Request an SE Team Assessment quote.

The term “SE Team” is a nod to the commonly used term “Red Team” in a penetration testing context.

The purpose of the Social Engineering (SE) Team Assessment is to identify weaknesses that result in unprepared employees giving up vital information or allowing access to bad actors. We conduct these tests using research-driven and scientifically proven social engineering tactics such as deception, influence, and impersonation to test people in your organization during business hours.

We perform our SE Team Assessment using on-site Impersonation, phone Vishing, email Phishing, and other communication means. Prior to testing, we perform Open Source Intelligence (OSINT) gathering techniques to check for publicly available company-specific information that can assist in these attacks.

OSINT Component

Our professional Social Engineers perform an Open Source Intelligence (OSINT) investigation on your company and/or high-value internal personnel. We collect data from publicly available sources such as social media platforms, public records, interest and hobby sites, as well as other online databases. Our goal is to find information that would enable an attacker access to your facilities, accounts, or other sensitive information. Having this knowledge about the vulnerability of your company helps prevent targeted attacks against your employees.

 

Impersonation Component

Our on-site component to an SE Team assessment tests your organization’s human network. Specifically, it tests their understanding of visitors and unknown personnel identification and access policies. During this component, we will also test employees’ adherence to policies related to unknown or discovered USB keys and other media or network connected devices.

Our professional Social Engineers attempt to gain physical access to restricted areas of your company such as data centers, record storage areas, and/or offices. They may do this by posing as a trusted third-party partner. For example, they may pose as an employee, contractor, or person of authority. They may also pose as a completely unknown individual attempting unauthorized access.

 

Vishing Component

Our Vishing component to an SE Team assessment tests your organization’s human network for their understanding of policies relating to vishing attacks. Our professional Social Engineers attempt to elicit sensitive data over the phone. They try to influence employees to visit previously unknown websites, emulating potentially malicious sites to compromise user credentials or their workstations. They may do this by posing as a trusted third-party partner. For instance, they may pose as an employee, contractor, or person of authority. They may also pose as a completely unknown individual attempting access or asking for assistance.

 

Phishing Component

Our Phishing component of an SE Team assessment tests your organization’s human network for their understanding of policies relating to phishing attacks.

Our professional Social Engineers attempt to elicit sensitive data via email. They also try to influence employees to visit previously unknown websites, emulating potentially malicious sites to compromise credentials or their workstations. Using discovered OSINT data our professional social engineers craft custom phishing themes and messaging. They may pose as a trusted third-party partner such as an employee, contractor, or person of authority. Additionally, they may also pose as a completely unknown individual attempting access or asking for assistance.

 

Summary of Assessment

Upon completion of the assessment, we provide a comprehensive report, detailing the information discovered in the time allowed for testing. Stakeholders can see for themselves the information that is available online about themselves or their employees and company. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated attacks. This enables stakeholders to see the possible vulnerabilities in employee adherence to company policies as they relate to phishing, vishing, and impersonation attacks.

Why Choose Social Engineering Team Assessment?

Social Engineering Team Assessment is a valuable tool that enables organizations to evaluate their unique attack surface to social engineering attacks. SE Team engagements provide expert assessment and analysis of your potential risk. It also details where information is located online that could pose that risk. Additionally, the results of the simulated phishing, vishing, and impersonation attacks can allow for user specific training. This actionable data allows you to further secure your company and critical data. As a result, you can plan, educate, and prepare for attacks.

Social engineering is one of the fastest growing security risks concerns today. In fact, the FBI’s 2019 Internet Crime Complaint Incident Report notes that companies lost an alarming $57,836,379 as a result of social attacks which included vishing and phishing. These reports confirm, without a doubt, that criminals actively target the human network via social engineering.

In a social engineering attack, criminals use social skills such as influence tactics, to elicit information about an organization or its computer systems. We define social engineering as, “any act that influences a person to take an action that may or may not be in their best interest”. In view of this, at Social-Engineer we study the psychological, physiological, and technological aspects of influence. We use our unique insights to provide realistic simulated social engineering attacks. Our cutting-edge approach—combining the human network with the digital – provides your organization with the optimal security awareness training.

Request A Quote