Social Penetration Tests

Bank employees interact with thousands of people a day and need to be trained on identifying and responding to targeted in person social engineering attacks.

A large majority of employees at financial institutions are customer facing as well as exposed to an abundance of confidential and protected information. As a result, they can often be targeted and victimized in a social engineering attack and it is essential to ensure they are trained to recognize and respond to potential threats.


By testing employees and facilities during a social penetration test, a company can learn the ways in which they are most vulnerable to attack, and begin to address them. While companies commonly have a dedicated budget and team to handle electronic security issues, they often lack the kinds of security awareness training that addresses the most common ways attackers gain access to important information. Social penetration testing can identify these weaknesses in any organization.


SecureState has years of experience with physical security, having helped our clients understand the gaps in their current systems and the best ways to address them. Additionally, SecureState has been integrating social engineering into our penetration testing methodology for years, from email based phishing to physical social interactions. By combining all of our knowledge, SecureState can provide a full picture of the physical security risks your company faces. 

Approach and Methodology

Social Penetration Testing uses logical and physical penetaration testing techniques to try to gain access to sensitive data. The main avenue of attack is social engineering but other techniques can also be used to gain access to sensitive information.

SecureState will begin by identifying the site, working with the client to choose specific targets and any limitations on the assessment. Depending on the scope, SecureState will also gather any open source intelligence available on the Internet about the site and your company, which may be used as part of the test. Our consultants will also craft a special kit to use during the assessment, including fake badges, monitoring equipment, keystroke loggers, and a variety of other tools.

Once we begin the assessment, SecureState will at first take a passive stance, observing the site and gathering any information that might help with the actual penetration effort. We will note the common entrance points, observing common times of entrance and exit, and observing the security in place on each door. SecureState will then attempt to gain access to the facility and gain access to any of the targets identified before the assessment.

As a key part of this assessment, SecureState will attempt to use social engineering techniques to gain access to the facility using social engineering techniques to convince the various people at the site to give us access to the facility, provide us with further information, or allow us to remain on the premises.

After the incursion, SecureState will document our results, providing a detailed description of both the techniques used, and suggestions for the best methods for addressing these.

Get Started!