You think your security is cyberproof. Until we call...
At DeepCalls, we test the extent to which employees share or change confidential information or personal data over the phone, without proper authentication.
What does DeepCalls do?
DeepCalls conducts realistic voice-phishing simulations to test how resilient organisations are against vishing, a specific form of phishing in which attackers try to extract information over the phone. This form of social engineering is a common cause of data breaches, privacy breaches and wider cyber attacks..
We approach your organisation as attackers do: with smart questions and convincing scenarios. This way, we not only make visible what information is shared or modified , but also whether procedures and processes are really being followed in practice.
In addition, we offer training and follow-up advice to make employees aware of risks and permanently strengthen your organisation's resilience.
With DeepCalls, you not only gain insight into vulnerabilities, but also strengthen your organisation’s resilience — reducing the risk of social engineering, data leaks, and wider cyber attacks, while supporting GDPR compliance.
did you know that
The number of voice phishing attacks has increased 442% in the past year?
60% of all data breaches are caused by human activity?
Almost all cyber attacks - some 98% - start with some form of social engineering?
How does it work?
In four steps, you will gain clear insight into how employees deal with social engineering and where risks of data leaks arise - and how to mitigate them.
Tailor-made scenarios
We define scenarios together and tailor them fully to your organisation, processes and risk points.
voice-phishing
We conduct the voice-phishing simulations using scenarios we define together, assessing how employees respond to unexpected requests and calls.
No-nonsense reporting
You will receive a clear report detailing the interviews, what went well and where things went wrong, including conclusions and concrete recommendations.
Training and follow-up
We offer (optional) targeted training and follow-up advice so that employees learn to recognise social engineering, better understand GDPR risks and make your organisation permanently resilient.
Organisations we worked with
About deepcalls
DeepCalls was founded by Lara Hemstede, with a decade of experience in information security. From her work as a speaker, trainer and cyber security consultant, she saw how vulnerable organisations are to social engineering over the phone - often the starting point of data breaches and GDPR incidents.
With DeepCalls, she helps organisations identify these risks in time, review processes and procedures and make employees more aware and resilient against social engineering.
- More than 10 years of experience
Real conversations. Real risks. real insights.
Social engineering often starts with a simple phone call. Our voice-phishing show where your organisation is vulnerable and help prevent or significantly reduce data breaches and GDPR incidents.
Our services
From realistic voice-phishing simulations to targeted training, we strengthen the human layer in your security, increase employee awareness and reduce the risk of data breaches, privacy and security incidents.
Voice-phishing
We conduct realistic phone tests that show whether procedures are followed in practice and where sensitive information is unintentionally shared or modified, allowing you to make targeted improvements and reduce risks.
Training & advice
Targeted training and follow-up based on test results. Employees learn to recognise social engineering and handle information securely and according to guidelines
awareness campaigns
Structural campaigns to raise awareness within the organisation. From posters to microlearnings and internal challenges - aimed at lasting behavioural change.
Our experience shows
Our experience shows that in about 60-80% of voice-phishing simulations, sensitive information is shared or modified. This ranges from personal data to financial or company confidential data.
Business-sensitive information
Internal strategies, customer data and product details are revealed, risking reputational and competitive damage.
Customer and file information
Confidential information from client files or personal cases is shared with someone posing as a family member or official agency.
Access and authorisation data
Internal access rights or accounts are modified without control, allowing unauthorised persons to access systems or data.
Medical and financial data
Sensitive information from medical records, legal documents or financial statements is shared after persuasive questions or deception.
Payment and authorisation details
Account numbers, authorisations or payment instructions are changed by unauthorised persons, resulting in financial losses.
Personal and identity data
Name, address and contact details provided without verification, with risk of identity fraud and GDPR violations
Testimonials
Lara works for a variety of organisations and government bodies as a speaker, trainer and cyber security consultant. Here’s what they say about working with her.
Meral Aktan
CISO Municipality of Amstelveen Aalsmeer
Lara gave an interesting and impressive lecture at the municipality of Amstelveen during the Week of Safety. The audience was very enthusiastic about her way of speaking as well as her knowledge and expertise on the subject.
Trienke Hammink
Policy officer awareness Municipality of Utrecht
What an excellent speaker Lara is! Her lecture on cybercrime is engaging and inspiring. She explains complex topics clearly, interacts naturally with her audience, and provides concrete, actionable tips. Her professional and flexible attitude also makes her a real pleasure to work with.
Roseanne de Kloe
Sr advisor awareness Rijkswaterstaat
Lara gave an inspiring lecture on cybersecurity at Rijkswaterstaat. Lara had immersed herself well in our target group, making it a good fit. With her personal story and practical knowledge, she managed to captivate employees.
How well do your employees recognise deception?
One phone call can be enough for a data breach. Do you know how well your organisation is protected against human error, security risks and privacy incidents?
Frequently asked questions
Below you will find answers to the most frequently asked questions. Is your question not among them? Feel free to contact with us.
DeepCalls conducts all mystery calls within the framework of the GDPR. We never more personal data than strictly necessary and process all findings anonymous and confidential. No unauthorised recordings are made and all data is stored and processed securely.
All the information we collect during a test is used exclusively for reporting. Data are not shared with third parties, recorded anonymously and securely deleted after completion of the project. Confidentiality is always paramount at DeepCalls.
We determine this together. Typically, we perform 4 to 10 calls per assessment, with the option to run the programme 4 or 6 times a year, or to scale up to larger call volumes for broader insight.
Costs depend on the number of calls, the complexity of the scenarios and any follow-up services such as training or consultancy. During a no-obligation introductory meeting, you will receive a clear, tailor-made offer..
You usually receive the report within 5 working days after the last mystery call. This contains summaries of the calls, concrete findings, areas for improvement and recommendations.
Yes. In addition to voice-phishing simulations, we provide targeted training, awareness sessions, and advisory support to strengthen employees’ understanding of social engineering and to help design GDPR-proof processes. This way, we work together towards a structurally resilient organisation.