Social engineering is the manipulation of people into revealing sensitive information, clicking malicious links, or granting unauthorized access - without hacking systems, but by exploiting human psychology.

Attackers bypass technology by targeting human instincts such as trust, urgency, and authority. This is why over 95% of data breaches involve human error.

Technical tools defend against known digital threats, but they cannot stop:
- Clicking on a realistic phishing link
- Trusting a spoofed email from a “CEO”
- Sharing credentials on a fake login page
‍
Continuous human-layer security training is essential to close this gap.

Modern phishing attacks are highly targeted and harder to detect. Common methods include:
- AI-powered spear phishing: Hyper-personalized emails based on OSINT.
- Adversary-in-the-Middle (AITM): Intercepting logins & MFA tokens in real time.
- Business Email Compromise (BEC): Impersonating executives to request payments or data.

Open-Source Intelligence (OSINT) is public data, from LinkedIn to press releases, that attackers use to:
- Personalize phishing messages
- Create deepfake voice calls using real dataSpoof vendor invoices with credible details
‍
revel8 uses OSINT in reverse: To simulate realistic attacks based on your measured OSINT risk profile.

We use adaptive playlists and gamified leaderboards:
- Content evolves in difficulty over time
- Scenarios avoid repetition
- Engagement and reporting rates improve month over month

Some employees may ignore simulations at first, but they become more attentive over time, as shown by rising reporting rates. Our playlists adapt to each person's security awareness level, giving well-trained employees fewer but more challenging simulations.

Yes. We blend:
- Instant micro-training after failed simulations
- AI-powered training avatars
- Customizable e-learning academy which consist of an extensive module library tailored to roles, risks, and compliance needs
- Admins can easily create new coursework based on pre-existing templates, via AI or from scratch

We cover all major phishing vectors:
- Email phishing
- SMS/text (smishing)
- Deepfake voice calls
- Voice phishing (vishing)
- Video meeting invites
- QR code baiting
- Credential harvesting
- Spambombing

If we don’t have a specific attack type you need - we build it within 24 hours.

Yes. You can:
- Upload your own phishing templates
- Request supply-chain or BEC simulations that mimic real vendor threats
- Use “Emergency Mode” to launch immediate, scenario-specific simulations during active threats

Almost none. revel8:
- Automates playlist creation & scheduling
- Offers a live dashboard to monitor progress

To get started, revel8 offers two ways to upload user information: You can either upload a CSV file in your admin center or integrate directly with most SCIM solutions (e.g., Microsoft Entra ID) & LDAP to sync the information for the relevant user groups.

Yes. Our Awareness Monitor helps track KPIs, and reported phishing emails can automatically feed into your SOC workflow.

We provide:
- Audit-ready logs of every simulation, lesson, and user action
- Benchmarks via our Human Firewall Index®
- Configurable data aggregation to protect privacy while measuring performance
- SIEM-ready exports for real-time compliance monitoring

By default, we report at the group level to meet GDPR. Individual reporting is possible with employee consent - often used for high-risk roles.

CISOs and security managers should focus on:
1. Awareness score: Aggregated performance indicator
2. Reporting rate: % of phishing attempts reported
3. Interaction rate: Fewer risky interactions over time
4. Ignore rate: Threats ignored or missed
5. Engagement trends: Team participation patterns