Social engineering
Phishing, vishing and pretext contact that targets your people, built from real information an attacker could find about your organisation.
- Phishing & vishing
- Pretext development
- OSINT-driven targeting
- Payloads & landing pages
The strongest firewall does not help if someone holds the door open or clicks the wrong link. We test your people, your processes and your premises the way a real intruder would, safely and under agreed rules, then show you where the gaps are and how to close them.
Phishing, vishing and pretext contact that targets your people, built from real information an attacker could find about your organisation.
Getting into your building and reaching what matters: tailgating, cloned badges, and bypassing locks, doors and reception.
Breaking out of locked-down workstations, kiosks and shared terminals once inside, to reach the network behind them.
Real attackers do not stick to one trick. They phish to get a foothold, then walk in, or they walk in and plug into the network. We chain the human, physical and digital together to show what a determined attacker could actually achieve.
A physical and social engagement runs in six phases, from signed authorisation through to the debrief. Here is how each one works.
We agree the targets, objectives and boundaries, and put a signed authorisation letter in place, before anyone is contacted or approached.
We build the picture and the cover story from public information, the way an attacker researching you would.
We test your people with phishing, vishing and pretext contact, and see how your training and processes hold up.
With authorisation, we attempt on-site access: tailgating, bypassing controls and talking past reception to reach the objective.
We reach the agreed goal, a room, a workstation or data, and show how far an attacker could take it from there.
You get a clear report and a debrief with your team: what worked, what your people did well, and how to close the gaps.
You get an honest account of what happened and practical steps to put it right, framed to help your team rather than catch them out.
Straight answers to what clients ask most before a people-and-premises test.
A phishing simulation sends a batch of test emails and measures who clicks, which is useful for a baseline. Full social engineering is a targeted, goal-based exercise: we build a pretext from real information about your organisation and use phishing, phone calls and in-person contact to actually reach an objective. One measures a click rate; the other proves what a determined attacker could achieve.
Yes. With your authorisation we attempt to get into your premises the way an intruder would: tailgating through doors, talking past reception, cloning access badges and bypassing locks, then reaching an agreed objective such as a server room, a desk or a network point. It is always scoped, authorised and safe.
Yes, because it is authorised. Before anything starts we agree the scope, targets and boundaries in writing, and every tester carries a signed authorisation letter (a get-out-of-jail letter) to show if challenged. We do not damage property, and we agree in advance how far we go and what is off limits.
No. The goal is to test your processes and defences, not to catch people out. We report on what happened and why, not on who, and we frame the debrief so your team learns from it rather than feeling blamed. Where an individual detail matters, we agree how to handle it with you first.
Yes, and it is often the most realistic option. A real attacker might phish their way to a foothold, then walk in, or walk in and plug into the network. We can chain the human, physical and digital together into a single goal-based exercise, closer to a small red team than a one-off test.
Yes. Every engagement ends with a debrief that walks your team through exactly what we did, what worked, and where the gaps were. You get clear, prioritised fixes for your people, processes and premises, so the exercise leaves you stronger rather than just scored.
Tell us what you are worried about and what a win looks like for an attacker. We will come back within one working day with a suggested approach and a straight, fixed-price scope.