Social Engineering Penetration Testing

What is a social engineering penetration test?

Social engineering is the single biggest security threat facing your business.  A social engineering penetration test will help you evaluate your employees’ susceptibility to social engineering attacks.

Educating your employees about how social engineering attacks are carried out and implementing and maintaining appropriate security controls to mitigate them, is critical.

Social engineering testing provides a basis for highlighting issues with operating procedures and developing targeted staff awareness training.

A social engineering penetration test will help you:

  • Establish the publicly available information that an attacker could obtain about your organisation;
  • Evaluate how susceptible your employees are to social engineering attacks;
  • Determine the effectiveness of your information security policy and your cyber security controls at identifying and preventing social engineering attacks; and
  • Develop a targeted security awareness training programme.

Learn more about our social engineering penetration test

Speak to an expert

For more information on how our CREST-accredited penetration testing services can help safeguard your organisation, call us now on +44 (0)333 800 7000, or request a call back using the form below. 

Get in touch

What is social engineering?

Attackers masquerade as trusted entities and manipulate victims into compromising their security, transferring money, or providing sensitive information.

Social engineering attacks can occur both online and offline.

Find out more about social engineering


One of the most common social engineering methods is phishing.

Phishing attacks involve emails that appear to be from legitimate senders but contain malicious attachments or links.

Phishing emails either use drive-by downloads to install malware on victims’ machines or harvest their credentials.

Find out more about phishing

Is a social engineering penetration test right for you?

If you are responsible for your organisation’s information security, you should ask yourself:

  • What information about your organisation is publicly available that could be used to facilitate social engineering attacks?
  • Are staff vulnerable to phishing and other forms of social engineering?
  • Could a social engineer gain unauthorised access to offices and site locations by exploiting weak security measures?
  • Could an attacker gain access to sensitive information from mislaid documentation?
  • What information could be obtained by someone taking hardware off-site?

Our engagement process

  1. Scoping - Before testing, our consultancy team will discuss your social engineering assessment requirements to define the scope of the test.
  2. Reconnaissance - Our social engineering team uses various intelligence-gathering techniques to collect information from public sources about your organisation. 
  3. Assessment - Our social engineering team attempts to gain access to the systems and/or buildings that hold the target information defined by you.
  4. Reporting - The test results will be thoroughly analysed by an IT Governance certified tester and a full report will be prepared for you that sets out the scope of the test, the methodology used and the risks identified
  5. Workshop - Our team can also run a workshop that will help your employees identify and respond to the cyber threats conducted during the exercise.

Did you know?

Proofpoint’s 2019 report 'The Human Factor' found that 99% of cyber attacks use social engineering to trick users into installing malware.

How IT Governance can help you 


CREST-accredited penetration testing services give you all the technical assurance you need.

Choose your test

You can choose the level of penetration test to meet your budget and technical requirements.

Straightforward packages

We are pioneers in offering easy-to-understand and quick-to-buy penetration testing.

Reports you can understand

We provide clear reports that can be understood by engineering and management teams alike.

Our penetration tests comply with the Microsoft Rules of Engagement

For Azure clients, this means we take care to limit all penetration tests to your assets, thereby avoiding unintended consequences to your customers or your infrastructure.

Companies using our penetration testing services

This website uses cookies. View our cookie policy
SAVE 10%