Contact Us

Contact Us

Please get in touch using the form below

Side Pop-out Form
reCAPTCHA
View our full Privacy Policy
Assess

Social Engineering

Improve employee cyber awareness with a simulated social engineering attack

Psychological manipulation is a common approach used by criminals to trick people into performing adverse actions and/or divulging confidential information. By creating emails and web pages that imitate those of known organisations and contacts, fraudsters aim to trick individuals into clicking dangerous links, opening malicious attachments, and sharing personal details.

Redscan’s Social Engineering services are designed to thoroughly assess the ability of your organisation’s systems and personnel to detect and respond to targeted email phishing attacks. By mirroring the tactics, techniques and procedures used by genuine adversaries, our range of tailored assessments help to test defences, identify potential data leaks, highlight weaknesses in human behaviour, and improve employee cyber awareness.

Key benefits
of our social engineering testing service

Identify risks posed

Understand how susceptible your employees are to falling foul of social engineering attacks.

Understand your digital footprint

Gain visibility of the information that an attacker could gather about your business from intelligence freely available in the public domain.

Challenge defences

Challenge your organisation’s cyber security controls, such as firewall rules, to ensure they are effective at identifying and blocking social engineering attacks.

Raise cyber awareness

Improve employee cyber security awareness by using a simulated social engineering attack to highlight good and bad practices.

Improve security training

Use the results of a simulated social engineering assessment to help develop an effective security awareness training programme.

Our phishing services

Phishing-as-a-service

Phishing is one of the most common attack vectors used by cybercriminals. By creating emails that imitate those of trusted individuals and organisations, fraudsters seek to lure users into clicking links or attachments that install keystroke logging malware, or divulge personal information such as passwords.

Redscan's phishing simulation service assesses your employee’s awareness of phishing email scams. A phishing test can be conducted as a standalone exercise or as part of a Red Team Operation designed to comprehensively measure threat detection and response capabilities.

Spear phishing-as-a-service

Spear phishing is a highly targeted phishing attack designed to compromise a specific individual, usually a system administrator or high authority individual. Redscan’s spear phishing service tests the susceptibility of an agreed target to reveal confidential information.

Business Email Compromise

A Business Email Compromise (BEC) is a type of phishing attack involving the impersonation of a senior executive. Its aim is to trick an employee, customer or vendor into wiring payment for goods or services to an alternate bank account.

Redscan’s social engineering service can be used to simulate a Business Email Compromise attack, and test awareness of other fraudulent practices such as mandate fraud and distribution fraud.

Social engineering penetration testing

Social engineering is an attack vector commonly used by Redscan’s Crest certified ethical hackers as part of a wider cyber security assessment. Learn more about our complimentary range of cyber security testing services.

Approach
to social engineering tests

Redscan’s approach to social engineering mirrors the latest tactics, techniques and procedures (TTPs) used by fraudsters. A typical anti-phishing assessment involves:

Reconnaissance

By using open-source intelligence gathering techniques (OSINT), our team of ethical hackers seek to identify valuable company and employee information that could be used to improve the success of the intended simulated social engineering assessment.

Mobilisation

Using all aggregated intelligence and their knowledge of the latest TTPs, our experts carefully prepare your phishing test to ensure that it is as authentic as possible and stands the best chance of achieving a pre-agreed objective.

Execution

We execute the phishing test and, if part of the scope of the assessment, spoof any compromised users in order to escalate network privileges and make fraudulent requests, such as those common in distribution fraud and BEC attacks.

Reporting and debrief

Upon completion of the social engineering operation, we document its results and provide recommendations to help address any identified risks and improve security awareness training programmes.

SC 2019 Awards
Computing Security Awards Winner
Request more information

Phishing test methodologies

Redscan’s social engineering services can be aligned to both black box and white box testing methods.

Black-box

Under a black box social engineering simulation, Redscan’s ethical hackers have no prior knowledge of your organisation’s environment. Reconnaissance is conducted to identify intelligence about employees and security controls in place.

White-box

A white box approach is used in instances where phishing testing targets specific employees using pre-supplied email addresses.

Frequently asked questions

What is social engineering?

Social engineering is one of the most common attack vectors used by cybercriminals to compromise organisations’ cyber security. The term describes the use of psychological manipulation as a means of tricking users into divulging sensitive information and/or performing actions, such as clicking links or opening malicious attachments.

What is phishing?

Phishing is a form of social engineering involving the large-scale dissemination of emails and other electronic communications in an attempt to lure users into revealing sensitive information such as account names, passwords and credit card details.

Why is phishing commonly used by hackers?

Users are often the weakest link in the security chain. Phishing enables criminals to harvest user credentials and payment card information en masse. The wide availability of phishing tools on the internet enables even less skilled individuals to launch attacks.

How can businesses prevent phishing attacks?

To defend against phishing attacks, organisations need suitable controls and processes in place to block, detect and respond to evolving attack vectors. Employee education, robust perimeter security, user management, email authentication and SIEM are just some of the things that could be used to help achieve effective phishing attack prevention.

What is anti-phishing?

Anti-phishing is a collective term used to describe the tools and services available to help organisations identify and prevent phishing attacks.

What is baiting?

In the context of social engineering, baiting is used by criminals to trick users into disclosing personal information, such as account credentials for services such as online banking and parcel delivery. Hackers will go to great lengths to spoof well-known companies and use fake offers, service updates and security alerts to fool as many recipients as possible.

Examples of successful social engineering attacks

  • In March 2018, Italian football club Lazio lost €2m after wiring a player transfer fee into a fraudster’s bank account.
  • Dublin Zoo was hit by a BEC Scam in 2017, reportedly leading to the loss of €500,000
  • MacEwan University in Canada lost $9.5m after staff failed to identify an online phishing scam
  • Attackers compromised the Point of Sale systems of fast food chain Chipotle in 2017, compromising customer payment card information
  • In April 2018, Redscan reported the rise of GDPR phishing scams

Reasons to choose Redscan

  • One of the highest accredited ethical hacking companies in the UK
  • A deep understanding of how hackers operate
  • Complete post-test care for effective risk remediation
  • In-depth threat analysis and advice you can trust
What our customers say
Learn more about our Social Engineering services
Please fill out the form below and we will get back to you as soon as possible
On Page Contact Form Without Download
Redscan would like to keep you informed about our services. Please tick the options below to receive occasional updates via
reCAPTCHA

You can unsubscribe at any time.
View our full Privacy Policy

Pen Testing Solution of The Year 2018
Cyber Security News

DOWNLOADS

Our company overview brochure

Our Assess services datasheet

Our Red Team white paper

A case study of a recent Red Team engagement

FURTHER INFORMATION

BLOG

Google’s annual ‘Year in search’ report offers fascinating insights into people’s online search behaviour. At Redscan, we’ve set about using Google Trends data to demonstrate how the cyber …

Case Study

King Edward VII's Hospital

A private hospital with royal patronage chose ThreatDetect™, Redscan’s Managed Detection and Response service, to protect patient data through proactive network and endpoint monitoring.

We use cookies for security, to optimise your browsing experience and anonymously analyse site traffic.
Accepting necessary cookies is required to provide you with a minimum level of service. Learn more