Improve employee cyber awareness with a targeted social engineering attack
Psychological manipulation of people into performing adverse actions or divulging confidential information is a common method used by criminals to compromise an organisation’s physical and cyber defences. Despite advancements in security technology, human behaviour continues to be a weak link.
Redscan’s social engineering service evaluates how your employees respond to social engineering attacks by mirroring real-world techniques such as phishing and vishing.
Understand how susceptible your employees are to social engineering attacks such as phishing, spear phishing, vishing and pretexting.
Identify data leaks
Gain visibility of the information that an attacker can gather about your organisation using intelligence readily available in the public domain.
Evaluate physical controls
Test whether physical security controls are able to identify and prevent unauthorised access to critical systems and access points.
Raise cyber awareness
Improve employee security awareness training through increased visibility of behavioural weaknesses.
Challenge your organisation’s cyber security controls, such as firewall rules, to ensure they are effective at identifying the latest social engineering attacks.
Phishing and spear phishing are two of the most common attack methods used by criminals to gain access to and advance within a network. By creating emails and web pages that imitate those of well-known individuals and organisations, fraudsters aim to trick users into clicking links or attachments that install dangerous keystroke logging malware, or entering personal information into fake websites.
Redscan's phishing-as-a-service tests your employee’s awareness of phishing email scams and can be combined with a full-scope red team operation to assess response to a mock cyber event.
Voice phishing is used by attackers to glean sensitive information over the telephone. Redscan's vishing-as-a-service test employees’ susceptibility to divulge important personal and business details that can be used to compromise your organisation’s cyber security.
Physical cyber security controls should be regularly tested to assess whether they are capable of monitoring and restricting access to critical systems and preventing data exfiltration and introduction of viruses.
By attempting to physically infiltrate your organisation’s business premises, Redscan’s social engineering service assesses resilience to physical intruders and rogue devices that could be used to siphon critical information.
Redscan’s approach to social engineering mirrors the tactics, techniques and procedures (TTPs) of criminal fraudsters, to raise employee education and help harden defences against the latest attack methods.
In-depth research and open-source intelligence gathering techniques seek to identify valuable company and personal information that can be used to improve the success of attacks.
Comprehensive planning to prepare the TTPs necessary to exploit identified individuals.
Execution of the plan by triggering the distribution of a phishing or vishing email campaign.
Reporting and debrief
Documentation of the findings of the simulated social engineering attack, with recommendations to improve technology and processes as well as employee education of cyber threats.
Under a black-box test, Redscan’s certified ethical hackers have no prior knowledge of your organisation’s environment. Reconnaissance is conducted to identify intelligence about employees and physical security controls.
This is a realistic attack simulation where custom attack techniques are developed to exploit identified attack vectors.
A white-box approach is used in instances where social engineering assessments are undertaken to target specific employees using pre-supplied information such as phone numbers, email addresses, and location. A white-box test can be used to best simulate insider threats.
What our customers say
"Our partnership with Redscan has been one of the most successful that we have ever undertaken"
IT Director, ICG
"Redscan gave us the professional service and quick turnaround that we needed to meet our tight deadlines."
IT Manager, WMBA
"We have been very impressed by the quality of Redscan’s engagement, communication and reporting. We will not hesitate to use them for any future testing requirements."
Information Security Officer, LDF
“We’ve established a successful partnership with Redscan – their market leading cyber security offering is strong and we’ve won some exciting projects together”
Services Director, avsnet
"If you want a solution where someone will look after you 24/7 and give you a very flexible, professional and agile service – you want Redscan"
Lead IT Infrastructure Architect, Pizza Hut
Assess your resilience to social engineering attacks
Please fill out the form below and we will get back to you as soon as possible