Social engineering involves an attacker posing as a trusted agent in order to gain access to sensitive company information. This can be done through email, over the phone, or even in person. The goal of a social engineer is to gain the trust of you or one of your employees, and then get them to reveal sensitive information, or give access to critical areas of your network or facility. Employees are considered to be the most vulnerable part of your information security, so you have to be prepared for attackers to take advantage.

A Constant Battle

Fighting against social engineering is a constant battle. Attackers find methods that work, we train our employees to recognize them, the attacks stop working, and then they pivot to something new. In order to stay on top of the latest threats, your employee testing, training, and awareness programs have to follow suit. TraceSecurity offers both onsite and remote social engineering engagements to test your employees against the various attacks coming their way on a daily basis.

Onsite Social Engineering

Attackers show up at your location and impersonate a trusted agent in order to gain physical access to your facilities and, hopefully, sensitive company information. The social engineer may pose as a trusted vendor, a research company, or tailgate an employee through a secured entrance. No matter what cover story they choose, it's all about confidence. With a quick Google or LinkedIn search, they can even learn the executives at your company to name drop and seem more legitimate.

  • Trusted Agent

    Trusted Agent

    Posing as someone from pest control, a fire marshal, maintenance, etc. performing an unscheduled visit

  • Private Research Orgs

    Private Research Orgs

    Posing as someone who works with a government agency to perform "research" on your company

  • Tailgating


    Posing as a fellow employee to get a colleague to hold open a secured door or employees-only entrance

Remote Social Engineering

Attackers can sit at home, thousands of miles away, and perform remote social engineering attacks against your organization. Employee contact information is generally freely available on the internet, and can be easily collected en masse. Armed with this information, social engineers can send emails (phishing), perform phone calls (vishing), or even send text messages (smishing) to your employees without ever leaving their couch. Remote social engineering is considered to be the most common attack method because of the sheer volume targeted all at once.

Let's connect!

Contact Us