Social Engineering

Engagements range from 1-3 weeks, depending on the number of campaigns, number of employees, and/or number of physical locations being targeted.

You can expect to pay no less than $14,500 for a social engineering attack with us.

We recommend you perform one annually at a minimum, though many organizations choose to have this done quarterly.

Keep in mind that your compliance initiative may require this assessment on an ongoing basis.

Our phishing attacks are customized for every engagement. First, we’ll look at the technologies and third parties your company works with and create convincing e-mails with a realistic and believable pretext. We will provide a few options you can choose from prior to the launch of the campaign.

It depends on what your goal is for the campaign. If you ask us to go after credentials, we’ll record any data submitted to the phishing login site. If you ask us to evaluate code execution, a small file or script will be run that will send back the username and machine name of the person who executed it.

There are 3 major things you should do: 

• Let your security team and executives know that a phishing campaign is happening. Everyone can know except the employees who are targeted.
• Ensure the e-mail will be allowed to reach internal inboxes.
• Verify the phishing site itself loads successfully past any web proxy.

Remember, the goal is to test how the employees will react when presented with a convincing phishing attack, not the effectiveness of the technical controls in place.