Social engineering

Put the people, policies, processes, and technical controls of your business to the test with NetSPI’s social engineering offerings. Gain actionable findings from real-world email, text message, phone-based, and physical scenarios to reduce risk and improve security.

Our social engineering solutions

Email & text message (Phishing)

Determine employee awareness levels, identify training opportunities, and discover procedural gaps through customized phishing messages designed to persuade employees into giving up sensitive information, or test email and spam filter configurations to improve technical controls. 

Security Awareness: We craft emails with the goal of bringing users to an external website, and then send them to a broad group to focus on larger metrics of who does or does not detect phishing emails.

Account Takeover: We use emails and texts to persuade employees to take actions which could compromise their accounts. Once an account is compromised, we see what information we can find and extract.

Spearphishing Campaign: In collaboration we build out a customized campaign targeting select users based on your specific objectives. We use an open-ended approach, identifying missing policies and edge case vulnerabilities to build an overall attack narrative.

Phone-based (Vishing)

Identify and minimize risk as it relates to real-time phone-based attacks designed to gain sensitive information from employees. 

Policy Check: We aim to gather information by placing calls using a standard script and pretext. These calls are siloed, with information being reported, but not leveraged for further testing. 

Capture The Flag: Utilizing an open-ended approach, we identify missing policies and edge case vulnerabilities. Then we leverage it to build an overall attack narrative.

Physical & on-site social engineering

Our on-site services help you close policy gaps, test access controls, and evaluate employee awareness to minimize the risk of an intruder gaining physical access to your locations.

Physical social engineering assessment: Focused on in-person human interactions, we assess physical access policies, employee awareness, and compliance with the goal of reducing risk at your location.

Physical security controls assessment: We evaluate and improve the effectiveness of physical access controls at your location to determine how effective your physical security controls are at preventing and detecting threats.

Physical on-site penetration test: We attempt to gain unauthorized physical access to sensitive areas and resources using social engineering techniques, physical security bypasses, and technical attacks. Assess risk, benchmark security capabilities, justify security investments, sharpen the skills of your team, and improve detective controls.

You deserve The NetSPI Advantage

Security experts

  • 250+ pentesters
  • Employed, not outsourced
  • Domain expertise

Intelligent process

  • Programmatic approach
  • Strategic guidance
  • Delivery management team

Advanced technology

  • Consistent quality
  • Deep visibility
  • Transparent results