Social Engineering Audits

Social engineering presents a real risk for all businesses. It consists of manipulating people to obtain sensitive information or to make them do things that could lead to a security incident.

Almost 25 % of clicks on phishing e-mails occur within 5 minutes of receiving the message*         

During a social engineering audit, we simulate realistic scenarios of attacks, using the same methods as the attackers: phishing, malware, telephone attacks, impersonation, etc.

The social engineering audit assesses the reflexes of your workforce. The aim is to be able to implement appropriate changes in procedures and behaviours.

Our expertise

We develop tests specific to your context and your risks, by approaching your business from the point of view of an attacker.

Scenarios can be common to all your workforce, or they may target specific teams (finance, sales, I.T., etc.)

We can conduct audits in black box or grey box mode, and we can include educational content for your employees.

Attack techniques

Social engineering exploits the workings of human behaviour without the targeted people realizing they have been manipulated.

The scope of social engineering techniques is wide: phishing, spear phishing, phone attacks, dumpster diving, depositing devices such as USB sticks, physical intrusion, pretence and imposture, manipulation and persuasion, etc.

Are you concerned with social engineering?

95% of web attacks involve social engineering.*

A strong trend of e-mail attacks is to create a false e-mail exchange history : this increased by 50% compared to the previous year, reaching 11% of all e-mail fraud attempts at the end of 2017.

False invoices/bills are the primary pretext for sending malwares by e-mail.*

The 5 stages of our intervention

Risk analysis and identification of the elements to be protected

Reconnaissance & gathering information

Creation of customized scenarios

Execution of attack scenarios

Audit report with suggested remedial measures