of techniques that are used to trick people into performing some action or divulging some sort of sensitive information. Social engineering usually takes two forms, one is a passive form where the attacker usually never sees or talks to the victim and the other is a more active approach to gathering or tricking individuals out of information.
CastleGarde attempts both passive and active forms of social engineering. Throughout each contract year, CastleGarde will perform random social engineering exercises that consist of both e-mail and phone panels. E-mail panels are exercised in an attempt to obtain sensitive information such as usernames, passwords, and other information not publicly available. Phone panel exercises attempt to gather sensitive information by phone.
E-mail and phone panels are conducted throughout the year based on the credit union’s needs. Scenarios are designed in an attempt to successfully obtain sensitive information without authorization.