Social Engineering Assessment

Social engineering assessment aims at assisting tested unit to understand the existence of social engineering through e-mail, and to raise their awareness. Meanwhile, based on the testing results, corporations can understand their potential vulnerabilities and improve themselves through internal education and training. Additionally, based on testing results, information security can be managed easily.

Service items

Testing objects We will send social engineering mails to each email account with editable documents.
Testing inspection Email content covers many types, such as gossip, leisure activities, health care, finance, erotica, novelty, etc. Each type provides at least three different contents for random selection for testing. During the process, the behaviors of the subjects, such as “open mail”, “click the link” and “open the attachment” will be recorded.
Analysis reports After the testing, a report with the following contents will be generated： Overall statistical result presented in chart with different types, grouping results, sorting statistics table. E-mail delivery schedule Statistical result of the human behavior - ‘open the mail’, ‘click the link’ and ‘open the attachment’. Calculating the result of ‘open rate’ and ‘click-to-open rate’ Detailed recording - the amount of time the subjects open and read the email.
Consulting service After the analysis report is proposed, a 5*8 consulting services will be provided for 1 month.

Service Process

Confirm the environment setting

Understanding the information security policy and rules of the authority concerned
Understanding the departmentalization in the authority and plan the testing schedule

Provide the list of email addresses

Clients helping to set the SPAM system protect the tested emails from being blocked.

Make the template of emails

Plan and design the template of emails.

Send the emails for testing