Dienst voor penetratietesten
Blijf voor op cyberdreigingen met deskundige tests die zwakke plekken blootleggen en verhelpen.
What Is Social Engineering?
Social engineering is the act of manipulating individuals into divulging confidential information or performing actions that compromise security. While most commonly seen in phishing emails, these tactics can also include:
Deepfake AI Phishing
Voice/video-based phishing
Smishing
SMS-based phishing
Social media impersonation
Physical intrusion
On-site
Social engineering engagements can replicate these attack vectors using tailored, real-world scenarios that measure employees’ susceptibility, and help improve it.
Get free consultancyOur Social Engineering Services
These tests simulate high-risk insider threats or attackers with physical access
Phishing Assessments
We craft sophisticated, personalized phishing campaigns using open-source intelligence (OSINT) and research on your organization. This guarantees highly realistic scenarios that accurately assess user awareness.
Features:
- Custom-designed phishing emails
- Simulated credential harvesting, malware payloads, and fake login portals
- Response tracking: opens, clicks, submissions, and reports
- Actionable reporting with risk scoring and remediation plans
Vishing (Voice Phishing) Assessments
Vishing tests use voice calls to simulate attackers coercing users into revealing sensitive data or taking risky actions. These engagements test your frontline teams’ readiness against persuasive human attackers.
Techniques used:
- Impersonation (e.g., HR, IT support, executives, vendors …)
- Pretexting with targeted personal/company info
- Social rapport building via multi-call campaigns
On-Site Social Engineering
Performs physical penetration tests to assess physical access controls and employee vigilance. Engagements may include:
- Tailgating into restricted areas
- Dropping infected USB drives (baiting)
- Use of fake credentials or badges
Phishing Simulation Services
Simulated Attacks. Real Results. Zero Risk.
Want to see how your employees react to a phishing attack, without the real-world consequences? Our fully-managed phishing simulation service helps you benchmark awareness, close knowledge gaps, and reinforce safe behaviors.
Fully Managed Service
We handle everything: setup, delivery, tracking, and reporting
Realistic Templates
Choose from a broad library (Office 365, invoices, fake CEO requests, Slack invites)
Custom Campaigns
Simulate advanced attacks including: QR code phishing, Business Email Compromise (BEC) and MFA fatigue attacks
Remote-Ready
Easily run phishing tests across remote, hybrid, or global teams
Phishing Simulation Options
Single Campaign: Run a one-time simulated phishing test to get a snapshot of your team’s current risk.
Ongoing Testing: Conduct regular phishing campaigns to build long-term resilience and security culture.
Phishing & social engineering
Emerging threats (QR code phishing, AI-driven scams, deepfakes)
Secure remote work practices
MFA, password hygiene, and secure email use
Social media risks
AI and safe use of new technologies
Physical security and data protection
We follow a structured, repeatable methodology to ensure consistency and quality across all social engineering engagements
Reconnaissances:
We start with a “black-box” approach, gathering open-source intelligence (OSINT) on your staff and infrastructure to replicate a real attacker’s process. This step is critical for both phishing and voice/social simulations.
Pretext & Payload Creation:
Custom attack scenarios are built for your organization:
- What tone or urgency works?
- Which domains or spoofed brands will appear most legitimate?
- What’s the goal: credentials, file downloads, or access?
Engagement Execution:
We deliver attacks via: Email, Phone, SMS, On-site visits.
Our assessments often simulate multi-vector campaigns, combining phishing with voice calls or SMS to build rapport before a final exploit.
Detailed Reporting:
You get a comprehensive, no-fluff report:
- Executive summary
- Individual engagement results
- Click rates, report rates, submission metrics
- Screenshots of email or call payloads
- Risk scores per user and department
- Next-step training recommendations
Awareness Training:
Post-assessment, we offer optional follow-up education:
- Live webinars or in-house training
- Recorded sessions
- Interactive awareness modules
- Tailored to address specific weaknesses uncovered in testing
Our Verified Pentest Credentials
Success Stories – Trusted by the best
Methodemeter
TeamViewer
DWS
Flexpress
c
FAQs
A Social Engineering Assessment tests your organization’s ability to recognize and respond to human-focused attacks, such as phishing emails, fake phone calls, or impersonation attempts. It helps identify security awareness gaps that technical controls can’t detect.
No, simulations are performed without prior notice to maintain realism. However, all scenarios are pre-approved by your organization and conducted ethically. Afterward, non-punitive feedback and learning are provided to employees.
We measure:
- Click/open rates on phishing emails
- Credentials submitted (if applicable)
- Response behaviors (e.g., replying, escalating, reporting)
- Time to report suspicious activity
All results are delivered in a detailed report with actionable recommendations.
We recommend simulations quarterly or biannually to maintain vigilance and measure training effectiveness over time. Frequency can be adjusted based on risk level and compliance requirements.
Yes. All phishing templates are custom-written and branded to reflect your organization’s style, tone, and workflows, making them more realistic and effective than off-the-shelf solutions.
We provide:
- A detailed report of findings
- Optional debriefs or awareness sessions
- Individual or group training modules
Recommendations for improving your people-centric security posture
neem contact op met
Let’s discuss your cybersecurity needs with us
Drop us a line and we’re just 1 click away to make your projects ready