Social Engineering can be used as a one-time test of the effectiveness of your broader security awareness campaign, or to help win over support for new training programmes.
Using the latest intelligence on social engineering tradecraft, these services evaluate the vigilance of your employees against creative, often personalised or "spear-phishing" threats that work to exploit trust and lack of security awareness.
- Phishing: Click and Log - deploys a distinct simulated phishing email (“PhishTest”) to a significant population of your employees to test whether they click on malicious links that they shouldn’t. It is a single test that attempts to trick as many employees as possible.
- Phishing: Endpoint Attack – tests user security awareness by manipulating individuals in your organisation to perform malicious actions or provide sensitive information over email. The content used in these scenarios ranges from generic, spam-like messages to client-specific emails that are designed to appear to originate from internal users, third-party service providers, or clients.
- Vishing: Phone – the telephone equivalent of phishing, vishing is an attempt to verbally steer your employees into surrendering sensitive information like passwords, or to execute malicious software that gives attackers remote control of their workstation.
Our experts work with you to identify appropriate scenarios to test your employees to prevent attackers from thwarting common phishing security controls. These services are available as individual engagements through phone (phishing) or email (vishing) testing, and are also included in our Red Team testing services.
- Stronger defense: we help educate employees to reduce your vulnerabilities
- Vigilant employees: we train your employees making them defenders too, reducing your risks
- Meet compliance: by changing employee behaviour you also meet compliance requirements