Do you know where your weakest link is?

Spear Phishing

Spear phishing is a highly-targeted form of attack. Spear phishers use carefully crafted emails alongside social engineering tactics to convince individuals to both open and engage with the email.

Consumer Phishing

Consumer phishing is a type of attack in which a criminal sends a deceptive email that appears to come from a respected brand. This is usually done in order to gain individual account credentials.

Data Breach

Data breaches are frequently the result of intrusions caused by credential theft or the installation of malware. This is in turn fueled by social engineering and identify deception techniques.


Ransomware is a form of malware that infects the computers of its victims. From there, content is encrypted, and the victim is required to pay a ransom in order to regain access to their content.
Image module

Email Compromise

Email compromisation, or Business Email Compromise (BEC), is a sophisticated email attack in which a criminal sends a victim’s emails to an organization’s employees. It’s also known as CEO fraud.

Social Engineering

A Cybersecurity Must Have:

The #1 cybersecurity threat for businesses is social engineering attacks. These types of attacks will be at the top for a long time to come.

Social engineering attacks, which rely on human interaction and fraudulent behavior to trick people, are the driving force behind spear phishing, email compromises, and ransomware.

We view social engineering campaigns as a must-have service for every business and organization. And it’s why we offer social engineering assessments for:

  • email phishing,
  • telephone/text,
  • and onsite/social pretexting.

The Human Factor in IT Security:

Employee actions lead to cybersecurity incidents. Although traditional cybersecurity attacks leverage technology-based system vulnerabilities, such as misconfigurations and software bugs, social engineering attacks take advantage of human nature and the inherent vulnerabilities in people.

Unethical Hackers use deception in order to trick targeted victims into performing acts that are harmful to a company’s network.

At EHS, we make the social engineering process painless and simple. Our team has conducted (and successfully delivered) numerous social engineering assessments for businesses of all sizes and types… and we can help you protect your company from the insider threat (your employees).

The Next Big Threat

A social engineering campaign can be used as a one-time method of assessing the effectiveness of a security awareness training, or to support new and current training programs. Using the latest intelligence on social engineering techniques, a social engineering test can evaluate employees against general phishing and “spear-phishing” attacks that are intended to exploit trust and lack of security awareness.

Phishing Email Attack

Deploys a distinct simulated phishing email to test whether employees click on malicious links that they should not. It is a single test where no exploitation occurs, but only collects general information on the effectiveness of the attack and the employee’s response.

Phishing Data Attack

Tests user security awareness by manipulating individuals in your organization to perform unsafe actions or provide sensitive information over email. The content used in these scenarios ranges from generic, spam-like messages to client-specific emails that are designed to appear to originate from internal users, third-party service providers, or clients.

EHS offers two options for gathering information. We recommend that the names and email addresses of the intended recipients during the social engineering test be provided beforehand. If such a list is not provided, where EHS must search or otherwise build a list through manual research, additional costs will be incurred.

Customer-Provided List (Gray Hat)

A list of email addresses of the employees targeted, are provided by the customer.  Additionally, the customer may provide information that can help with the targeting, such as programs used or companies they work with. This type of social engineering test represents the simpler and quicker method as research is not required in order to build a list.

Manual Research (Black Hat)

A list of employees email addresses is not provided to EHS, resulting in a lot of manual research on our part. Research includes employing tools and techniques for harvesting names and email address from open source directories, social media sites, and customer web sites. This extra research will incur additional costs.

Looking for a First-Class
Cybersecurity Expert?

Understand the risk posed to you, and your customers, by the vulnerabilities present in your network.