Social Engineering Testing Services

Go Beyond Basic Phishing To Discover Your True Risk

Our Social Engineering Testing Services

We model activities of real-world attackers by manipulating employees into giving up confidential information.

Basic Phishing

PurpleSec will design custom phishing email templates with the client’s input. The campaign landing page can attempt to solicit further actions such as downloading a file or providing login credentials.

Intermediate Phishing

We use a pre-made phishing email template and modify it to match client requirements. The campaign’s landing page is a redirect to a customer specified URL or a basic page containing phishing education material provided by PurpleSec.

Advanced Phishing

Advanced campaigns include deliverables from “Intermediate” + Open-Source Intelligence to develop a social engineering exercise with client’s input. The goal is to assess the aggregated threat surface of employees and internet presence beyond the technical and physical controls.

Why Is Social Engineering Such A Successful Form Of Cyber Attack?

Social engineering is involved in over 98% of all cyber attacks. One answer for its growing popularity is that social engineering is easier and less expensive for threat actors.

Instead of developing or purchasing a zero day exploit threat actors simply trick a company’s employees into providing credentials. This is why social engineering attacks are so effective and a crowd favorite as it doesn’t require nearly as much effort or technical skillset to penetrate into an environment.

Ultimately, social engineering attacks work because they prey on human vulnerabilities.

Authority

People will tend to obey authority figures, even if they’re asked by those figures to perform objectionable acts.

Social Proof

People will do things they see others do and bad guys use this to their advantage.

Scarcity

Perceived scarcity will generate demand. For example, by saying offers are available for a “limited time only,” retailers encourage sales.

Consistency

If people commit to an idea or goal they are more likely to honor that commitment because it’s now congruent with self-image.

Reciprocity

People tend to return a favor, hence the pervasiveness of free samples in marketing.

Likability

People are easily persuaded by others that they like.

How Our Social Engineering Testing Services Work

End to end solution to test employee’s security awareness.

Small server icon

We begin every engagement understanding your company’s cybersecurity goals.

Skull and bones in a yellow triangle icon

A security engineer will be assigned to assist in crafting phishing campaigns.

Carry out social engineering testing via email phishing, spear phishing, and vishing scenarios.

Document with checkmarks icon

Recommendations are collected into an executive report including steps toward remediation.

We partnered with PurpleSec to test various functions in our Finance department via vishing and phishing. We couldn’t be happier with the results! We were able to meet our compliance requirements while gaining a clear picture of our risk.

– Christie N., CISO

Global Private Equity Firm

End-To-End Project Management

Get actionable results within 4 weeks of a signed contract and immediate insights on critical vulnerabilities.

Penetration testing project management

Social Engineering Testing Deliverables

Analysis and reporting delivered by an offensive security certified professional.

Basic Campaigns

The basic phishing campaign uses a pre-created phishing template modified to suit customer needs. A single email will be delivered to target users.

Intermediate Campaigns

Custom email templates and social engineering scenarios with a final report on clicks/opens of phishing emails.

Advanced Campaigns

This option will expose this risk and keep clear documentation of why each risk matters to the business’s security, brand, and bottom line. PurpleSec will utilize Credential Theft as a means of collecting employee login information.

PurpleSec will employ analysts to utilize the same techniques that malicious actors use every day. Activities here include using impostor accounts and credentials, assessment of IT and other support systems, and public information leaks.

Why Choose PurpleSec's Social Engineering Testing Services?

At PurpleSec, our offensive security experts will establish a framework to proactively identify and classify vulnerabilities.

This approach ensures that we prioritize work on the areas of greatest risk by identifying the strengths and weaknesses of your penetration testing program; thereby maximizing the ROI of your security initiatives.

Business professional in front of a computer with multiple monitors

Our Services Work Better Together

Ready To Get Secure?

Reach Your Security Goals With Affordable Solutions Built For Small Business