This type of test also run as an important part of penetration testing. It paves ways for verifying the “Human Network” of an organization. This pen test imitates attacks which the employees of a company could attempt to initiate a breach. However, it can further split up into two subcategories.
Remote Tests
It intends to trick an engineer (employee) to compromise confidential data using electronic means. The tester could conduct such an attack via a phishing email campaign.
Physical Tests
This type of test requires direct contact with the subject to retrieve the sensitive information. It might involve human handling tactics like Dumpster Diving, Imitation, Intimidation or convince the subject via phone calls.
Please note that you must inform the appropriate people before conducting the social engineering penetration test
