project black logo
Penetration Testing

Social Engineering

Human psychology remains one of the most exploited attack vectors in modern cyber attacks. Our social engineering assessments help identify and strengthen your organisation's resilience against sophisticated social manipulation and phishing attempts.

Test Your Security Awareness

Our Engagement Process

T-14 days

Scoping and Strategy

We begin with a detailed consultation to understand your organisation’s structure, key roles, and specific security concerns regarding social engineering threats.

Together, we identify target groups, define campaign objectives, and establish clear boundaries for the assessment to ensure meaningful results while maintaining ethical standards.

T-7 days

Campaign Preparation

Our team develops the technical infrastructure and crafts targeted campaign materials based on reconnaissance or provided information. This includes creating authentic-looking templates, setting up tracking systems, and preparing response mechanisms.

We also establish emergency protocols and points of contact for immediate notification of critical findings.

Campaign Launch

The social engineering campaign begins with carefully timed and targeted approaches to selected groups within your organisation.

Our team actively monitors campaign progression and employee responses, ready to adjust tactics or provide immediate support if needed.

T+14 Days

Analysis and Recommendations

Upon campaign completion, we deliver a comprehensive report detailing campaign results, success rates, and identified vulnerabilities in human security controls.

Our debrief session walks through specific findings, patterns identified, and provides actionable recommendations for improving security awareness and organisational resilience.

Why Social Engineering Testing?

Test Real-World Scenarios

Traditional security controls may be robust, but social engineering often bypasses these by targeting human psychology. Our assessments simulate real-world attack scenarios to identify and address these human-centric vulnerabilities.

Measure Security Awareness

Understanding how your employees respond to social engineering attempts provides valuable insights into the effectiveness of your security awareness training and helps identify areas needing additional focus.

Protect Critical Assets

Social engineering attacks often target high-value assets through human manipulation. Our assessments help protect these assets by identifying and addressing vulnerabilities in human security controls before real attackers can exploit them.

Build Resilient Culture

Beyond identifying vulnerabilities, our assessments help build a security-conscious culture where employees understand their role in maintaining organisational security and are better equipped to recognise and respond to social engineering attempts.

Our Social Engineering Methodology

Project Black's social engineering assessments combine technical expertise with psychological understanding to create realistic and impactful scenarios that test your organisation's human security controls.

Our social engineering campaigns include:

  1. Targeted Campaign Design
    We develop customised phishing campaigns targeting distinct roles within your organisation. These campaigns are informed by thorough reconnaissance or customer-provided information to maximise authenticity and effectiveness.

    • Role-specific targeting strategies
    • Custom infrastructure development
    • Authentic communication templates
    • Multiple attack vectors

  2. Flexible Execution Options
    Campaigns can be executed in two modes to suit your organisation's needs:

    • Blind: Testing without prior internal notification
    • Visible: Coordinated with internal security teams

  3. Impact-Focused Objectives
    Campaign are designed with specific objectives that demonstrate real business impact, some examples include:

    • Finance department: Simulated fraudulent transfer attempts
    • IT staff: Credential harvesting and access escalation
    • Executive team: Business email compromise scenarios
    • General staff: Data exfiltration attempts

Ready for a Pentest Quote?

Simply fill out and submit the form, and we'll provide you with a quote within hours - unless you fill it in at 3am!

Contact Us:

  • Privacy Policy (November 2023)
  • This policy outlines how we collect, use, and safeguard your personal information.
  • Information We Collect & How We Use It
  • Contact Form: When you use our contact form, we collect your name, email, and phone number. This is used to respond to your inquiries
  • Microsoft Clarity, Google & Bing Analytics: We use Microsoft Clarity together with Google & Bing Analytics to collect data such as your page views, and visitor behavior on our site. This helps us understand how our website is used to help us improve our site.
  • We do not share your personal data with any third parties, except as necessary for Microsoft Clarity, Google & Bing Analytics analysis, see their privacy policies for more information.
  • Data Security
  • Contact form information is sent via formspree.io as this is a 100% static site to a shared mailbox in Office 365. Access to this mailbox is restricted to specific individuals within our company to ensure the security of your information.
  • formspree.io helps us archive a copy of the form submission where it is retained for 30 days. If you prefer to contact us directly, you can email us at [email protected] for the same purpose.
  • Your Rights
  • You have the right to access, amend, or request the deletion of your personal data. If you have any privacy-related concerns, questions, or requests regarding your personal information, please contact us at [email protected].
  • Changes to Privacy Policy
  • Our privacy policy may be updated periodically. Any changes will be posted here and communicated to individuals who have previously submitted forms.
  • Jurisdiction
  • This privacy policy adheres to the Australian Privacy Principles.