Social Engineering is a technique that relies on exploiting weaknesses in human nature, rather than hardware, software, or network vulnerabilities.

It's a non-technical strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices. When successful, many social engineering attacks enable attackers to gain legitimate, authorized access to confidential information. We mobilize different tactics to mitigate the dangers of social engineering for your information security.

What makes social engineering especially dangerous is that it relies on human error, rather than vulnerabilities in software and operating systems. Mistakes made by legitimate users are much less predictable, making them harder to identify than a malware-based intrusion.

Email Phishing.

Exchanges of sensitive information over email happen almost constantly, day in and day out. Yet, nearly all of these exchanges don’t go through the proper channels for authentication and authorization. ISEC uses email phishing and spear phishing social engineering to target staff into visiting unknown websites, divulging sensitive information or getting them to perform an action they otherwise should not be.


Much like email, exchanges of sensitive information over the phone happen at an almost constant rate. These days, the mindset that a telephone call is enough to authenticate a person is all too common. However, bad actors are moving away from email toward telephone social engineering. ISEC uses telephone social engineering to target staff into divulging sensitive information or otherwise getting them to perform an action they should not perform.


Requests for information via fax is a crucial of exchanging information and sometimes these faxes contain sensitive information. Too often these exchanges of information happen without fully authenticating or authorizing the requesting party. Fax social engineering aims to identify weaknesses in how faxes are managed and exchanged within an organization.


During a physical social engineering engagement, ISEC engages staff directly (overt) or indirectly (covert) in an effort to identify weaknesses in the way they physically handle visitors and those pretending to be employees, vendors or business partners. ISEC masquerade as vendors, new employees, business partners and even employee family members in order to entice staff into divulging sensitive information or permitting access to sensitive areas of the facility.