Home Services X-Force Red social engineering services X-Force Red social engineering services
Put your people to the test through phishing, vishing and physical social engineering exercises
Watch the video
Data scientist work remotely at home coding programing

Social engineering is one of the most common attack methods used by criminals to trick employees into downloading malware, using realistic pretexts to pave the way to a security compromise.

Social engineering templates from an outside vendor, built internally, require more work for your security team and only enable basic-level attacks. Typically, the templates do not include attacker reconnaissance, for example, which is often a key part of an attacker’s strategy.

Benefits 99% Uncover employee vulnerabilities

IBM Security™ X-Force® Red social engineers are able to physically compromise companies in 99% of all engagements. Find out if your employees or executives would fall for an advanced social engineering attack like spear phishing.

Read about social engineering on Twitter
50% Uncover process and policy vulnerabilities

At least half of USB drives dropped by X-Force Red social engineers are opened. Discover how your employees would respond to an attack, and if device policies and training lead them to follow reporting guidelines.

Read the security awareness training blog post
30% Reduce risk

The click rate for opening malicious emails is still typically about 30%. Discover where your company is vulnerable and remediate flaws to prevent a real attacker from succeeding.

Stop four of the biggest social engineering threats
Capabilities Attack planning

At the beginning of every engagement, X-Force Red hackers meet with customers to understand their objectives, present various attack scenarios, develop a game plan and set goals.

Attacker reconnaissance

X-Force Red performs extensive open-source intelligence (OSINT) gathering to uncover publicly available data about targets that could be used to compromise an organization, person or facility. Using that intelligence, our hackers identify hosts, configuration files, open ports and other detailed technical information available on external websites, torrents and forums. The team also researches the dark web, social media platforms and search engines.

Physical testing

For physical engagements, X-Force Red develops a tiered program based on a low, medium and high risk of getting caught. The team aims to complete as many of the defined goals as possible within the two-week period.

Ad-hoc testing

For projects with an explicit scope and a small number of tests. Uses X-Force Red hackers, but you retain ownership of the testing.

Subscription-based program

Fixed monthly costs for an ongoing testing program. No charges for overtime or to change testing targets. Conveniently manage your tests and budget in one place through the Red Portal or schedule tests directly with your X-Force Red program manager. Unused funds carry over to the next contract year.

Fully managed testing program

Set predictable monthly budgets. With X-Force Red as your strategic partner, we handle the scoping, scheduling, testing and reporting.

How X-Force Red tests your employees: There are many tactics X-Force red employs in order to test employees. This includes more standard digital tactics like distributing emails with malicious links and attachments or calling employees and tricking them to into divulging sensitive information over the phone. It extends beyond the digital world and into using disguises, badge cloning, bypassing and other techniques to physically gain access to buildings and identify security flaws. Finally, scenarios can include custom pretexts that use no set templates or existing customer resources. Meet the X-Force Red team See the X-Force Red Portal for yourself
Related solutions Insider threat solutions

Protect your organization from malicious or unintentional threats from insiders with access to your network.

Explore insider threat solutions
Zero trust security solutions

A zero trust strategy needs modern, context-based security. Protect data and resources by limiting access under the right circumstances.

Explore zero trust solutions
Fraud prevention and detection solutions

Imagine a secure world without passwords. It’s possible and, even better, already exists. But how do you create this experience for your customers?

Explore fraud prevention solutions
Subscribe to our monthly newsletters

Receive our newsletters that deliver thoughtful insights on emerging trends.

Subscribe now Know more Contact our team

Connect with our diverse group of IBM experts that can help you make your next big move.

Explore career opportunities

Join our team of dedicated, innovative people who are bringing positive change to work and the world.

Register now