The Social Engineering Pentest is a unique penetration test that specifically tests only the human element of your organization. Its purpose is to ensure that employees follow company security standards. Additionally, it assists a company to align themselves with industry best practices.
Our Social Engineering Pentest begins with an Open Source Intelligence (OSINT) investigation on your company and high value internal personnel. We collect data from publicly available sources such as social media platforms, interest and hobby sites, public records, and various online databases. Our goal is to find information that would enable an attacker to perform targeted attacks against your employees. This may result in information that could, for example, give an attacker access to your facilities, accounts, or other sensitive information.
Using this information, we tailor attacks known as “spear phishing” and “spear vishing” specific to chosen individuals. The goal is to show how an attacker can start with freely available online information and leverage that into possible personnel or data compromise within an organization.
Upon completion of the assessment, we provide a comprehensive report, detailing the information discovered in the time allowed for testing. Stakeholders can see for themselves the information that is available online about themselves or their employees and company. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated phishing and vishing attacks. This enables the stakeholders to see the possible vulnerabilities in employee adherence to company policies.