Our social engineering services focus on highlighting the risks posed by the human element of your organisation. Our services are divided into three main areas:

Physical Intrusion

Organisations frequently underestimate the risk associated with an attacker intruding their physical locations and accessing computers on the premises, stealing sensitive paperwork or hard drives, or planting devices onto the network. Our physical intrusion testing consists of comprehensive research and planning, reconnaissance of the building, creation of pre-texts, and execution of the attack. Our social engineers come from a variety of different backgrounds and have successfully intruded hundreds of locations of all different types.

Vishing

Your staff can often be caught off guard by social engineers that telephone them directly and use deception to attempt to gain access to sensitive information, such as IT system details, personal details of staff or clients, or even passwords. Our vishing service is objective-led, using social engineering techniques to gain access to specific information defined by the client. The test includes extensive research and planning, creation of scripts and pre-texts, and execution of the attack.

Phishing

We can perform one-off phishing exercises if our PhishEd service is more extensive than your requirements. Our phishing service aims to trick staff into clicking a link and entering their credentials into a fake version of a website they recognise, such as your remote email system, or trick them into opening an attachment. The details of any user that interacted with the email are recorded, and detailed metrics provided in the report.

Read more about ethical phishing