Social Engineering Assessment (SEA)

The Social Engineering Assessment (SEA) includes the following:

Use of a variety of social engineering techniques to convince employees and staff to divulge sensitive information
Utilization of phone and email correspondence
Tests of awareness of security concerns and threats and compliance with corporate disclosure and incident handling procedures

Our social engineering exercise is an attempt to establish false confidence with employees at the company to manipulate them into unwittingly divulging sensitive information, such as account information or other information that could be used to compromise security. In performing this exercise we use a combination of techniques, including pretexting, phishing and baiting.

Social engineering tests an organization's awareness of security threats and compliance requirements concerning disclosure of information and incident handling policies and procedures. The results of the test are catalogued in a comprehensive report.

This exercise serves a number of purposes beyond assessing the organization's susceptibility to social engineering:

It also raises overall user awareness to these types of threats. As internal dialogue spreads about attempted social engineering attacks, other users become more cautious regarding inbound communications and requests.
The report itself can be used for training purposes.

Furthermore, clients may seek to engage Illumant for personnel training following the social engineering exercise, as well as subsequent re-testing.

To request a quote or more information, click here.

Return to security assessment overview