Social engineering assessments
documented and delivered
Track phishing campaigns, physical access tests, vishing, and pretexting engagements. Document results, generate reports, and deliver findings through your branded portal.
No credit card required. Free plan available forever.
Track social engineering assessments and deliver actionable awareness reports
Social engineering assessments test the human layer of an organisation's security posture. Phishing campaigns, vishing calls, and physical access tests generate a unique type of data: success rates, target behaviour patterns, and qualitative observations about security culture. This data does not fit neatly into traditional vulnerability scanners or pentest report templates. Security teams often resort to ad-hoc spreadsheets and PowerPoint decks to present results, losing the structured data that makes social engineering assessments genuinely valuable.
SecPortal provides structured tracking for every type of social engineering engagement. Each attempt is logged as a finding with the attack method, target details, outcome, and supporting evidence. The platform calculates success rates automatically, segments results by department and attack vector, and generates AI-powered executive summaries with targeted training recommendations. The result is a professional deliverable that goes beyond "X% of staff clicked the link" to provide actionable intelligence that drives real improvements in security awareness.
Assessment types and tracking
Phishing Campaigns
Track email-based phishing simulations with metrics on delivery rates, open rates, click-through rates, and credential submission rates per target group.
Vishing (Voice Phishing)
Document phone-based social engineering attempts with call logs, scripts used, information obtained, and success/failure outcomes per target.
Physical Access Testing
Log physical intrusion attempts including tailgating, badge cloning, and pretexting with timestamped entries, locations accessed, and evidence photos.
Pretexting Scenarios
Record the cover stories and personas used during engagements, tracking which pretexts were effective and which were challenged by staff.
Success Rate Analytics
Automatic calculation of success rates across campaign types, target departments, and engagement phases for trend analysis and benchmarking.
Risk Indicator Mapping
Map social engineering results to organisational risk areas, identifying departments or processes most susceptible to human-layer attacks.
Evidence and result documentation
Every social engineering attempt in SecPortal is documented with the same rigour as a technical vulnerability finding. Structured data fields ensure consistency across assessors, while flexible evidence attachments capture the proof that makes findings credible and actionable.
- Log each social engineering attempt as a structured finding with target details, method used, outcome, and supporting evidence
- Attach screenshots of phishing emails, landing pages, captured credentials, and physical access evidence to each finding
- Categorise results by attack vector (email, phone, in-person) and target group (department, role, location) for granular analysis
- Track which security awareness training topics are most relevant based on the specific techniques that succeeded
- Record staff members who correctly identified and reported social engineering attempts for positive reinforcement metrics
- Maintain a historical record across engagements to measure whether awareness training is improving organisational resilience over time
AI-generated reporting sections
Executive Summary
High-level overview of campaign scope, overall success rates, and the most significant risks identified, written for non-technical leadership audiences.
Campaign Metrics Dashboard
Quantitative breakdown of all attempts, successes, and failures by attack vector, department, and time period with visual charts and tables.
Detailed Findings
Individual finding entries for each successful social engineering attempt, including the method, target, evidence, and specific recommendations.
Recommendations and Training Plan
AI-generated recommendations for targeted security awareness training based on which attack vectors and pretexts were most effective.
SecPortal elevates social engineering assessments from informal spot-checks to structured, repeatable security evaluations. By treating each attempt as a tracked finding with evidence and metrics, security teams can demonstrate clear value to clients, measure improvement over time, and deliver the targeted training recommendations that actually reduce human-layer risk. Whether you run quarterly phishing simulations or comprehensive multi-vector social engineering engagements, SecPortal provides the framework to document, analyse, and report your results professionally.
How it works in SecPortal
A streamlined workflow from start to finish.
Scope the assessment
Define targets, methodology, and success criteria for the social engineering engagement.
Document results
Log findings with evidence, screenshots, and success/failure rates. Use severity ratings for risk context.
Report to stakeholders
Generate executive summaries with AI. Deliver through the portal with recommendations for security awareness training.
Professionalise your social engineering delivery
From phishing to board report, all in one platform.
No credit card required. Free plan available forever.