Skip to main content
Social Engineering Attack

A social engineering attack is a method that bad actors use to leverage the "people" vulnerabilities within an organization. Social engineering can involve email phishing, spear phishing, vishing, smishing, tailgating, pretexting, and physical access.

Types of Social Engineering Attacks

  • Email phishing is done to get someone to either provide information via email, perform an action (such as send money) or click on a link, or download malware from an email. 
  • Spear phishing is a targeted phishing attack where a specific email is sent containing detailed information obtained via phishing or publicly available information. An example of spear phishing would be an attacker pretending to be the CEO of an organization requesting to have money wired to a fake account, usually communicated with a strong sense of importance or urgency.
  • Telephone phishing, also known as vishing, is similar to email phishing but done over the phone to gain information that can exploit via phone call. Vishing attackers call pretending to be clients, the IRS, or other authority figures to obtain personal information from a person such as credentials, client information, or additional confidential company information.
  • SMS phishing, also known as smishing, is a form of phishing done via text message to gain exploitable knowledge. Attackers send text messages to get individuals to provide confidential information by masking as a reputable company.
  • Tailgating, commonly known as piggybacking, is a form of social engineering where the attacker follows authorized employees through physical access points that they would not otherwise be allowed.
  • Pretexting is a social engineering tactic where an attacker presents themselves as an authority figure to obtain private information or access. Pretexting can be done across various platforms, including emails, text messages, and telephone calls.
  • Physical access occurs where social engineers seek access to a physical location to obtain confidential information or secure access areas to get computer access or do other malicious things.

Training your employees is one of the most cost-conscious and cost-effective security solutions to reducing risk. Not only should employees know how to identify social engineering attacks, but they should also know what steps to take if they do suspect one. Hiring an outside organization to perform simulated phishing campaigns or social engineering engagements is a great way to test how prepared your organization is in the event of a real social engineering attack.

Get a Customized Proposal

Use our Scoping Questionnaire to provide us with the necessary information to put together a proposal for you. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
If you're interested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity For Penetration Testing.

If you have any questions, contact us at (952) 836-2770 or schedule a meeting. We will follow up promptly once we receive your responses. We look forward to speaking with you soon.

Having trouble viewing the Scoping Questionnaire? Check to see if an ad-blocker is keeping the page from loading properly.

Dedicated Client Portal

Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.

Certified Security Experts

Our trusted security professionals hold certifications from the leading industry organizations, including OSCP, CASS, CPT, CISSP and more.

Research-Focused Approach

We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

Free Remediation Testing

Once your team addresses remediation recommendations, RedTeam will schedule your retest at no additional charge.
Contact Us