Social Engineering

Simulated Social Tests

The human element is often the weakest link of the security chain. We simulate sophisticated phishing, vishing, and physical social engineering attacks to test your team’s security awareness and response procedures. The result is a stronger, more resilient human firewall for your organization.

Detailed Planning Process

Our social engineering engagements begin with a detailed planning and reconnaissance phase. We work with your team to define the objective of the assessment, such as harvesting user credentials or gaining access to a workstation. We then gather information about the specific targets or target groups using OSINT; researching the organization's structure, key personnel, and publicly available information to craft a compelling scenario.

Safe Simulated Attacks

We then craft and launch the simulated attack, ensuring all interactions are carefully scripted and documented. Attacks may include phishing campaign email that might warn of an expiring VPN password and direct the target to a fake password reset page or a phone call from an engineer impersonating a Help Desk employee to request the reset.

Provide A Detailed Summary

Once the campaign concludes, we will document all our findings and identify the gaps in your security procedures and awareness. Our reports will contain outlines of the methodologies we used, vulnerabilities or gaps discovered and actionable remediation steps. The goal is not to reprimand employees who ‘fail’ the campaign, but strengthen your security awareness training and build a more resilient human firewall.