Social engineering
Put the people, policies, processes, and technical controls of your business to the test with NetSPI’s social engineering offerings. Gain actionable findings from real-world email, text message, phone-based, and physical scenarios to reduce risk and improve security.
Our social engineering solutions
Email & text message (Phishing)
Determine employee awareness levels, identify training opportunities, and discover procedural gaps through customized phishing messages designed to persuade employees into giving up sensitive information, or test email and spam filter configurations to improve technical controls.
Security Awareness: We craft emails with the goal of bringing users to an external website, and then send them to a broad group to focus on larger metrics of who does or does not detect phishing emails.
Account Takeover: We use emails and texts to persuade employees to take actions which could compromise their accounts. Once an account is compromised, we see what information we can find and extract.
Spearphishing Campaign: In collaboration we build out a customized campaign targeting select users based on your specific objectives. We use an open-ended approach, identifying missing policies and edge case vulnerabilities to build an overall attack narrative.
Phone-based (Vishing)
Identify and minimize risk as it relates to real-time phone-based attacks designed to gain sensitive information from employees.
Policy Check: We aim to gather information by placing calls using a standard script and pretext. These calls are siloed, with information being reported, but not leveraged for further testing.
Capture The Flag: Utilizing an open-ended approach, we identify missing policies and edge case vulnerabilities. Then we leverage it to build an overall attack narrative.
Physical & on-site social engineering
Our on-site services help you close policy gaps, test access controls, and evaluate employee awareness to minimize the risk of an intruder gaining physical access to your locations.
Physical social engineering assessment: Focused on in-person human interactions, we assess physical access policies, employee awareness, and compliance with the goal of reducing risk at your location.
Physical security controls assessment: We evaluate and improve the effectiveness of physical access controls at your location to determine how effective your physical security controls are at preventing and detecting threats.
Physical on-site penetration test: We attempt to gain unauthorized physical access to sensitive areas and resources using social engineering techniques, physical security bypasses, and technical attacks. Assess risk, benchmark security capabilities, justify security investments, sharpen the skills of your team, and improve detective controls.
Meet the experts behind our solutions
With the full force of our team in your corner, you can navigate rapid innovation with confidence, while protecting the trust you’ve worked so hard to build.
You deserve The NetSPI Advantage
Security experts
- 250+ pentesters
- Employed, not outsourced
- Domain expertise
Intelligent process
- Programmatic approach
- Strategic guidance
- Delivery management team
Advanced technology
- Consistent quality
- Deep visibility
- Transparent results
Featured resources
Automated Social Engineering for the Antisocial Engineer
In this presentation featuring NetSPI’s Patrick Sayler, learn how to take existing, off-the-shelf tools and configure them to build your own social engineering “robot.”
Not Your Average Bug Bounty: How an Email, a Shirt, and a Sticker Compromised a High Security Datacenter
See a real-world example of how an on-site social engineering pentest against a high-security datacenter resulted in high-impact findings to improve a client’s security.
Dark Reading: As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan
NetSPI Director of Social Engineering Patrick Sayler shared his insights on social engineering attacks on Dark Reading.