Social Engineering
Services

We model activities of real-world
attackers by manipulating employees
into giving up confidential information.

social engineering services

Cyber Security Services / Social Engineering

Our Social Engineering Assessment Services

Reduce your attack surface and improve your security ROI

Basic phishing campaign

Basic Phishing

Pre-made phishing email template/slightly modify to match client as necessary.

LEARN MORE

Intermediate phishing campaign

Intermediate Phishing

PurpleSec designs custom phishing email templates and campaigns with client input.

LEARN MORE

Advanced phishing campaign

Advanced Phishing

PurpleSec designs custom phishing email templates and deploys dedicated infrastructure to clients.

LEARN MORE

Why Is Social Engineering Such A Successful Form Of Cyber Attack?

 

Social engineering is involved in over 98% of all cyber attacks. One answer for its growing popularity is that social engineering is easier and less expensive for threat actors.

 

Instead of developing or purchasing a zero day exploit threat actors simply trick a company’s employees into providing credentials. This is why social engineering attacks are so successful and a crowd favorite as it doesn’t require nearly as much effort or technical skillset to penetrate into an environment.

 

Ultimately, social engineering attacks work because they prey on human vulnerabilities including…

WHY PURPLESEC?

Authority

People will tend to obey authority figures, even if they’re asked by those figures to perform objectionable acts.

Social Proof

People will do things they see others do and bad guys use this to their advantage.

Scarcity

Perceived scarcity will generate demand. For example, by saying offers are available for a “limited time only,” retailers encourage sales.

Consistency

If people commit to an idea or goal they are more likely to honor that commitment because it’s now congruent with their self-image.

Reciprocity

People tend to return a favor, hence the pervasiveness of free samples in marketing.

Likability

People are easily persuaded by others that they like.

How It Works With PurpleSec

End to end solution to test employee’s security awareness

consultation call

We begin every engagement with a friendly chat to better understand your company’s cyber security goals.

phishing campaigns

A security engineer and project manager will be assigned to assist in crafting phishing campaigns.

phishing vs whaling attacks

Carry out social engineering testing via email phishing, spear phishing, and vishing scenarios.

penetration testing report

Recommendations are collected into an executive report including steps toward remediation.

Basic phishing campaign

Basic Phishing Campaign

PurpleSec will design custom phishing email templates with the client’s input. The campaign landing page can attempt to solicit further actions such as downloading a file or providing login credentials.

 

Starting At: $1,500

Intermediate phishing campaign

Intermediate Phishing Campaign

We use a pre-made phishing email template and modify it to match client requirements. The campaign’s landing page is a redirect to a customer specified URL or a basic page containing phishing education material provided by PurpleSec.

 

Starting At: $4,000

Advanced phishing campaign

Advanced Phishing Campaign

Advanced campaigns include all deliverables from the “Intermediate” + Open-Source Intelligence (OSINT) to develop a social engineering exercise with client’s input. The goal is to assess the aggregated threat surface of the client’s staff and internet presence beyond the technical and physical controls.

 

Starting At: $6,000

Project Deliverables

 

Analysis and reporting delivered by an offensive security certified professional

Download sample report

Basic Campaigns

 

The basic phishing campaign uses a pre-created phishing template modified to suit customer needs. A single email will be delivered to target users.

Intermediate Campaigns

 

Custom email templates and social engineering scenarios with a final report on clicks/opens of phishing emails.

Advanced Campaigns

 

This option will expose this risk and keep clear documentation of why each risk matters to the business’s security, brand, and bottom line. PurpleSec will utilize Credential Theft as a means of collecting employee login information.

 

PurpleSec will employ analysts to utilize the same techniques that malicious actors use every day. Activities here include using impostor accounts and credentials, assessment of IT and other support systems, and public information leaks.

Purple particle divider

Security Awareness Training Services

 

Security awareness training educates end-users on the most common practices of social engineering attacks. Employees are provided with self-guided module based instructions on how to prevent an attack.

 

Security awareness, in conjunction with phishing campaigns, is the best way to validate human security controls.

 

Starting At: $6,000

What Is Security Awareness Training

managed it security services - purplesec

Managed Security

Learn More >

penetration testing services - purplesec

Penetration Testing

Learn More >

vulnerability patch management services - purplesec

Vulnerability Mgmt

Learn More >

security gap assessment services - purplesec

Risk Assessment

Learn More >