Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. During social engineering testing, Securadigm exploits the natural tendency of a person to trust another person's word, rather than exploiting computer security holes. It is generally agreed upon that 'users are the weak link' in security and this principle is what makes social engineering possible.
Social engineering tests the effectiveness of the organization's policies as well as employee security awareness. Securadigm's Team may use the telephone, carefully crafted email messages, and physical access techniques to coerce the organization's employees into revealing sensitive information or granting unauthorized access, in violation of established policies. Information gathered during social engineering efforts is utilized during ethical hacking (if included in the scope of the assessment), leveraging the information gathered to further attempt to exploit vulnerable applications, systems, and processes such as user registration, user access provisioning, and system maintenance.