During our Social Engineering Risk Assessment (SERA), you have the option for us to perform an Open Source Intelligence (OSINT) investigation on your company and/or high value internal personnel. We collect data from publicly available sources such as social media platforms, public records, interest and hobby sites, as well as other online databases. We search for information that would enable an attacker to perform targeted attacks against your employees. We seek out vulnerabilities that would give an attacker access to your facilities, accounts, or other sensitive information. SERA can be performed against the company as a whole or against a single individual. Our sources can range from open-source Clearnet sources, all the way to DarkWeb resources and tools.
Once OSINT is completed, you have the option for us to perform both phishing and vishing attack vectors on the target. These attacks can be geared towards testing of your infrastructure as we do in a pentest or informational only. This service is completely customizable by you and for your organization.
Upon completion of the assessment, we provide a comprehensive report. The report details the information discovered in the time allowed for testing. Stakeholders can see for themselves the information that is available online about their employees. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated attack. This enables stakeholders to see possible vulnerabilities in employee adherence to company policies as they relate to information disclosure and phishing attacks.