Request a SERA quote:

Social Engineering Risk Assessment

During our Social Engineering Risk Assessment (SERA), you have the option for an Open Source Intelligence (OSINT) investigation on your company, and/or high-value internal personnel. We collect data from publicly available sources such as social media platforms, public records, interest and hobby sites, as well as other online databases. Next, we search for information that would enable an attacker to perform targeted attacks against your employees. Then, we seek out vulnerabilities that would give an attacker access to your facilities, accounts, or other sensitive information. We can perform a Social Engineering Risk Assessment against the company as a whole or against a single individual. Our sources range from open-source Clearnet sources, all the way to DarkWeb resources and tools.

Once we complete OSINT, you have the option for us to perform both phishing and vishing attack vectors on the target. We can gear these attacks toward testing your infrastructure as we do in an adversary simulation, or informational only. This service is completely customizable by you and for your organization.

Upon completion of the assessment, we provide a comprehensive report. The report details the information discovered in the time allowed for testing. Stakeholders can see for themselves the information that is available online about their employees. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated attack. As a result, stakeholders are able to see possible vulnerabilities in employee adherence to company policies as they relate to information disclosure and phishing attacks.

Why Choose Social Engineering Risk Assessment?

Social Engineering Risk Assessment is a valuable tool for organizations looking to evaluate their unique attack surface to social engineering attacks. Social Engineering Risk Assessment provides expert assessment and analysis of your potential risk. It also, details where information is located online that could pose that risk. Additionally, the results of the simulated phishing attack can allow for user-specific training to further secure your company and critical data. As a result, you are empowered to plan, educate, and prepare for attacks.

Request A Quote