Request a SE Team Engagement quote:

Click Here

Social Engineering Teaming Service is used to identify employees vulnerability to the onsite impersonation attack vector.  The term “SE Team” is a nod to the commonly used term “Red Team” in a penetration testing context. We conduct these tests using research-driven and scientifically proven social engineering tactics, such as deception, influence, and impersonation to test staff adherence to company policy during normal business hours.

Performance of these tests include using on-site impersonation, phone vishing, email phishing, and other communication means when necessary. Prior to testing, we perform Open Source Intelligence (OSINT) gathering techniques to check for publicly available company-specific information that can assist in these attacks. Stakeholders see for themselves the information that is available online about themselves or their employees and company. 

OSINT Component

Our professional social engineers perform an Open Source Intelligence (OSINT) investigation on your company and/or high-value internal personnel. We collect data from publicly available sources. Such as social media platforms, public records, interest and hobby sites, as well as other online databases. Our goal is to find information that would enable an attacker to access your facilities, accounts, or other sensitive information. Knowledge regarding the vulnerability of your company helps prevent targeted attacks against your employees.

Impersonation Component

The on-site component to our SE Teaming Service tests your organization’s human network. Specifically, it tests their understanding of visitors and unknown personnel identification and access policies. During this component, we also test employees’ adherence to policies related to unknown or discovered USB keys and other media or network connected devices.

Our professional social engineers attempt to gain physical access to restricted areas of your company. Such as data centers, record storage areas, and/or offices. They may do this by posing as a trusted third-party partner. For example, they may pose as an employee, contractor, or person of authority. They may also pose as a completely unknown individual attempting unauthorized access.

Vishing Component

The Vishing component to our SE Teaming Service tests your organization’s human network for their understanding of policies relating to vishing attacks. Our professional social engineers attempt to elicit sensitive data over the phone. They try to influence employees to visit previously unknown websites, emulating potentially malicious sites to compromise user credentials or their workstations. They may do this by posing as a trusted third-party partner. For instance, they may pose as an employee, contractor, or person of authority. They may also pose as a completely unknown individual attempting access or asking for assistance.

Phishing Component

The Phishing component of our SE Teaming Service tests your organization’s human network for their understanding of policies relating to phishing attacks.

Our professional social engineers attempt to elicit sensitive data via email. They also try to influence employees to visit previously unknown websites, emulating potentially malicious sites to compromise credentials or their workstations. Using discovered OSINT data our professional social engineers craft custom phishing themes and messaging. They may pose as a trusted third-party partner such as an employee, contractor, or person of authority. Additionally, they may also pose as a completely unknown individual attempting access or asking for assistance.

SMiShing Component

Upon request, we can also include a SMiShing component to our SE Teaming Service engagement. This will test your organization’s human network for their understanding of policies relating to SMS attacks.

Summary of Assessment

Upon completion of the Social Engineering Teaming Service, we provide a comprehensive report, detailing the information discovered in the time allowed for testing. Stakeholders will view the information that is available online about themselves or their employees and company. In addition to the OSINT data, we also provide the actions and/or responses received during the simulated attacks. This enables visibility into the possible vulnerabilities with employee adherence to company policies as they relate to phishing, vishing, and impersonation attacks.

Why Choose Social Engineering Teaming Service?

Social Engineering Teaming Service is a valuable tool that enables organizations to evaluate their unique attack surface to social engineering attacks. SE Team engagements provide expert assessment and analysis of your potential risk. It also details where information is located online that could pose that risk. Additionally, the results of the simulated phishing, vishing, and impersonation attacks can allow for user specific training. This actionable data allows you to further secure your company and critical data. As a result, you can plan, educate, and prepare for attacks.

Social Engineering — A Fast Growing Security Risk Concern

Social engineering is one of the fastest growing security risks concerns today. In fact, the FBI’s 2019 Internet Crime Complaint Incident Report notes that companies lost an alarming $57,836,379 as a result of social attacks which included vishing and phishing. These reports confirm, without a doubt, that criminals actively target the human network via social engineering.

In a social engineering attack, criminals use social skills such as influence tactics, to elicit information about an organization or its computer systems. We define social engineering as, “any act that influences a person to take an action that may or may not be in their best interest”. In view of this, at Social-Engineer we study the psychological, physiological, and technological aspects of influence. We use our unique insights to provide realistic simulated social engineering attacks. Our cutting-edge approach—combining the human network with the digital – provides your organization with the optimal security awareness training.

Request A Quote