top of page

Social Engineering 

According to the IC3, $1.2 Billion was lost in 2018 from email account compromise.

Spear-Phishing Assessment

Our team will simulate an advanced attacker and conduct Open Source Intelligence (OSINT) collection on a set of employees and carefully develop a scenario around them. These campaigns can be email or phone-based with the primary objective of remote code execution on an employee workstation.

Typical findings:

  • Employees are susceptible to executing malicious commands from an attacker impersonating corporate IT

  • Payroll/HR divulges Personally Identifiable Information (PII) of targeted employees over the phone or through email

  • IT Help Desk will bypass policy to reset employee passwords

  • Automated Phone Directories allow an attacker to contact specific employees for compromise


Metrics-Driven Assessment

A unique scenario will be developed that matches your corporate environment and used to target a large group of employees. Detailed metrics derived from the results will determine where your current training program is working and how it can be improved.

Typical Findings:

  • Security controls fail to detect domain impersonation

  • Employees accept malicious 2FA push once credentials are compromised

  • Current training program does not account for latest phishing techniques

bottom of page