Social Engineering
Put the people, policies, processes, and technical controls of your business to the test with NetSPI’s social engineering offerings. Gain actionable findings from real-world email, text message, phone-based, and physical scenarios to reduce risk and improve security.
Custom Engagements
NetSPI Social Engineering
Our social engineering experts deliver actionable findings from real-world email, text, phone, and physical scenarios. Social engineering assessments help to verify the effectiveness of existing security procedures across your organization.
Email & Text Message ( Phishing )
Determine employee awareness levels, identify training opportunities, and discover procedural gaps through customized phishing messages designed to persuade employees into giving up sensitive information, or test email and spam filter configurations to improve technical controls.
-
Security Awareness:
We craft emails with the goal of bringing users to an external website, and then send them to a broad group to focus on larger metrics of who does or does not detect phishing emails.
-
Account Takeover:
We use emails and texts to persuade employees to take actions which could compromise their accounts. Once an account is compromised, we see what information we can find and extract.
-
Spearphishing Campaign:
Collaborating to build out a customized campaign targeting select users based on your specific objectives. We use an open-ended approach, identifying missing policies and edge case vulnerabilities to build an overall attack narrative.
Phone / Voice ( Vishing )
Identify and minimize risk as it relates to real-time phone-based attacks designed to gain sensitive information from employees.
-
Policy Check:
We aim to gather information by placing calls using a custom script and pretext. These calls are siloed, with information being reported, but not leveraged.
-
Capture The Flag:
Utilizing an open-ended approach, we identify missing policies and unique vulnerabilities that are then leveraged to build an overall attack narrative.
NetSPI’s Social Engineering Team
NetSPI is positioned as an innovator in social engineering assessments because of our team’s unmatched experience and creativity.
The team is led by Patrick Sayler, our Director of Social Engineering, with more than a decade of industry experience.
Patrick Sayler
Director, Social Engineering
Dalin McClellan
Principal Consultant
Rafael Seferyan
Principal Tech Lead
Michael Jereza
Principal Tech Lead
Physical & On-Site Social Engineering
Our on-site services help you close policy gaps, test access controls, and evaluate employee awareness to minimize the risk of an intruder gaining physical access to your locations.
-
Physical social engineering assessment:
Focused on in-person human interactions, we assess physical access policies, employee awareness, and compliance with the goal of reducing risk at your location.
-
Physical security controls assessment:
We evaluate and improve the effectiveness of physical access controls at your location to determine how effective your physical security controls are at preventing and detecting threats.
-
Physical on-site penetration test:
We attempt to gain unauthorized physical access to sensitive areas and resources using social engineering techniques, physical security bypasses, and technical attacks.
