The Social Engineering Penetration Test specifically assesses only the human element within your organization. Its purpose is to ensure employee adherence to company security standards. Additionally, it assists a company to align themselves with industry best practices.
The Social Engineering Penetration Test —What You Will Receive
Our Social Engineering Penetration Test begins with an Open Source Intelligence (OSINT) investigation. Your company and high value internal personnel are the focus of investigation. We collect data from publicly available sources. Such as social media platforms, interest and hobby sites. As well as, public records and various online databases. Our goal is to find information that would enable an attacker to perform targeted attacks against your employees. This may result in information that could, for example, give an attacker access to your facilities, accounts, or other sensitive information.
Using this information, we tailor attacks known as “spear phishing” and “spear vishing” specific to chosen individuals. Upon request, we can also tailor SMiShing attacks. The goal is to show how an attacker can start with freely available online information and leverage that into possible personnel or data compromise within an organization.
Upon completion of the assessment, we provide a comprehensive report, detailing the information discovered in the time allowed for testing. Stakeholders can see for themselves the information that is available online about themselves or their employees and company. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated phishing and vishing attacks. As a result, the stakeholders see the possible vulnerabilities in employee adherence to company policies.