CoNetrix Security social engineering tests (aka security awareness testing) are designed to test the 'human element' of network security. The primary goal is to determine the effectiveness of security awareness training by evaluating employee behavior and response to common social engineering techniques.
The two methods we use for social engineering include phishing emails and phone calls.
Phishing attacks are performed by sending email designed to entice users into browsing to malicious websites, downloading malicious software and/or disclosing confidential information. Our social engineering email tests are designed to simulate real-world phishing attacks.
Phishing campaigns can be tailored to mimic several common attacks, including:
Pre-text calls are phone calls designed to entice users into browsing to malicious websites, downloading malicious software and/or disclosing confidential information. Like our phishing emails tests, social engineering phone call engagements are designed to simulate real-world attacks.
Social engineering call campaigns can include persuading employees to:
Safely test your employees to know where to emphasize security training.
Our tests offer human perspective, observation, and experience to help understand vulnerabilities.
Readable Reports with Free Findings Management Software
Easy-to-read reports present findings sorted by associated risk. Our clients are provided with a complimentary subscription to Tandem Security and Compliance Software® Audit Management Lite. Findings are populated in the software, facilitating the formal response process to any exceptions.
CoNetrix Security can perform an individual Social Engineering Test, or it can be included as an add-on to an External Penetration Test. Don't see what you need? Ask your account manager about packaging options to get the right testing engagement, frequency, and coverage for your company.