Evolve Security Social Engineering Assessment is a professional service that evaluates the effectiveness of human security controls within organizations. The service focuses on testing how employees respond to social engineering attacks, which are present in over 95% of cyberattacks according to industry studies. The assessment includes multiple testing methodologies: - Email phishing campaigns using customized and spam-type emails with spoofed addresses, hostile attachments, shortened URLs, and potentially malicious links - SMS phishing (smishing) with fake callback numbers, hostile attachments, and spoofed phone numbers - Physical intrusion testing including tailgating, alternate entry points, and dumpster diving The service follows a structured approach beginning with scoping and rules of engagement, followed by reconnaissance of the organization's public presence and social media, execution of assessment activities, and detailed reporting. Testing evaluates both human controls (policies, procedures, training, awareness) and supporting technical controls like email filtering and attachment blocking. Results are documented in the Darwin Attack portal in near-real-time, allowing organizations to begin remediation before the final report is completed. Each engagement includes a social engineering briefing to discuss results and impacts with appropriate staff. The service can be offered independently or combined with complementary security services like penetration testing.