Social Engineering
Attackers attempt to trick employees into exposing sensitive information every day. Make sure your employees are ready. NetSPI’s social engineering testing helps validate and improve your procedural security controls and employee training.
Improve Network Security Through Social Engineering Testing
Social engineering attacks are common and increasingly effective. Find out if your organization’s policies, controls, and employee training will protect sensitive information from malicious phishing emails, phone calls, and unauthorized personnel on site.
NetSPI’s social engineering penetration testing methodology analyzes your organization’s social engineering attack prevention program and conducts live penetration testing using social engineering techniques and tools. We provide actionable guidance to close security gaps and improve your security program.
Email Social Engineering (Phishing)
NetSPI uses email in an attempt to persuade the recipient to divulge sensitive information, such as usernames and passwords, without verifying the identity of the sender of the email. Various types of phishing campaigns can be executed to measure employee responses, visits to malicious sites, and malicious payload execution.
Phone Social Engineering (Vishing)
NetSPI places numerous calls to your IT support, customer support and employees, posing as a customer or employee, in an attempt to obtain sensitive information or functionality without verifying the identity of the caller. This can be used to verify the use of existing identification validation procedures.
On-Site Social Engineering
On-site social engineering testing is focused solely on the human component. NetSPI attempts to gain unauthorized on-site physical access to sensitive areas, systems, and information through interactions with employees. NetSPI’s testers push controls and ramp up activity until they are detected or reported by employees.
Physical Penetration Testing and Controls Audit
Receive a full-scope assessment of your company’s physical office during physical pentesting. Techniques may include badge cloning, lock picking, tampering with door controls, and more. With a focus on stealth and evasion, NetSPI’s physical penetration testing attempts to circumvent physical security controls to provide you with a comprehensive checklist of potential physical security weaknesses from an attacker’s perspective, as well as corresponding remediation action items.
For an escorted review of the physical controls in place at a client location, a physical controls audit can be performed by NetSPI. A physical controls audit includes interviews with key personnel and the review of documentation around current onsite policies and procedures, followed by an in-person review of the physical security controls in key areas and recommendations for improving your physical security controls.
Watch The Webinar: Automated Social Engineering for the Antisocial Engineer
Learn how to take existing, off-the-shelf tools and configure them to build your own social engineering “robot.”
Read Our Blog: How to Maintain Secure Social Interactions When Returning to the Office
To help prevent employees from falling victim to social engineering attacks and maintain secure social interactions, here are five considerations to pay attention to.