Social Engineering Testing

Put the people, policies, processes, and technical controls of your business to the test with NetSPI’s Social Engineering. Gain actionable findings from real-world email, text message, phone-based, and physical scenarios to reduce risk and improve security.

Social Engineering Testing

Email & Text Message Social Engineering Testing (Phishing)

Determine employee awareness levels, identify training opportunities, and discover procedural gaps through customized phishing messages designed to persuade employees into giving up sensitive information, or test email and spam filter configurations to improve technical controls. 

  • Security Awareness

    Emails are crafted with a malicious sign-in form to gain credentials, or to have employees retrieve and execute a malicious payload to exfiltrate workstation details.

  • Account Takeover

    Emails and text messages persuade employees to take actions which could compromise their accounts to capture MFA, session cookie details, or authentication tokens.

  • Spearphishing Campaign

    In collaboration we will build out a customized campaign targeting select users based on your specific objectives. We use an open-ended approach, identifying missing policies and edge case vulnerabilities to build an overall attack narrative.

Phone-Based Social Engineering Penetration Testing (Vishing)

Following an audit-based or open-ended approach, identify and minimize risk as it relates to real-time phone-based attacks designed to gain sensitive information from employees based on publicly available information, allowing you to reduce the impact of real-world attacks. 

  •    Policy Check

    With a goal of gathering specific information defined by you, we place calls using a standard script and pretext throughout each scenario. These calls are siloed, with information being reported, but not leveraged for further testing.

  •    Capture The Flag

    Utilizing an open-ended approach, we identify missing policies and edge case vulnerabilities to gain sensitive company information. Once obtained, we leverage discovered information throughout the test to build an overall attack narrative.

Physical & On-Site Social Engineering Testing

An on-site analysis of your physical security controls and related policies is completed, and key personnel are interviewed to discover potential weaknesses or gaps that could allow unauthorized access to restricted areas or sensitive data.

  • On-Site Assessment

    Focused solely on the human component of your business, NetSPI attempts to gain unauthorized access to sensitive areas, systems, and information through employees. Testers push controls and activities until they are detected or reported by employees.

  • Physical Security Controls Assessment

    During an on-site walkthrough, we will review the property, building perimeter, office interior, and restricted or secured areas of your business location to discover potential weaknesses or vulnerabilities and provide remediation recommendations.

  • Full On-Site Pentest

    Determine the risk presented by real-world threat actors attempting to gain unauthorized physical access to sensitive areas, systems, and information through a variety of actions such as tailgating, manipulating door locks, badge cloning, and more.

Delivered in NetSPI’s Penetration Testing as a Service (PTaaS) Platform

  • Real-Time Reporting – Get notified of vulnerabilities in platform as they are found.   
  • Remediation Guidance – Vulnerabilities are delivered with remediation instructions and consultant support.
  • Project Management & Communication – Effortlessly assign responsibilities, track remediation status, communicate with teams, and more.
  • Track & Trend Data – Analyze findings and discover trends over time.

Discover how the NetSPI BAS solution helps organizations validate the efficacy of existing security controls and understand their Security Posture and Readiness.