It is generally accepted that “users are the weak link” in security. Very few technical controls can compensate for the intricacies of human behavior such as a person’s natural tendency to trust another person. Remote Social Engineering exploits the “scripts” of human interaction—how people typically interact and what they expect to happen in a given situation—rather than exclusively leveraging technical security vulnerabilities to test the effectiveness of security awareness training and stated security policies and processes such as incident response.
Remote social engineering is a externally initiated assessment performed under controlled conditions designed to validate the effectiveness of user security awareness and incident response processes. Testing includes leveraging a carefully crafted fictitious “malicious” website, email campaigns to targeted employees, phone contact, or through other customized attack scenarios..