Social Engineering
Social Engineering & Phishing Assessments
Social Engineering Social Engineering & Phishing Assessments People are often the most targeted part of any organisation. Our social engineering assessments measure how your staff and processes stand up to phishing and human-factor attacks, giving you a realistic picture of your resilience and where awareness training will have the most impact.
Overview
What is social engineering testing?
Social engineering testing simulates the manipulation techniques real attackers use to trick people into revealing information or taking unsafe actions — most commonly through phishing emails, but also by phone, text and in person.
By safely and ethically testing your people and processes, we help you understand your true exposure to human-factor attacks and target awareness training where it matters most.
What you'll receive
- ✓Scoping: agreed pretexts, target groups and rules of engagement with your stakeholders
- ✓Campaign delivery: phishing and human-factor attack simulations run safely in production
- ✓Executive report: engagement statistics and organisational risk summary for leadership
- ✓Technical report: click, credential and reporting rates broken down by campaign and department
- ✓Awareness guidance: practical recommendations for training and technical controls
- ✓Debrief: a session to walk your team through results and next steps
Why It Matters
The value of regular security reviews
Evaluate your controls
Regular security reviews enable organisations to comprehensively evaluate their security measures, including the effectiveness of controls, configurations, and policies.
Strengthen your posture
Identifying weaknesses allows organisations to strengthen their security posture and better protect their assets and data against evolving threats.
Meet compliance
Regular security assessments are essential for compliance with industry regulations and data protection laws, demonstrating your commitment to a secure environment.
High-Level Methodology
Our social engineering approach
Planning & Objectives
We agree clear objectives, target groups and rules of engagement — defining what is in scope and the safeguards that keep the exercise ethical and non-disruptive.
Reconnaissance (OSINT)
Using open-source intelligence, we build a realistic picture of your organisation and people — the same publicly available information a genuine attacker would gather.
Pretext Design
We craft believable scenarios and lures tailored to your organisation, designed to test specific behaviours while remaining safe and within the agreed scope.
Campaign Delivery
We run the agreed phishing, vishing or pretext campaigns and safely record engagement — who clicked, who reported, and where processes broke down — without causing real harm.
Analysis & Reporting
We report engagement rates and key findings alongside practical, prioritised recommendations — focusing on awareness training and process improvements rather than blaming individuals.
FAQ
Frequently asked questions
Is social engineering testing safe for our staff?
Yes. Our assessments are conducted ethically and to agreed rules of engagement. The aim is to measure resilience and improve awareness constructively — findings are reported without singling out or penalising individuals.
How much does a social engineering assessment cost?
Cost depends on the type of campaigns (phishing, vishing, pretexting), the number of targets and the level of tailoring required. Contact us for a customised quote.
What information is required to scope a test?
To accurately scope a penetration test, we typically need information about your network range (IP addresses), domain names, key systems and applications, and any specific security concerns you have.
How often should we run phishing simulations?
Many organisations run simulations regularly — for example quarterly — to track improvement over time and keep awareness high. We can advise on a cadence that suits your risk profile and training programme.
What are the most common issues you find?
Recurring findings include staff disclosing credentials to phishing, weak reporting of suspicious messages, help-desk processes that can be manipulated, over-sharing of information online, and gaps in security-awareness training.
Test your human firewall
Get a fast, transparent quote for your social engineering assessment, or talk to a consultant about scoping the right engagement.