Assessment
DEFINITION
What is social engineering
Social engineering is a technique used to manipulate individuals into divulging confidential information, granting unauthorised access, or performing actions that compromise security. Unlike traditional cyber attacks that exploit technical vulnerabilities, social engineering targets human behaviour and trust to achieve the attacker’s objectives.
Social engineering can take both digital and physical forms. Common types include:
-
- Phishing: The use of fraudulent emails, messages, or websites that appear legitimate, tricking recipients into revealing personal data such as login credentials or financial information.
- Vishing (Voice Phishing): A scam conducted over the phone. Attackers pose as trustworthy individuals or representatives of known organisations to deceive victims into giving away sensitive information.
- Physical Social Engineering: This involves the direct, in-person manipulation of individuals or physical security measures. Examples include impersonating maintenance staff to access secure buildings, stealing security badges, or rummaging through physical documents to gather confidential information.
Social engineering poses a serious threat because it preys upon human nature — such as curiosity, trust, fear, or sympathy — rather than relying on technical flaws.
benefits
Why should you do it

Human Error Is Often the Weakest Link
While organisations invest heavily in firewalls, antivirus software, and other technical defences, social engineering attacks bypass these by targeting people directly. It’s often easier for an attacker to trick a person than to hack a computer system.

Attacks Are Becoming More Sophisticated
Modern social engineering techniques—such as spear phishing, pretexting, and deep fake voice calls—are increasingly refined and convincing. Without proper awareness, anyone can fall victim, from entry-level staff to senior executives.

Real-World Consequences
Social engineering has been implicated in many high-profile cyber attacks around the world, including major data leaks and ransomware attacks. Being informed can prevent similar outcomes in your own organisation.

Awareness Empowers Everyone
You should learn about and defend against social engineering because it’s one of the most common and dangerous forms of attack. It targets human behaviour—something no firewall can fix. Awareness, vigilance, and education are your best defences.
methodology
Our approach
Our social engineering services simulate realistic, targeted attacks to test how well your organisation can withstand common tactics used by malicious hackers. Using advanced phishing, vishing, media baiting, impersonation, and even physical intrusion techniques, our expert team mirrors real-world methods to identify gaps in your human defences.
We conduct detailed reconnaissance to replicate authentic threat scenarios, and all captured credentials are documented as proof of success. Each engagement includes a clear, easy-to-understand report highlighting vulnerabilities and areas for improvement.
The engagement begins with a detailed scoping phase, where we work closely with your team to define objectives, identify key targets, and determine the types of social engineering techniques to be used (e.g. phishing, vishing, impersonation, physical entry). This ensures the test is tailored to your organisation’s specific operational and risk context.
During this intelligence-gathering phase, our specialist testers conduct thorough reconnaissance using both publicly available information and sources typically exploited by malicious actors. This may include open-source intelligence (OSINT), social media profiling, domain research, and more, to build realistic and highly targeted scenarios.
In this phase, our expert social engineers launch carefully planned attack simulations, which may include:
- Advanced phishing and vishing campaigns
- USB/media baiting
- Impersonation and unauthorised physical access attempts
These campaigns are designed to test awareness, response protocols, and the security culture within your organisation.
All findings are documented in a clear and comprehensive report. This includes:
- An executive summary for leadership and stakeholders
- A detailed technical breakdown of methods used and success rates
- A list of compromised credentials or data (if applicable)
- Recommendations for mitigation and improvement
FAQ
Further Information