Case Study

How a municipality doubled its resilience against vishing

28 Nov 2025 · 6 min leestijd · Lara Hemstede

A mid-sized Dutch municipality found that employees were regularly sharing confidential information over the phone. After an initial assessment by DeepCalls, only 35% of the test calls turned out to be handled correctly.

The starting point

Employees were aware of digital threats, but they had not been trained to recognise telephone-based social engineering. Verification procedures existed on paper, but were rarely followed in practice.

The approach

DeepCalls carried out a series of realistic voice phishing simulations, followed by a detailed process analysis. Based on the findings, verification procedures were tightened and employees were trained.

The result

During the follow-up assessment six months later, the percentage of correctly handled calls had risen to 78% — more than double. The municipality has since incorporated structural assessments into its security policy.

Meer artikelen

Awareness 6 min

What is voice phishing? A complete explanation

Voice phishing (vishing) is a form of social engineering over the phone. Learn how it works, which techniques attackers use, and how to protect your organisation.

Lara Hemstede • 18 Mar 2026

Research 7 min

The danger of voice phishing: why your organisation is vulnerable

Voice phishing causes millions in damage every year. From data breaches to CEO fraud: discover the concrete risks and how attackers operate.

Lara Hemstede • 24 Feb 2026

Trends 7 min

Why voice phishing is an underestimated risk

Most organisations invest heavily in cybersecurity but forget the phone. Why vishing stays under the radar and what that means for your security posture.

Lara Hemstede • 15 Jan 2026

Benieuwd hoe weerbaar uw organisatie is?

Plan een kennismakingsgesprek en bespreek welk assessment past bij uw risicoprofiel.

Kennismaken