Social Engineering

Assessment & Compliance Services Division

847.221.0200 halock.com

Solution Overview
Solution
At-a-Glance:
 Test end user security
awareness, ensuring em-
ployees and staff adequately
safeguard confidential infor-
mation and trade secrets
 Attempt to gain access to
sensitive information
through remote or onsite
efforts
 Simulate Phishing attacks to
determine if users will open
fraudulent emails and dis-
close credentials to the at-
tacker
 Can be performed blind
(with no previous knowledge
or assistance) or in a col-
laborative manner
Social engineering is the practice of
obtaining confidential information
by manipulation of legitimate
users. During social engineering
testing, Halock exploits the natural
tendency of a person to trust
another person’s word, rather than
exploiting computer security holes.
It is generally agreed upon that
“users are the weak link” in security
and this principle is what makes
social engineering possible. Social
engineering tests the effectiveness
of the organization’s policies as well
as employee security awareness.
Halock’s Red Team may use the telephone, carefully crafted email messages, and physical access
techniques to coerce the organization’s employees into revealing sensitive information or granting
unauthorized access, in violation of established policies.

Information gathered during social engineering efforts is utilized during ethical hacking (if
included in the scope of the assessment), leveraging the information gathered to further attempt
to exploit vulnerable applications, systems, and processes such as user registration, user access
provisioning, and system maintenance.

Professional Services Included : Pricing:

 Pricing varies based on the

 Information collection, such as the names of  Attempts to gain access to physical size, complexity, and depth of
key IT staff members, credentials, system information assets through onsite entry testing
information, locations of systems or data, etc,
 Remote testing (phone and
using public sources  Documentation of findings, including
email) typically ranges from
detailed walkthroughs of exploit scenarios $4,000 to $8,000
 Attempts to gain access to sensitive
information remotely via telephone contact  Onsite testing (physical
breach) typically ranges from
using pre texting and persuasion methods
$2,500 to $5,000 per location

 Attempts to gain access to sensitive

information remotely via email contact and
Phishing

1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
 847.221.0200 halock.com

Social Engineering: Scope Worksheet

Testing will be performed using the following approach:

COLLABORATIVELY
BLIND (NO ASSISTANCE FROM CLIENT)

The following methods are conducted during social engineering:

METHOD SCOPE

Phone

Email / Phishing

Physical Penetration

The following special considerations will be incorporated into the assessment:

1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com