This website uses cookies

To provide the highest level of service we use cookies on this site.
Your continued use of the site means that you agree to their use in accordance with our terms and conditions.




Social Engineering attacks simulate various phishing and vishing attacks to test the human element of the security.

Testing the human element of security, Social Engineering services simulate various phishing and vishing attacks. This provides a thorough understanding of employees' awareness levels and the effectiveness of detection and countermeasures to social engineering attacks, allowing us to devise a customized report and training plan that elevates the security awareness of the entire company.

Key focus areas include:



The Phishing Test examines the employees' resilience to email-based attacks, where they are enticed to click on a URL or open a "malicious" attachment. Following initial Open-Source Intelligence (OSINT) investigations to tailor the attack, our auditors simulate a typical email interaction with the inclusion of seemingly harmless URL links or attachments. Depending on the pre-agreed scenario, these emails may lead to a custom-made website or contain an attachment disguised as an executable file to relay workstation data. Our team customizes each test scenario with dedicated internet domains, necessary infrastructure, and software. The resulting report outlines the assumptions, implemented scenarios, and comprehensive statistics reflecting the scope of the campaign.


Spear phishing

The Spear Phishing Test is a refined form of phishing, focused on targeted social engineering exploits that aim to identify gaps in your company's security policy. Unlike traditional phishing tests, spear phishing attacks are tailored to specific individuals or a small group, making them more credible and therefore more challenging. These tests help verify employees' behaviour against realistic threats and improve their threat recognition abilities. The test report provides a detailed account of the assumptions, implemented scenarios, and pertinent statistics relevant to the campaign.



Vishing, or voice phishing, involves phone-based social engineering attacks designed to trick employees into divulging confidential information or performing actions that could compromise security. During the test, our auditors impersonate specific roles to gain the trust of the target and persuade them to take certain actions, such as executing a command or sharing sensitive data. The final report details the assumptions, scenarios implemented, and the results, giving you insights into the areas requiring attention and improvement.


On-site test

The purpose of on-site testing is to defeat physical security measures such as the building's reception desk or security using social engineering techniques. First, a reconnaissance of the location where the test is to take place is performed, then an attempt is made to enter the established location and perform certain actions. The entire social engineering attack is documented with photos taken during the attack. Prior to the start of the work, a detailed plan will be established in case the auditors are detected during an attempt to physically push through the security (e.g., unauthorized passage through the security gate).



What is social engineering?

Social engineering refers to the psychological manipulation of individuals into performing actions or divulging confidential information. It is a type of human-based threat often used to trick users into making security mistakes or giving away sensitive information.


How can social engineering assessments help improve our company's security?


What is the pricing for a social engineering assessment?


What types of social engineering attacks can your assessment simulate?


How can we use the results of a social engineering assessment?

Any questions?

Happy to get a call or email
and help!

Terms and conditions
© 2023 Securitum. All rights reserved.