Social Engineering & Phishing

Social Engineering Services

Social Engineering is an effective, non-technical means for an attacker to infiltrate the organization and secure a foothold by exploiting the “good nature” of human personality. As an example, one common route for social engineering involves an individual contacting a help desk claiming to be someone they aren’t. As a result of the help desk staffer wanting to help the individual on the phone, they either disclose information they shouldn’t have disclosed or give unauthorized access to someone they shouldn’t have.

Our Experts are Waiting!

Contact us to learn more about our social engineering services and how we can help your organization.

To kickstart a social engineering assessment, CynergisTek utilizes client-supplied information to quickly determine the most likely areas for social engineering success. With this information gathered, we proceed with the engagement as follows:

Information Review

Request and review the policies, support information, and processes of the target within the organization

Vector Identification

Identify potential attack vectors, either provided by the customer or identified during the data gathering and review phase

Attack Execution

Construct an attack around those specific attack vectors and provide a window of time that the attacks will be run (communicated only to the key stakeholders)

Communication Plan Development

Construct a limited communication plan that details the measures to manage any support or incidents that may arise during the orchestrated attacks

Phishing Assessments

What Our Clients Say

CynergisTek’s social engineering and phishing service was an excellent training tool for our organization. A third-party assessment of how our policies and procedures would stack up against a real threat was eye-opening and provided us with valuable information we can leverage to continue to enhance our security posture.

Joe Egan, Director of Information Security, Valley Children's Hospital

As a trusted partner for the past decade, CynergisTek provides periodic evaluations of our systems and expert advice to keep us on pace with evolving security threats and priorities, like cybersecurity. The assessment was invaluable in terms of gleaning solid metrics regarding our personnel and raising awareness of pertinent threats. Now, we are better equipped to identify, respond and better educate our workforce to a phishing campaign targeting our organization.

Larry G. Pierce, Manager of Information Security and Enterprise Management, Atlantic Health System

Related Resources

Cybersecurity Services

How to Prepare for Phishing Attacks

The Top 20 Security Vulnerabilities Healthcare Organizations Should Address

Don't Get Hooked by a Phish