Request a Penetration Test quote.

The Social Engineering Pentest is a unique penetration test that specifically tests only the human element of your organization. Its purpose is to ensure that employees follow company security standards. Additionally, it assists a company to align themselves with industry best practices.

Our Social Engineering Pentest begins with an Open Source Intelligence (OSINT) investigation on your company and high value internal personnel. We collect data from publicly available sources such as social media platforms, interest and hobby sites, public records, and various online databases. Our goal is to find information that would enable an attacker to perform targeted attacks against your employees. This may result in information that could, for example, give an attacker access to your facilities, accounts, or other sensitive information.

Using this information, we tailor attacks known as “spear phishing” and “spear vishing” specific to chosen individuals. The goal is to show how an attacker can start with freely available online information and leverage that into possible personnel or data compromise within an organization.

Upon completion of the assessment, we provide a comprehensive report, detailing the information discovered in the time allowed for testing. Stakeholders can see for themselves the information that is available online about themselves or their employees and company. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated phishing and vishing attacks. This enables the stakeholders to see the possible vulnerabilities in employee adherence to company policies.

Why Choose the Social Engineering Pentest?

The Social Engineering Pentest is a valuable tool for organizations looking to evaluate their unique attack surface to social engineering attacks. It provides expert assessment and analysis of your potential risk and details where information is located online that could pose that risk. Additionally, the results of the simulated attacks can allow for user-specific training to further secure your company and critical data. As a result, you can plan, educate, and prepare for attacks.

Social engineering is one of the fastest growing security risk concerns today. In fact, the FBI’s 2019 Internet Crime Complaint Incident Report notes that companies lost an alarming $57,836,379 as a result of social attacks which included vishing and phishing. This report confirms, without a doubt, that criminals actively target the human network via social engineering.

In a social engineering attack, criminals use social skills such as influence tactics to elicit information about an organization or its computer systems. We define social engineering as “any act that influences a person to take an action that may or may not be in their best interest”. In view of this, at Social-Engineer we study the psychological, physiological, and technological aspects of influence. We use our unique insights to provide realistic simulated social engineering attacks. Our cutting-edge approach—combining the human network with the digital, provides your organization with the optimal security awareness training.

Request A Quote