We tailor assessments based on attack vectors to be tested and your end objective (employee security awareness, attack mitigation, etc.). Testing activities remain in a controlled environment, and assessment results provide actionable remediation.
For all social engineering services, we provide a detailed description of the assessment, results, and our recommendations. We also offer an in-depth debriefing to discuss findings and remediation with your stakeholders.
Our services include:
Open-source intelligence gathering
We use publicly available information to gather intelligence and inform targeted social engineering attacks.
Pretexting / cold-calling
Phone-based social engineering is used to gather critical information. Social engineers invent scenarios to engage targeted victims in ways that increase the possibility of obtaining sensitive data.
Email spear phishing targets designated personnel with an email that employs varying levels of sophistication based on threat objectives. Email phishing is one of the most common social engineering attack methods.
On-site reconnaissance / physical social engineering
Criminals often take advantage of vulnerabilities in an organization’s physical environment to walk directly into an office to get what they want. Our experts conduct physical social engineering exercises – such as baiting, tailgating, dumpster diving, USB drops – in an attempt to circumvent your security measures and identify vulnerabilities at specific locations and with physical network access.