Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

Social Engineering Services

Every social networking exercise URM conducts is totally tailored to your organisation

Social Engineering Services

URM has developed an effective methodology aimed at determining and measuring user awareness and vigilance to phishing attempts and processing of incoming third-party emails.  Working closely with sponsors from your organisation, we will develop micro websites and a campaign of orchestrated emails aimed at inducing users to open the email, click on a link and provide sensitive information e.g., passwords.  When developing the micro websites and emails, URM is highly proficient at imitating the intended email/website and evolving and modifying the campaign as users begin to interact with the emails, looking to exploit a range of human emotions, e.g., fear, greed, urgency, helpfulness and curiosity.  

At the end of the exercise, through the use of our tracking software, we are able to report back on the number of users who potentially exposed the organisation to the risk of a data breach or to malicious software.  Once completed, the results of the exercise can then form a very powerful component of any staff awareness programme. By referring to the actions of personnel from the actual organisation, cyber risk is no longer an abstract term but something users can practically relate to.  Having been involved in numerous social engineering campaigns, URM has found such exercises to be effective in not just raising awareness but in changing behaviour.

Get in touch

Please note, we can only process business email addresses.

Why URM?

Tailored solutions

Every social networking exercise URM conducts is totally tailored to your organisation.  Working with sponsors, we will aim to understand particular concerns, threats or issues and develop fully customised campaigns.  In terms of recipients of emails, this can again be the whole organisation or specific functions or departments.  In addition to cyber-related exercises, URM is also able to develop physical and telephone-based social engineering exercises, e.g., imitating members of the IT Department and asking users to reveal confidential information.

Getting the balance right

Getting the balance right is absolutely central to the success of any social engineering campaign.  For example, when coming up with microsites and emails in a phishing exercise, it is important to produce something which has a similar look and feel whilst including a number of ‘give away’ discrepancies (e.g., domain names, spelling errors) that should be picked up the users.  URM is highly skilled at achieving the optimum balance in this respect.

URM is also conscious of the need to develop effective and challenging exercises but at a reasonable cost and working to a specific budget.

Cyber Essentials FAQ

Mitigating Cyber Risks: Why Cyber Essentials Matters More Than Ever

Published on
12/12/2024

URM’s blog highlights the growing threat to cyber security in the UK and the importance of the Cyber Essentials scheme in mitigating these risks.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
14/11/2024
Cyber Essentials – What’s Changing in 2025?

URM’s blog discusses upcoming changes to Cyber Essentials, including the changes seen in the Willow Question Set and how they may impact your organisation.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
24/10/2024
Enhancing Security in the Software Supply Chain

URM’s blog discusses the security risks associated with the software supply chain & how both software developers and their clients can mitigate these risks.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
22/8/2024
Pitfalls to Avoid in your Penetration Testing Programme

URM’s blog explores common pen testing mistakes & how to avoid them, and simple improvements you can immediately implement to enhance your security posture.

Read more
"
The partnership approach URM takes is genuine. Our relationship with URM is not hard-nosed or overly commercialised, and feels much closer to a partnership arrangement than any other security consultancy providers we have worked with. If we had a new piece of work that we needed external help with, URM would be our first port of call for assistance.
CISO at University of Surrey
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.