Does RedTeam Pentesting do social engineering?

Social engineering is a specific type of attack that aims to exploit human weaknesses as an extension of attacks on a purely technical level. This approach can be surprisingly effective because the human factor often represents the weakest link in a company’s security chain.

However, conducting social engineering attacks as part of penetration tests is controversial. While the chances of success for such attacks are significant, the learning impact is usually limited to the immediate environment of the affected employees. Employees who are not affected typically cannot empathise with being targeted by these attacks themselves. From their perspective, social engineering attacks may appear too simple to be successful. Moreover, the execution of social engineering attacks can potentially damage the client’s work environment, as directly affected employees may feel betrayed by this approach. For these reasons, RedTeam Pentesting does not conduct social engineering attacks. However, it is generally assumed in the execution of penetration tests that social engineering attacks could be successful, allowing for testing of a company’s internal network under this assumption.