Menu
The success of the attack largely depends on the quality of the collected data. At this stage, we gather information about the company—from open sources (websites, social media, public registers) as well as through OSINT methods. If the client does not provide data directly, this step may take the most time. The collected information will be used to develop realistic and effective attack scenarios.
Based on the collected data, we prepare proposed attack scenarios. The client selects which of these will be executed and decides whether employees will be informed about the ongoing test. At this stage, we also agree on the scope of the final report and the method of progress reporting.
We execute the previously agreed-upon scenarios. Employees may be subjected to various forms of tests, such as attempts to persuade them to open a file named “company_salaries.pdf,” participate in a fake contest, or disclose confidential information. During these activities, we utilize psychological principles such as the rules of reciprocity, authority, scarcity, liking, commitment, and social proof.
After the test is completed, the client receives a detailed report containing:
– a description of the actions taken,
– a list of obtained information (along with the channel through which it was acquired),
– an assessment of the test's effectiveness,
– recommendations regarding security measures and further actions,
The website testysocjotechniczne.pl is operated under the Omnusec brand, which is part of the Omnus Sp. z o.o.
Omnus Sp. z o.o., Strzeszyńska Street 35/37, 60-479 Poznań
VAT ID: 7812091918 | National Court Register (KRS): 0001181496 | REGON: 54212872000000