Social engineering: make humans the strongest link

Social engineering is a type of attack in which the attackers rely on human interaction to gain access to confidential information or resources. It is a form of manipulation used by attackers to trick people into disclosing sensitive information or performing certain actions.

Attackers use social engineering techniques to take advantage of people’s natural tendency to be helpful and gain trust. In short, they employ psychological manipulation to which every human being is susceptible to some degree. After all, in the information security triangle of processes, techniques and people, people are the most fallible. By conducting social engineering exercises, employees become more resilient in recognizing the techniques used and you as an organization can make humans the strongest link.

Security awareness for security awareness in the workplace
Mystery visit

Mystery guest visit

Can malicious people visit your organization and exploit physical and digital vulnerabilities? Test it with a mystery guest visit.


USB dropping

There is a USB on the floor, possibly infected with malware. How is this being responded to? We test that with our USB drop actions.

Phishing simulations

Phishing simulations

Gain insight into your employees' current awareness using phishing simulations customized by our ethical hackers.

Voice phishing

Voice phishing

Prepare your organization for a cybersecurity incident with a dry-run that mimics an incident.

Social engineering: make humans the strongest link


Can a hacker succeed in conducting targeted phishing attack? Our spear phishing simulation measures the awareness of specific individuals within the organization.


NFIR Social engineering

Are you interested in one or more social engineering solutions and want to strengthen the human firewall in a sustainable way? If so, please contact one of our account managers.

Why is security awareness so important?

By conducting a social engineering survey you will get a picture of your organization’s human resilience. Our security consultants use scenarios that are also used in practice by real attackers. The results We document the results in a clear, clear report with a brief management summary. Discretion and anonymity of those involved is always guaranteed. NFIR offers the following social engineering services: mystery guest visits, USB dropping, mail phishing, spear phishing, voice phishing and smishing.

Social engineering services in brief: phishing simulations and location tests

Our social engineering service can be divided into two categories: phishing simulations and location testing. These categories are divided into different services that you can purchase separately or together.

Phishing simulations

  • Mail-phishing is a form of cyber-attack in which malicious people send emails that appear to come from a legitimate source to gain access to sensitive information such as login credentials to your systems.
  • Spear phishing is a targeted phishing attack designed to gain access to sensitive information such as passwords, financial information or other confidential data. In certain situations, it may even be possible to take over your employee’s system via a document sent along.
  • Voice phishing is a type of social engineering attack in which an attacker uses a phone to try to trick a victim into providing sensitive information such as login credentials. It is also known as vishing.
  • Smishing is a type of phishing attack that uses text messages to trick victims into providing sensitive information or downloading malicious software. It is a form of social engineering that attempts to trick victims into taking action that may compromise their security.

Location Testing

  • Mystery guest visits are a security assessment technique in which a person poses as a customer, employee or technician, for example, to test the security of a facility or system. It is used to identify potential security issues and assess the effectiveness of security policies and procedures. Spyware, malware and/or(hard)ware may also be left behind during a mystery guest.
  • USB dropping is a form of cybercrime in which malicious actors use USB devices to access a computer system and steal data or install malware on your systems.

Become resilient against the most common technique used by cybercriminals

Besides techniques and processes, people are the most important link in reducing the likelihood of an incident.
Social Engineering gives you a good idea of how strong your human firewall is.

Social engineering is a type of attack that relies on human interaction to gain access to confidential information or resources. It is a form of manipulation used by attackers to trick people into disclosing sensitive information or performing certain actions.

Social engineering is among the basic techniques used by cybercriminals and underlies most cyber incidents. This technique mainly plays on your organization’s employees, as social engineering exploits human traits such as the desire to be helpful. By making your organization more resilient to social engineering techniques, you strengthen the human factor. An indispensable link in the triangle of techniques, processes and people.

Organizations’ IT departments often go to great lengths to ensure that technical resilience is as high as possible. Information security is just more than the technical side. Many security incidents and data breaches do not arise from technical failure but often from unconsciously incorrect actions by employees.