Social Engineering: The Art of Gaining Access

Evaluate risk, identify breakdowns in protections, and implement remediation strategies.

Many organizations go to great lengths to protect their sensitive data with firewalls and access security systems, yet fail to realize that the weakest link in their data defenses is their own people. Social engineering is the most common – and highly successful – tactic used by adversaries to gain unauthorized access to a network. Social engineering is a non-technical intrusion that tricks unsuspecting employees into breaking normal security procedures and giving network access to attackers.

We tailor assessments based on attack vectors to be tested and your end objective (employee security awareness, attack mitigation, etc.). Testing activities remain in a controlled environment, and assessment results provide actionable remediation.

For all social engineering services, we provide a detailed description of the assessment, results, and our recommendations. We also offer an in-depth debriefing to discuss findings and remediation with your stakeholders.

Our services include:

Open-source intelligence gathering

We use publicly available information to gather intelligence and inform targeted social engineering attacks.

Pretexting / cold-calling

Phone-based social engineering is used to gather critical information. Social engineers invent scenarios to engage targeted victims in ways that increase the possibility of obtaining sensitive data.

Spear phishing

Email spear phishing targets designated personnel with an email that employs varying levels of sophistication based on threat objectives. Email phishing is one of the most common social engineering attack methods.

On-site reconnaissance / physical social engineering

Criminals often take advantage of vulnerabilities in an organization’s physical environment to walk directly into an office to get what they want. Our experts conduct physical social engineering exercises – such as baiting, tailgating, dumpster diving, USB drops – in an attempt to circumvent your security measures and identify vulnerabilities at specific locations and with physical network access.

Why partner with Coalfire for social engineering assessments

  • Evaluate how effectively your current security awareness training and operational readiness response are to combat social engineering tactics.
  • Assess your organization’s susceptibility to common network intrusions.
  • Analyze employee awareness of, and responses to, suspicious activity and improve incident responses to non-technical attack vectors.
  • Understand how to immediately improve your current security posture.