Social Engineering Testing

Social Engineering Testing

Social Engineering Testing simulates phishing, pretext calls, and onsite branch visits to assess employee awareness, identify vulnerabilities, and strengthen your institution’s human defenses.

Request For Proposal
Read Whitepaper
800
+
Organizations Assisted
23
+
Years of Superior Success
38
States Represented

Social Engineering Testing

NETBankAudit’s In-depth Social Engineering Testing is designed to evaluate the effectiveness of your institution’s security awareness training and the resilience of your staff against real-world social engineering attacks. Our methodologies and automated tools are tailored to provide meaningful, actionable results without prohibitive costs to your information security budget. We work closely with management to customize the approach and ensure testing aligns with your goals and organizational culture.

Our social engineering testing program includes a variety of simulated attack scenarios to assess your institution’s vulnerability to human-based threats. Each component is designed to test specific aspects of your security awareness and response protocols.

Email Phishing Social Engineering Test

  • Simulated Phishing Campaign: NETBankAudit provides an email phishing social engineering test for all employee email addresses. The bank selects one standard email template to send to employees; no customization or alterations are available for this standard test.
  • Response Tracking: We collect information on employees who visit the phishing website and any data they provide. This information is documented in the final report, with specific names provided in a supplemental report.
  • Advanced Options: Customized in-depth phishing tests are available, including Spear Phishing, Cybersecurity Spear Phishing, and Advanced Social Engineering testing. Please inquire for more details.

Pretext Calling Social Engineering Test

  • Simulated Pretext Calls: Our engineer, acting as a social engineer, attempts to obtain access to the network by calling a selected target group of employees and posing as a network engineer working with the IT department on network testing.
  • Test Scenario: The engineer asks the employee to help with the test by going to a website to see if they can access it. The website records information regarding any visits by the employee.
  • Sample Size: Typically, a sample size of 10% of employees (up to 15 contacts) is used for this test.

Onsite Visit Social Engineering Test

  • Unannounced Branch Visits: The face-to-face social engineering testing consists of unannounced visits to selected branches to determine how well employees follow organizational protocol when asked to provide access to secure areas of the branch.
  • Test Scenario: Our engineer, acting as a social engineer, arrives at the designated location(s) without prior warning, introduces themselves as a NETBankAudit consultant working with the IT Administrator, and requests access to the server room.
  • Response Documentation: The subsequent response(s) of the target employee(s) are recorded in the final report. This test helps assess the effectiveness of physical security and employee training in real-world situations.
  • Sample Size: Typically, this test is performed at one or more branch locations as agreed upon with management.

Testing Approach and Customization

We collaborate with your management team to determine the best approach for social engineering testing, ensuring that the process achieves your goals without negatively impacting employee morale. Planning and preparation are essential to customize the testing for your institution and to minimize the risk of misunderstanding among staff.

  • Management Coordination: NETBankAudit seeks direction from management to select the most appropriate social engineering tactics and to agree on the scope and sample size for each test.
  • Employee Communication: Guidelines are established to ensure employees understand that testing is designed to improve training and awareness, not to measure individual performance.
  • Planning and Preparation: NETBankAudit prepares and customizes social engineering testing for each client, ensuring the process is effective and minimally disruptive.

Deliverables

Our social engineering testing provides actionable insights and clear documentation to help you strengthen your institution’s human defenses.

  • Detailed Reports: Final report documenting the results of each test, including employee responses and areas for improvement.
  • Supplemental Reports: Specific names and details of employees who responded to phishing or pretext tests, provided as a supplemental report.
  • Recommendations: Actionable guidance for improving security awareness training, policies, and procedures based on test results.

Table of Contents
This is also a heading
This is also a heading
Related Services
Internal & External Network Security Assessment
Information Technology General Controls Audit
Ransomware Assessment Facilitation
Related Articles
Social Engineering Testing: Safeguarding Financial Institutions from Human-Centric Cyber Threats
Phishing in Financial Services: Protecting Your Institution Against Cyber Threats
"NETBankAudit is more than just an audit firm. They take the time to truly understand your organization. By working as a partner they made recommendations that best fit our bank while helping us realize resources that were already at our disposal. The employees we work with are extremely knowledgeable and always available to assist"
Garrett Henry, Chief Information Technology Officer
Franklin Savings Bank
$822M total assets, FDIC regulated
Franklin Savings Bank Logo
"Our Auditor was accommodating when appropriate, but never at the expense of principle.  She has my respect in every regard, and it is a privilege having her as a resource especially during exams. Our Engineer was great as well.  He was able to perform the penetration testing and vulnerability scanning with little disruption to our team.  This year’s engagement was on point as usually."
Beth Worrell, EVP, Chief Risk Officer
Skyline National Bank
$855M total assets, OCC regulated
"We were very satisfied with the model validation of our Verafin System. The NETBankAudit team was great to work with, very professional and kept us in the loop throughout the engagement. We will definitely consider working with them again for the annual validation"
Ken Helmrich, CAMS, CFCS
Kearny Bank
$7B total assets, FDIC regulated
"NETBankAudit provides us with top notch Information Security Professionals to allow us to continually improve our organizations security posture. Springs Valley is able to utilize them to stay abreast of the changing regulatory and cybersecurity landscape. It is great to have a reliable resource like them as a valued partner."
Craig Buse, CLO, COO
Springs Valley Bank & Trust Company
$494M total assets, FDIC regulated
"We appreciate working with professionals respected in the financial services community for their individual expertise and their attention to detail in the audit programs.  Always accessible when we need their assistance. "
Teresa Welty, SVP Internal Audit and Risk Officer
Capital Bank
$1.8B total assets, OCC Regulated
Capital Bank Logo
"We have been doing business with NETBankAudit since 2018 and their team of professionals have been amazing to work with.  They are experienced, objective, and responsive in performing our audit. Plus, they have been readily available to assist us with any issues during regulatory exams."
Robin Harris, Vice President
Carolina Bank
$579M total assets, FDIC regulated
Carolina Bank Logo
"The auditors have been very helpful and patient in giving us guidance with starting, developing, and improving our cybersecurity program. We have an active relationship with NETBankAudit and they are not just an audit firm. NETBankAudit wants us to succeed and not only meet regulatory requirements but understand them as well."
Leslie Nicely, Cybersecurity and BSA Officer
Highlands Community Bank
$172M total assets, FRB Regulated
Highlands Community Bank Logo
"First Citizens National Bank selected NETBankAudit to provide audit services for Information Technology Systems in early 2005.  Since that time, we have added cybersecurity, digital banking, and network penetration testing.  NETBankAudit is not only our auditor, but our partner in developing new digital strategies, policies and procedures. When we are implementing anything digital, NETBankAudit is a resource we use to ensure we have covered all aspects of risk management"
Judy Long, President and COO
First Citizens National Bank
$2B total assets, OCC Regulated
First Citizens National Bank Logo
"We were very satisfied with our first NETBankAudit experience and impressed with the thorough report. Working with our assigned auditor was a pleasure - he possesses great field experience and regulatory experience that was very helpful to us."
Dan Hagedorn, Audit Liaison/Compliance
International Bank of Chicago
$845M total assets, FDIC regulated
International Bank of Chicago Logo
"NETBankAudit's auditor was very knowledgeable and explained clearly what was needed from our side to help complete the audit as well as providing clear recommendations on where we could improve our controls.  The audit was done very professionally. Everyone here at SECU that interacted with NetBankAudit here at SECU had the feeling of a partner."
Rodney Hill, VP Technology
Schlumberger Employees Credit Union
$945M total assets, NCUA regulated
SLB Employee Credit Union Logo
"NETBankAudit serves as our internal auditing team. Their attention to detail and mastery of regulations are invaluable tools to our organization. During the audit, when they have a recommendation or finding, they partner with us and aide us in an internal audit liaison capacity. It is not a typical auditor firm’s approach, who just present their report and findings with limited direction or follow-up. NETBankAudit’s approach also helps us prepare for regulatory reviews with regular “heads-up” guidance and coaching. The examiners value NETBankAudit’s quality and depth of coverage and leverage the detailed audit work papers to facilitate the examination process. "
Dave Kittleson, Director of IT
Arundel Federal Savings Bank
$444M total assets, OCC regulated
Arundel Federal Logo
"We are very satisfied with NETBankAudit’s IT Audit services. The people we worked with are very personable, knowledgeable, and professional."
Sue Richardson, ISO
BayPort Credit Union
$2.2B total assets, NCUA regulated
BayPort Credit Union Logo
"We've partnered with NETBankAudit for over 10 years. We know we'll always receive a thorough review, but the service is always above and beyond our expectations. NETBankAudit keeps us apprised of recent regulatory changes, potential exam issues, and other areas for focus. Engaging NETBankAudit is creating a partnership for the future."
Leslie Hambrick, CFSA, CRMA
Peoples Bank, Newton, NC
$1.5B total assets, FDIC regulated
Peoples Bank Logo

More Services

Value-Add Consulting
Leveraging Decades of Industry Experience

As your trusted partner for compliance and security, our audits include informed recommendations to improve.
Request For Proposal
How NETBankAudit Delivers Value-Add Consulting:

Our Value-Add approach to auditing and compliance provides tailored, actionable advice drawn from our experts' practical industry experiences.

  • Senior-level auditing team each bringing 10+ years of industry and regulatory experience.
  • Our team has broad expertise with certifications from CISA, CISSP, CISM, CRISC and more.
NETBankAudit Logo PNG
2024 NETBankAudit. All Rights Reserved.
Privacy PolicyTerms of Service