Social Engineering & Phishing Testing

Real-life phishing exercises

Psychological manipulation is a tactic commonly used by cybercriminals. By crafting emails and web pages that imitate those of known organisations and contacts, fraudsters aim to trick individuals into clicking dangerous links, opening malicious attachments, and disclosing personal details.

BLACKWEB’s social engineering services allow you to accurately assess the ability of your systems and personnel to detect and respond to email phishing attacks. Gain precise insight into the potential risks through customised ethical hacking assessments created for your organisation.

Benefits of social engineering testing

Identifies risks posed

Understand how susceptible your employees are to falling foul of social engineering scams, such as spear phishing and Business Email Compromise attacks.

 

Reveals your information footprint

Learn what an attacker could glean about your organisation and employees from information freely available in the public domain.

 

Evaluates defences

Challenge your organisation’s cyber security controls to ensure they are effective at identifying and blocking phishing attacks.

 

Raises cyber awareness

A simulated phishing assessment can be used to highlight good and bad security practices as well as highlighting areas for improvement.

 

Enhances security training

The results of a simulated social engineering assessment can be used to improve employee security awareness training programmes.

Our phishing services

Phishing-as-a-service

Phishing is one of the most common attack vectors used by cybercriminals. By creating emails that imitate those of trusted individuals and organisations, fraudsters seek to lure users into clicking malicious links and attachments or divulging sensitive information. A phishing simulation from BLACKWEB assesses your employees’ awareness of phishing email scams. A phishing test can be conducted as a standalone exercise or as part of  Team Operation.

Business Email Compromise

A Business Email Compromise (BEC) is a type of phishing scam involving the impersonation of a senior executive. The aim is to trick an employee, customer or supply chain partner into wiring payment for goods or services to an alternate bank account. Redscan’s social engineering service can be used to simulate a Business Email Compromise attack and test awareness of other fraudulent practices such as mandate fraud and distribution fraud.

Spear phishing-as-a-service

Spear phishing is a highly targeted phishing attack designed to compromise a specific individual, usually a system administrator or other high privilege user. Redscan’s spear phishing service tests the susceptibility of an agreed target to reveal confidential information.

Social engineering penetration testing

Social engineering is an attack vector that can be used as part of penetration testing assessments conducted by our team of CREST-certified ethical hackers.

Our social engineering approach

BLACKWEB’s approach to social engineering mirrors the latest tactics used by fraudsters. A typical phishing assessment involves:

1. Reconnaissance

2. Mobilisation

3. Execution

4. Evaluation

By using open-source intelligence gathering techniques (OSINT), our team of ethical hackers seek to identify valuable company and employee information that could be used to target your organisation and improve the success rate of a simulated social engineering assessment.

Leveraging their knowledge of the latest social engineering tactics, our experts carefully prepare your phishing test to ensure that it is as authentic as possible and stands the best chance of achieving its objectives.

We execute the phishing test and, if part of the scope of the assessment, spoof any compromised users in order to escalate network privileges and make fraudulent requests, such as those common in distribution fraud and BEC attacks.

Upon completion of the social engineering operation, we document its results and provide prioritised recommendations to help address any identified risks and improve security awareness training programmes.

How Much Will It Cost for Your Project?

We shape the final price based on the number of targets and the required testing methods. We will be pleased to provide an estimate for your project.