Employees who can be misled are one of the most serious non-technical information security threats to an organization. Using agreed rules and methodologies, we execute social engineering attacks and prepare action plans for the company based on our results, in order to avoid similar incidents. Our audit can be paired with a security awareness training, so that employees become more aware of attackers’ techniques and of the importance of safety measures to be complied with.