Social Engineering

Attackers attempt to trick employees into exposing sensitive information every day. Make sure your employees are ready. NetSPI’s social engineering helps validate and improve your procedural security controls and employee training.

Social Engineering

Improve Network Security Through Social Engineering

Social engineering attacks are common and increasingly effective. Find out if your organization’s policies, controls, and employee training will protect sensitive information from malicious phishing emails, phone calls, and unauthorized personnel on site.

During our social engineering testing services, NetSPI analyzes your organization’s social engineering prevention program and conducts live penetration testing using social engineering techniques and tools. We provide actionable guidance to close security gaps and improve your security program.

Email Social Engineering (Phishing)

NetSPI uses email in an attempt to persuade the recipient to divulge sensitive information, such as usernames and passwords, without verifying the identity of the sender of the email. Various types of phishing campaigns can be executed to measure employee responses, visits to malicious sites, and malicious payload execution.

Phone Social Engineering (Vishing)

NetSPI laces numerous calls to your IT support, customer support and employees, posing as a customer or employee, in an attempt to obtain sensitive information or functionality without verifying the identity of the caller. This can be used to verify the use of existing identification validation procedures.

On-Site Social Engineering

On-site social engineering testing is focused solely on the human component. NetSPI attempts to gain unauthorized on-site physical access to sensitive areas, systems, and information through interactions with employees. NetSPI’s testers push controls and ramp up activity until they are detected or reported by employees.

Physical Penetration Testing and Controls Audit

Receive a full-scope assessment of your company’s physical office during a physical pentest. Techniques may include badge cloning, lock picking, tampering with door controls, and more. With a focus on stealth and evasion, NetSPI’s physical penetration attempts to circumvent physical security controls to provide you with a comprehensive checklist of potential physical security weaknesses from an attacker’s perspective, as well as corresponding remediation action items.

For an escorted review of the physical controls in place at a client location, a physical controls audit can be performed by NetSPI. A physical controls audit includes interviews with key personnel and the review of documentation around current onsite policies and procedures, followed by an in-person review of the physical security controls in key areas and recommendations for improving your physical security controls.

Watch The Webinar: Automated Social Engineering for the Antisocial Engineer

Learn how to take existing, off-the-shelf tools and configure them to build your own social engineering “robot.”