Realistic Campaigns, Real Pretexts
Depending on scope, an engagement may include spear phishing tailored to specific roles using pretexts drawn from genuine organisational context, whaling targeted specifically at executives and leadership, vishing in which we telephone staff under a constructed pretext, smishing over SMS, and physical or hybrid pretexting. We might attempt to harvest credentials, prompt the execution of a benign tracking payload, or simply persuade someone to break a process - whichever objective best reflects the threat you actually face.
A staff member who might never fall for a standard scam might well prove susceptible to a phishing attempt crafted using information about your organisation specifically. The most convincing campaigns are informed by an OSINT Assessment, which supplies the names, relationships, and context a believable pretext depends on; as such, these services are natural complements. If you do not wish for an OSINT Assessment, we will instead base our social engineering campaigns on information you choose to share with us in a consultation meeting.