Professional Social Engineering Tests

based on social psychology

Social Engineering Test – "The Art of Gaining Control Over Minds"

We conduct controlled social engineering tests aimed at verifying whether employees can resist manipulation and protect the company’s critical assets. During the test, we attempt to persuade an employee to perform actions they normally should not — such as disclosing passwords, revealing confidential company information, opening files or connecting USB devices, granting unauthorized persons access to company premises, or handing over sensitive documents. The goal may be to assess the effectiveness of security measures, identify gaps in employee awareness, or obtain specific information. All activities are carried out according to a pre-agreed scenario, with full respect for ethics, law, and best practices in cybersecurity.

Leave a message – we will call you back

Sequence of Activities

1.

Information Gathering

The success of the attack largely depends on the quality of the collected data. At this stage, we gather information about the company—from open sources (websites, social media, public registers) as well as through OSINT methods. If the client does not provide data directly, this step may take the most time. The collected information will be used to develop realistic and effective attack scenarios.

2.

Presentation of Scenarios

Based on the collected data, we prepare proposed attack scenarios. The client selects which of these will be executed and decides whether employees will be informed about the ongoing test. At this stage, we also agree on the scope of the final report and the method of progress reporting.

3.

Social Engineering Attack

We execute the previously agreed-upon scenarios. Employees may be subjected to various forms of tests, such as attempts to persuade them to open a file named “company_salaries.pdf,” participate in a fake contest, or disclose confidential information. During these activities, we utilize psychological principles such as the rules of reciprocity, authority, scarcity, liking, commitment, and social proof.

4.

Presentation of Results

After the test is completed, the client receives a detailed report containing:
– a description of the actions taken,
– a list of obtained information (along with the channel through which it was acquired),
– an assessment of the test's effectiveness,
– recommendations regarding security measures and further actions,

– and much more, which is why we encourage you to get in touch with us.

Our Working Methodology

Statistics for Social Engineering Tests (2024)

0 %
In controlled phishing tests, up to 92% of users open the message, and 30–50% click on a malicious link (Proofpoint, KnowBe4). In phone-based tests (vishing), the success rate of obtaining information reaches 60–70%.
0 %
Not all clients immediately implement recommendations after tests—an estimated 60–70% take action right away, while the rest do so within a few months or… not at all (according to auditing firms' experience).
0 %
Impersonation of others (e.g., HR, IT, coworkers) in phishing tests is effective in about 40–60% of cases—depending on the industry and employee awareness level (Verizon DBIR 2024, IBM).
0 %
In most cases (70–85%), the information needed to prepare an effective attack is found online (LinkedIn, company websites, social media, online CVs).

Methods of Conducting Attacks

Understanding what potential attacks might look like helps better prepare an organization for real threats.

During tests, we simulate techniques used by real cybercriminals, both remotely and physically.

Indirect attacks (remote or technical) may include, among others:

  • creating fake websites,
  • sending emails or SMS messages containing phishing attempts,
  • phone contact (both landline and mobile),
  • delivering media with malicious software (e.g., USB drives, DVDs),
  • installing spying services or devices (e.g., fake Wi-Fi networks, modified ATMs, USB chargers).

Direct attacks (physical or personal) may include:

  • conversations with employees to obtain information,
  • attempts to gain physical access to buildings or restricted areas,
  • deliberate taking of unattended devices (e.g., laptops, phones),
  • observation, eavesdropping, or spying on workstations.

Thanks to a comprehensive approach that combines various methods, our social engineering tests accurately reflect real threats and help effectively strengthen the security of your organization.

Contact

+48 519 188 929

poczta@omnusec.pl

The website testysocjotechniczne.pl is operated under the Omnusec brand, which is part of the Omnus Sp. z o.o.
Zachęcamy do wysłania zapytania bezpośrednio na adres poczta@omnusec.pl lub skorzystania z poniższego formularza. Na przesłaną wiadomość zazwyczaj odpowiadamy w ciągu 48 godzin.

The website testysocjotechniczne.pl is operated under the Omnusec brand, which is part of the Omnus Sp. z o.o.

Omnus Sp. z o.o., Strzeszyńska Street 35/37, 60-479 Poznań
VAT ID: 7812091918 | National Court Register (KRS): 0001181496 | REGON: 54212872000000

Sequence of Tasks

Our Working Methodology

Work Statistics

Methods of Conducting an Attack

Contact

Omnusec