Social Engineering
Safe, controlled phishing and human-layer testing that measures real exposure.
What this engagement covers
People are the most targeted part of any organization. We run controlled social engineering campaigns — phishing and related techniques — to measure how your team responds, then help you turn the results into practical awareness improvements. Every campaign is agreed in advance and handled carefully.
Scope of work
- Targeted phishing campaigns tailored to your organization
- Credential-harvesting and payload simulations (as scoped)
- Optional pretext calling and other human-layer vectors
- Click, submit and report-rate measurement
- Careful handling — no naming and shaming of individuals
A straightforward, repeatable process.
Scope & rules of engagement
We agree targets, timing, depth and constraints in writing before anything starts — so testing is safe, authorized and focused on what matters to you.
Manual testing
Certified testers work by hand — following recognised methodologies like OWASP and PTES, not just automated scanners — chaining findings the way a real attacker would to prove genuine impact.
Reporting
You get a prioritized report with clear proof-of-concept, business impact and step-by-step remediation your engineers can act on immediately.
Retest
After you fix, we re-test the findings to confirm they are resolved and issue an updated report you can share with customers or auditors.
Outcomes & deliverables
- Clear metrics on how your team responded
- Insight into which lures and pretexts worked
- Practical, prioritized awareness recommendations
- A baseline to measure future campaigns against
Common questions
Is this safe for our staff?
Yes. Campaigns are agreed with you in advance, scoped carefully, and reported in aggregate — the goal is to improve resilience, never to single people out.
Can you help us improve afterwards?
Absolutely. The value is in what happens next — we translate the results into focused, practical awareness guidance for your team.