A · Assessment

Social engineering and phishing testing.

People are the most targeted part of any organisation. We test the human layer with realistic phishing and social-engineering campaigns, and help your team get better at spotting them.

Get an assessment

Why it matters

Most breaches start with a person, not a server: a convincing phishing email, a phone call, a tailored message. You can have strong technical controls and still be one click away from an incident. Testing the human layer shows you where the real risk is.

How we do it

We run realistic, agreed campaigns, including phishing and other social-engineering techniques, scoped to be safe and useful. We measure how people respond, identify the gaps, and turn the results into targeted training rather than blame.

Phishing simulation
Pretexting
Awareness training

What you get

Scoped, realistic campaigns
Phishing and human-layer testing
Response and click-through analysis
Findings by team and risk
Targeted awareness training
A plan to build a security culture

Frameworks & rigor

Named standards, real rigor.

We work to the standards your auditors and customers recognise, and certified practitioners do the work on every engagement.

MITRE ATT&CKPTESAwareness training

Team credentials: OSCP · CISSP · CISA · CEH · ISO 27001 Lead Auditor.

Why Singahi

What you get with Singahi.

One team, end to end

Compliance, assessment and managed security from one partner that grows with you.

Credentials on the actual team

OSCP, CISSP, CISA, CEH and ISO 27001 Lead Auditor, on every engagement.

AI-assisted and manual

Automation for scale, with people for the judgment that actually matters.

Built to prove it

Evidence your customers, investors and regulators recognise.

FAQ

Questions, answered

Isn't this just sending fake phishing emails?

That is one technique. Real social engineering also includes pretexting and phone or message-based approaches, scoped safely. The goal is insight and training, not catching people out.

Will this embarrass our staff?

No. We design it to be constructive. Results are about patterns and training, not naming individuals.

What happens after the test?

We turn the results into targeted training, so the people and teams most at risk get the most help. The point is to improve, not just to score.

Can you test more than email?

Yes. Alongside phishing we can test phone (vishing), text, and physical approaches where it is in scope and agreed in advance.

How do you keep it ethical?

Everything is agreed and scoped with you beforehand, run carefully, and reported in a way that helps people learn rather than naming and shaming individuals.

Across the lifecycle

Related services.

Derisk. Build Trust.

Prove your security. Close the deal.

Tell us what's prompting this, whether a questionnaire, an audit deadline or an investor ask. We reply within four business hours.