Social Engineering Methodology

Get a Quote in 24 hours

Testing that assesses your people, processes, and procedures via email phishing, telephone vishing and onsite attempts to breach physical safeguards.

RedTeam Security's Social Engineering Methodology

RedTeam Security’s social engineering methodology combines industry-standard frameworks with our experience to develop a customized approach for executing comprehensive social engineering attacks. Our testing will reveal your employees’ adherence to company procedures and their ability to protect company assets. As part of a social engineering engagement, RedTeam Security will use social engineering techniques to assess:

  • Security awareness of whether employees can identify a scam from a malicious actor possibly posing as a trusted source such as a co-worker or a member of your internal tech support team.
  • How well security policies and procedures for disclosing information are followed and/or whether they are sufficient to protect sensitive data and client confidential information.
  • How well procedures are understood and followed for granting authentication and admitting visitors to buildings.
  • Whether suspicious activity such as an individual tailgating through a security clearance point, vishing phone calls, or phishing emails are identified, questioned, and reported appropriately.
  • If any technical controls to protect against social engineering are effective.


The primary objective for any social engineering attack is to measure the strength of existing security controls and uncover their weaknesses before bad actors can discover and exploit them.  Through effective social engineering techniques,  RedTeam Security will reveal real-world opportunities for malicious insiders or bad actors to bypass safeguards in such a way that allows for unauthorized physical access to sensitive areas leading up to data breaches and system compromise.

RedTeam Security employs a standard methodology that includes multiple phases. These phases build on each other and ensure an effective and comprehensive test.

Before beginning any social engineering engagement, the pre-engagement phase begins. During the pre-engagement phase, RedTeam Security will confirm objectives and collect details required to execute and kick off the project.  This phase is crucial as it establishes the overall rules of engagement for each of the types of social engineering attacks (phishing attacks, phone calls, physical )and ensures that each attack will be is executed efficiently, effectively, and in accordance with the overall organizational goals.

Information Gathering

Using the information collected for the kick-off meeting, RedTeam Security finalizes the necessary details for Gathering/ Open-Source Intelligence.

As with other types of penetration testing, the first phase in a social engineering engagement is to focus on gathering as much information as possible about the target. This is done through passive reconnaissance and Open-Source Intelligence (OSINT). This is one of the most critical steps in the process because it helps to examine your organization from the perspective of a “bad guy” and enables RedTeam Security to see everything an attacker would by utilizing public tools, such as Google Earth, social media, and job boards. Using this approach, we can usually learn a great deal of information about your business, surroundings, and the environment.

By carefully examining the public side of your company, we learn helpful indicators about your organization, how it operates and uncover any sensitive information or weaknesses that might exist online so you can remediate the security threats (i.e., information sharing on Facebook).

The depth of this phase will vary based on the specific engagement.  In some cases, RedTeam Security will work closely with you to create compelling pretexting.  In other engagements, RedTeam Security will use information gathered during the OSINT to create the pretexts and identify targets.  

Ultimately, the team aims to simulate a real-world physical attack on the target’s most prized assets without the damaging consequences of an actual attack.

Active Reconnaissance

The Active Reconnaissance phase of physical, email or phone social engineering engagements helps detect cybersecurity vulnerabilities you might not suspect exist. In this next step, we take a more active “hands-on” approach by gathering sensitive information that can be obtained online, leveraging more proactive tools, or offline. This may include exploiting a vulnerability on the company website or by calling or by emailing staff to collect information that can be leveraged to create a pretext or be used during execution.

This phase is not conducted for all social engineering engagements, and we will discuss these types of social engineering techniques with you to determine if they are appropriate for your specific social engineering attack.

Attack Planning & Pretexting

Intelligence gathered through the previous steps is now combined into a plan of attack. Effective planning and pretexting involve preparing the operation specific to the target, taking into full account intel gathered from the reconnaissance stage.  The plan of attack includes creating a Pretext (the story being used), the targets, timing, email templates, etc. In addition, phone number masking will be set up, email templates are created, custom malicious file payloads are crafted, RFID cloners are prepped, hardware trojans are configured,  social engineering costumes are acquired, and falsified personas/companies are created.

Actions on Objective/Execute the Attack

This is where the team executes the different types of social engineering attacks, just like real cybercriminals do when deploying phishing attacks, distributing malware, or otherwise hoping for a data breach. This may be by making phone calls to targeted personnel to attempt to obtain confidential information, sending phishing emails to create a sense of urgency, or tailgating to gain access to a physical location. If the social engineer encounters an astute employee, the team may pause and start again with another pretext.


RedTeam Security social engineering penetration testers have experience infiltrating some of the most secure environments the same way cybercriminals would. Our social engineers leverage this experience to zero in on critical issues and provide actionable remediation guidance.

During the social engineering attacks, as RedTeam Security worked to complete the mission and realize the agreed-upon objectives, we obtain both screen captures and (where possible) video, audio, and photographs as evidence.  We take great care to ensure we’ve communicated the value of our service and findings thoroughly. The deliverable consists not only images of our findings but several key components including, but not limited to: Executive Summary, Scope, Findings, Evidence, Tools, and Methodology.

Because social engineering attacks are focused on your employees, RedTeam Security will work with you to see if the objectives obtained during your form of social engineering warrant additional training opportunities for your organization. Sometimes, increased security awareness can be achieved by revising in-house online training or one-time in-person training.  RedTeam Security provides additional cost-effective training solutions aimed at reviewing information security best practices and practical techniques for identifying scammers.


To perform a comprehensive real-world assessment, RedTeam Security utilizes commercial tools, internally developed tools, and the same tools that hackers use on each and every assessment. Our intent is to assess security by simulating a real-world cyber-attack, and we leverage the many tools at our disposal to effectively carry out that task.

Why work with RedTeam

Services Datasheet

Learn more about RedTeam Security’s advanced Application, Network and Physical Penetration Testing, Social Engineering and Red Teaming services.

Services Datasheet