Social Engineering Services

Trojan Horse. One of the oldest Social Engineering tactics.

Trojan Horse. One of the oldest Social Engineering tactics.

We use Social Engineering techniques to attempt to infect user computers or trick users to divulge sensitive information. Email Phishing will measure how many users fall for the phishing ploy and click on a link or open an attachment.  Voice (Phone) phishing tactics will attempt to get users to provide sensitive data, such as usernames and passwords, over the phone.  

BENEFITS / RETURN ON INVESTMENT (ROI)

Source: 2015 Data Breach Investigations Report (Verizon)

Source: 2015 Data Breach Investigations Report (Verizon)

Our Social Engineering testing services provides an economic way for you to measure the effectiveness of your Security Awareness training.  Many attackers use social engineering tactics to take control of your systems.  People, processes, and technologies have to work in concert to achieve a secure environment.  Our Social Engineering campaigns test the people part of this triad.

Deliverable

The Social Engineering Report covers tactics used for both the email phishing and voice phishing campaigns, as well as any other authorized social engineering tactics. Phishing analytics will be provided for an email campaign that show how many users “fell” for the tactic used by clicking on a link or opening an attachment.  Samples of phishing emails are included in this section of the report.  The report also discusses tactics used for the phone phishing and discusses information gathered from in scope targets (typically a subset of users and the Helpdesk).

Interested in testing your users to see measure the effectiveness of your Security Awareness training?

Contact Us for more information about our Social Engineering service.

Social Engineering FAQs

What are some of the common tactics used for Social engineering?

Example of a fake "Facebook" designed to steal credentials.

  • Email phishing
  • Phone calls to users or the Helpdesk
  • In-person 
  • Social media
  • Text messages

Is the social engineering test performed remotely or oniste?

Typically we perform the Social Engineering Test remotely, unless In-person social engineering is requested.

What does a phishing email look like?

If phishing is done properly, the email should look very realistic and be hard to tell from a legitimate email. Below is a sample phishing email from the "IRS".  Checking the "From" and "Reply-To" and hyperlinks can be used to reveal the email is not legitimate and is phishing.

Sample Phishing Email

Is Social Engineering part of penetration testing?

Yes, social engineering can be used as part of a penetration test.  We prefer to offer our services in a line-item style so you can choose what works for you.  We also do "pure" penetration tests where we use a combination of multiple tactics, such as physical  (tailgating, badge cloning, etc.), social engineering, and technical.  If you are interested in this type of service, please contact us.

RELATED SERVICES