SOCIAL

Description

In a large proportion of successful cyber attacks, social engineering techniques are used. The targeted exploitation of human behavioral patterns and psychological mechanisms is often the most effective way for attackers to bypass security controls and gain initial access to corporate resources.

As part of targeted social engineering simulations, we realistically assess your organizational and human resilience. The objective is both to evaluate actual susceptibility to such attack scenarios and to strengthen security awareness within the workforce.

Depending on the objectives and requirements we can simulate a wide range of different attack scenarios.

Below you will find a selection of possible tests. Execution and evaluation are always conducted transparently, in compliance with data protection requirements, and with clearly defined objectives.

Phishing Campaign

The aim of this test is to realistically assess the entire workforce while raising awareness for social engineering risks.

In advance, we conduct a structured OSINT (Open Source Intelligence) analysis, evaluating publicly available information about the company, its structure, and communication patterns. Based on this, we develop a credible, tailored attack scenario.

We then send simulated phishing emails to defined target groups or the entire organization. As part of the evaluation, we analyze, among other things, how many recipients clicked embedded links, entered credentials, or properly reported the incident. This allows both susceptibility and the effectiveness of existing awareness and reporting processes to be objectively assessed.

Optionally, scenarios involving simulated malicious attachments can also be conducted to test the handling of potentially dangerous file formats.

Spear Phishing Campaign

In a spear phishing campaign, specific high-value individuals or groups, such as C-level exeutives or other leadership, are deliberately selected. Based on the OSINT analysis conducted, we develop individually tailored and realistic phishing scenarios for these targets.

Due to the deliberately small group of participants, this type of test does not provide a representative picture of the organization overall. However, it most authentically reflects the actual approach of professional attackers who specifically target decision-makers or individuals with elevated privileges.

A spear phishing simulation is therefore particularly suitable for sharpening risk awareness at the executive level, training the handling of sensitive requests, and reviewing existing protection mechanisms for privileged accounts.

Physical Social Engineering

As part of a physical social engineering test, we assess whether it is possible to gain unnoticed access to your business premises in a non-destructive way.

Among other things, we evaluate whether secured access areas are consistently protected. For example, we test whether unauthorized entry is possible through tailgating, which ist the following of authorized employees through a otherwise secured door. We also observe whether unknown individuals are actively approached or questioned.

Depending on the agreed scope, we additionally assess whether sensitive areas such as server rooms can be accessed in this manner.

The objective is to realistically evaluate the effectiveness of physical security measures and employee security awareness without causing damage or disrupting business operations.

---