Social engineering assessments

A social engineering assessment can be used to direct your security training, create data handling guidelines, and security policies.

Staff can be vulnerable

Staff within your company can often be a vulnerable point within the system, whether they are users, system administrators, or technical security professionals. Claranet Cyber Security provides full social engineering attacks to establish whether we can get users to provide sensitive information. Our approach includes much more than simple phishing attacks. We also utilise "smishing" (sms phishing) and "vishing" (voice phishing) tools and information. Gaining access into the physical building, baiting individuals, and watering hole attacks are some of the other methods we use.

What next

A social engineering assessment from Claranet Cyber Security allows you to see how susceptible your staff might be when presented with an attempt by an attacker to trick them. The result of a social engineering assessment can be used to direct training, create data handling guidelines, and to help formulate your security policies.

How we go about it

Scoping and planning

Our security consultants will work with you to select the right activities and prepare the business for the engagement.
Information gathering

Each activity has its own unique information requirements. For example, a phishing campaign needs email addresses, a calling operation needs a phone list. We use this to build an attack plan.
Develop the relationship

Social engineering attacks work because they are effective in gaining trust. Each approach aims to build rapport with the target to make them susceptible to exploitation.
Exploit the target and execute

Having gained the trust of the target, the social engineer will aim to influence the target to perform an action, resulting in the execution of the exploitation.
Reporting and follow-up

Full reporting follows each exercise. Analysis will highlight trends in the way the targets responded and we provide a range of follow-up services to help with the mitigation of the discovered risks.

Typical social engineering engagements

Physical entry

Attempting to gain unauthorised access to buildings

Phishing campaigns

Phishing and spear phishing techniques to trick users via email

Baiting

Tempting users into disruptive actions that threaten security

Impersonating

Impersonating members of staff to obtain information or access

Watering hole attacks

Used to target members of a particular group

Dumpster diving

Your rubbish may lead to direct network compromise or provide leverage

Frequently Asked Questions

What is social engineering?

Social engineering includes all attacks that aim to manipulate human behaviour to gain leverage or knowledge about a target.
Is social engineering just about phishing attacks?

Attacks can be as simple as an indiscriminate phishing campaign or they can be highly complex multi-layered attacks harnessing both digital and physical techniques.
Why social engineering assessments?

Social engineering assessments can help you to quickly identify where areas of vulnerability exist and direct where efforts should be focused to mitigate risks.

From a hacker's perspective, every area represents an opportunity to attack

Our consultancy and advice, will give you context, so you can make effective decisions regarding the security of your infrastructure.

Get a free, no obligation quote

Submit this form or call

01223 653 193

What happens after you fill in this form

Scope

An experienced security consultant will explore your needs and agree the scope of work. You may have a clear idea of this already or we can use our extensive experience to help you find the right scope

Quote

Once your scope is complete we will size your requirements and provide a competitive quote, assign appropriate resources and agree a date for the work

Test

During the testing, our consultants will be on-hand to directly discuss any issues and update you on progress. Any high priority findings will flagged to you daily

Report

At the end of the testing we provide a detailed report of issues based on priority, which is assessed on the potential for business impact. These clear, detailed reports allow you to prioritise actions to improve your security, and we can join you on a call to walk through your findings

Our accreditations