Social engineering testing simulates phishing campaigns, vishing calls, and physical access attempts — measuring human security awareness and testing technical controls (email filters, MFA).
Phishing simulation: craft targeted spear phishing emails → send to approved target list → track opens/clicks/credential submissions → report results with training. Always have explicit written authorization including specific target lists. Never include non-authorized targets even accidentally.