Request a Penetration Test quote.

Social Engineering Penetration Test

The Social Engineering Penetration Test specifically assesses only the human element within your organization. Its purpose is to ensure employee adherence to company security standards. Additionally, it assists a company to align themselves with industry best practices.

The Social Engineering Penetration Test —What You Will Receive

Our Social Engineering Penetration Test begins with an Open Source Intelligence (OSINT) investigation. Your company and high value internal personnel are the focus of investigation. We collect data from publicly available sources. Such as social media platforms, interest and hobby sites. As well as, public records and various online databases. Our goal is to find information that would enable an attacker to perform targeted attacks against your employees. This may result in information that could, for example, give an attacker access to your facilities, accounts, or other sensitive information.

Using this information, we tailor attacks known as “spear phishing” and “spear vishing” specific to chosen individuals. The goal is to show how an attacker can start with freely available online information and leverage that into possible personnel or data compromise within an organization.

Upon completion of the assessment, we provide a comprehensive report, detailing the information discovered in the time allowed for testing. Stakeholders can see for themselves the information that is available online about themselves or their employees and company. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated phishing and vishing attacks. As a result, the stakeholders see the possible vulnerabilities in employee adherence to company policies.

Why Choose the Social Engineering Pentest?

The Social Engineering Penetration Test is a valuable tool which equips organizations to evaluate their unique attack surface to social engineering attacks. Expert assessment and analysis reveal potential risks and where information is located online that could pose that risk. Additionally, the results of the simulated attacks allow for user-specific training to further secure your company and critical data. As a result, you can plan, educate, and prepare for attacks.

Social Engineering — A Fast Growing Security Risk Concern

Social engineering is one of the fastest growing security risk concerns today. In fact, the FBI’s 2019 Internet Crime Complaint Incident Report notes that companies lost an alarming $57,836,379 as a result of social attacks. Included in these social attacks are vishing and phishing. This report confirms that criminals actively target the human network via social engineering.

In a social engineering attack, criminals use social skills such as influence tactics to elicit information about an organization or its computer systems. We define social engineering as “any act that influences a person to take an action that may or may not be in their best interest”. In view of this, at Social-Engineer we study the psychological, physiological, and technological aspects of influence. We use our unique insights to provide realistic simulated social engineering attacks. Our cutting-edge approach—combining the human network with the digital, provides your organization with the optimal security awareness training.

Request A Quote