We model activities of real-world
attackers by manipulating employees
into giving up confidential information.
Social engineering is involved in over 98% of all cyber attacks. One answer for its growing popularity is that social engineering is easier and less expensive for threat actors.
Instead of developing or purchasing a zero day exploit threat actors simply trick a company’s employees into providing credentials. This is why social engineering attacks are so successful and a crowd favorite as it doesn’t require nearly as much effort or technical skillset to penetrate into an environment.
Ultimately, social engineering attacks work because they prey on human vulnerabilities including…
End to end solution to test employee’s security awareness
PurpleSec will design custom phishing email templates with the client’s input. The campaign landing page can attempt to solicit further actions such as downloading a file or providing login credentials.
Starting At: $1,500
We use a pre-made phishing email template and modify it to match client requirements. The campaign’s landing page is a redirect to a customer specified URL or a basic page containing phishing education material provided by PurpleSec.
Starting At: $4,000
Advanced campaigns include all deliverables from the “Intermediate” + Open-Source Intelligence (OSINT) to develop a social engineering exercise with client’s input. The goal is to assess the aggregated threat surface of the client’s staff and internet presence beyond the technical and physical controls.
Starting At: $6,000
Analysis and reporting delivered by an offensive security certified professional
Security awareness training educates end-users on the most common practices of social engineering attacks. Employees are provided with self-guided module based instructions on how to prevent an attack.
Security awareness, in conjunction with phishing campaigns, is the best way to validate human security controls.
Starting At: $6,000