Request a SERA quote.

Social Engineering Risk Assessment

During our Social Engineering Risk Assessment (SERA), you have the option for an Open Source Intelligence (OSINT) investigation on your company, and/or high value internal personnel. We collect data from publicly available sources. Such as social media platforms, public records, interest and hobby sites, as well as other online databases. Next, we search for information that would enable an attacker to perform targeted attacks against your employees. Then, we seek out vulnerabilities that would give an attacker access to your facilities, accounts, or other sensitive information. We can perform a Social Engineering Risk Assessment against the company as a whole or against a single individual. Our sources range from open-source Clearnet sources, all the way to DarkWeb resources and tools.

Once  we complete OSINT, you have the option for us to perform both phishing and vishing attack vectors on the target. We can gear these attacks towards testing of your infrastructure as we do in a pentest, or informational only. This service is completely customizable by you and for your organization.

Upon completion of the assessment, we provide a comprehensive report. The report details the information discovered in the time allowed for testing. Stakeholders can see for themselves the information that is available online about their employees. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated attack. As a result, stakeholders to see possible vulnerabilities in employee adherence to company policies as they relate to information disclosure and phishing attacks.

Why Choose Social Engineering Risk Assessment?

Social Engineering Risk Assessment is a valuable tool for organizations looking to evaluate their unique attack surface to social engineering attacks. Social Engineering Risk Assessment Phishing provides expert assessment and analysis of your potential risk. It also, details where information is located online that could pose that risk. Additionally, the results of the simulated phishing attack can allow for user specific training to further secure your company and critical data. As a result, you are empowered to plan, educate, and prepare for attacks.

Request A Quote

Phishing as a Service (PHaaS®)

Phishing as a Service® (PHaaS®) is Social-Engineer’s patented, fully managed monthly service. It is an essential tool to keep your enterprise one step ahead of attackers.

Vishing as a Service (VaaS®)

Our professional Social Engineers use custom crafted phone pretexts to elicit critical data from your employees on a month to month basis. This process equips organizations with a continuous assessment and training process to successfully combat vishing attacks.

Social Engineering Risk Assessment (SERA)

During our Social Engineering Risk Assessment, you have the options for us to perform an Open Source Intelligence (OSINT) investigation on your company and/or high value internal personnel. We collect data from publicly available sources such as social media platforms, public records, interest and hobby sites, as well as other online databases. We search for information that would enable an attacker to perform targeted attacks against your employees.

Physical Security Assessments

Social Engineering Teaming Service

The term “SE Team” is a nod to the commonly used term “Red Team” in a penetration testing context. At Social-Engineer, LLC we pride ourselves on differentiating terminology into meaningful and unambiguous terms.

Red Teaming Service

The Red Teaming Service is a full-scope, multi-layered, adversarial simulation. Its purpose is to test a company’s human element, networks, applications, and physical security.

Penetration Testing

Social Engineering Pentest

The Social Engineering Pentest is a unique penetration test that specifically tests only the human element of your organization. Its purpose is to ensure that employees follow company security standards. Additionally, it assists an organization to align themselves with industry best practices.

Network Pentest

The Network Penetration Test is a Penetration Test that specifically tests the vulnerability of your network. The communication systems your employees and colleagues use are vulnerable to malicious attacks. We perform Network Penetration Testing against external assets, internal assets, or a combination of both.