Social Engineering

Humans are often the weakest link in an organization.  Our engineers are capable of performing detailed phishing, vishing, whaling, and other advanced social engineering attacks with an end goal of evaluating your company’s social engineering posture as well as gaining access to requested sensitive data, information, PII, and more as determined by the customer.

Humans are often the weakest link in an organization.  Our engineers are capable of performing detailed phishing, vishing, whaling, and other advanced social engineering attacks with an end goal of evaluating your company’s social engineering posture as well as gaining access to requested sensitive data, information, PII, and more as determined by the customer.

Our Methodology

All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.

Planning

Customer goals are gathered and rules of engagement obtained.

Discovery

Perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits.

Attack

Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.

i

Reporting

Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.

Thorough Testing

Activities performed during social engineering include, but are not limited to:

  • Email attacks (phishing)
  • High-profile targeted attacks (whaling)
  • Phone-based attacks (vishing)
  • Physical-based attacks
  • Targeted attacks (spear phishing)
  • Text message attacks (smishing)
  • Other attacks depending on specific customer content and footprint

Thorough Testing

Activities performed during social engineering include, but are not limited to:

  • Email attacks (phishing)
  • High-profile targeted attacks (whaling)
  • Phone-based attacks (vishing)
  • Physical-based attacks
  • Targeted attacks (spear phishing)
  • Text message attacks (smishing)
  • Other attacks depending on specific customer content and footprint

Thorough Testing

Activities performed during social engineering include, but are not limited to:

  • Email attacks (phishing)
  • High-profile targeted attacks (whaling)
  • Phone-based attacks (vishing)
  • Physical-based attacks
  • Targeted attacks (spear phishing)
  • Text message attacks (smishing)
  • Other attacks depending on specific customer content and footprint

Proudly Trusted By:

Sample Pentest Report

See The Results We Can Deliver To You. No Email Required.

See How We Can Secure Your Assets

Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.

 

tel: (877) 771-8911 | email: info@tcm-sec.com