Social Engineering: The Art of Gaining Access

Many organizations go to great lengths to protect their sensitive data with firewalls and access security systems, yet fail to realize that the weakest link in their data defenses is their own people. Today’s cyber criminals don’t need high-tech methods to hack into your computer systems. They take advantage of basic human behavior to get what they want. Social engineering is a non-technical intrusion that tricks unsuspecting employees into breaking normal security procedures and giving network access to attackers.


Email phishing is one of the most common social engineering methods. Users of critical data are tricked into revealing passwords or clicking on links that contain malware. As a part of Coalfire’s social engineering services, we conduct controlled phishing assessments in order to measure employees’ IT security awareness.


In pretexting, social engineers invent scenarios to engage targeted victims in such a way as to increase the possibility of obtaining sensitive data. To protect your organization from pretexting, Coalfire conducts controlled pretexting assessments to identify weak points in your employee defenses.

Physical Social Engineering

Criminals often take advantage of vulnerabilities in an organization’s physical environment in order to walk directly into an office to get what they want. Generally, the social engineer looks and acts as if they belong in the office in order to avoid suspicion. To ensure the security of your physical environment, Coalfire’s experts conduct physical social engineering exercises in an attempt to circumvent your security measures and identify vulnerabilities.

For all social engineering services, Coalfire provides a detailed description of the assessment, the results, and our recommendations. We also offer an in-depth debriefing to discuss findings and remediation with your stakeholders.