Test the human firewall
Spear phishing, vishing, physical intrusion. A full red-team assessment of the human layer — with a report the board will actually read.
Who is it for?
- Financial institutions
- Executives and C-level
- High-value-target organisations
- Companies preparing for NIS2 audit
- Organisations after a failed phishing simulation
Outcomes
Realistic attack simulation
Not a generic phishing test — a targeted spear-phishing campaign against specific high-value roles, with custom pretexts.
Vishing (voice phishing)
Phone-based attacks on IT support, finance and HR. We test real-world BEC and helpdesk-bypass scenarios.
Physical intrusion (optional)
Tailgating, badge cloning, reception bypass — we try to reach the server room without an invitation.
Board-ready storyline
The report reads like a story — attack timeline, decisions, failures, lessons. Perfect for board communication.
Immediate re-training
Anyone who clicked or disclosed information gets a same-day educational follow-up.
NIS2 / DORA evidence
Documented evidence of social engineering testing — required under NIS2 and DORA.
Red-team methodology
- 01
Rules of engagement
Targets, out-of-scope people, safety rules, white team (who knows), escalation contact.
- 02
OSINT & pretext design
We build realistic pretexts from public information — LinkedIn, company website, leaked data, social media.
- 03
Execution
Spear phishing waves, vishing calls, optional physical intrusion. Everything logged and evidenced.
- 04
Report & debrief
Report in 7 business days + live board debrief. Immediate re-training for affected employees.
Frequently asked questions
Is this legal? Is it safe?
Won't this demoralise employees?
How big is the target group?
How long does it take?
Do we need HR and legal approval?
Plan a social engineering test
30-minute scoping call, we propose targets, pretexts and schedule.