During our Social Engineering Risk Assessment (SERA), you have the option for an Open Source Intelligence (OSINT) investigation on your company, and/or high-value internal personnel. We collect data from publicly available sources such as social media platforms, public records, interest and hobby sites, as well as other online databases. Next, we search for information that would enable an attacker to perform targeted attacks against your employees. Then, we seek out vulnerabilities that would give an attacker access to your facilities, accounts, or other sensitive information. We can perform a Social Engineering Risk Assessment against the company as a whole or against a single individual. Our sources range from open-source Clearnet sources, all the way to DarkWeb resources and tools.
Once we complete OSINT, you have the option for us to perform both phishing and vishing attack vectors on the target. We can gear these attacks toward testing your infrastructure as we do in an adversary simulation, or informational only. This service is completely customizable by you and for your organization.
Upon completion of the assessment, we provide a comprehensive report. The report details the information discovered in the time allowed for testing. Stakeholders can see for themselves the information that is available online about their employees. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated attack. As a result, stakeholders are able to see possible vulnerabilities in employee adherence to company policies as they relate to information disclosure and phishing attacks.