Vishing Assessment Report Template
Engagement Details
| Field |
Value |
| Campaign ID |
VISH-YYYY-XXX |
| Client |
[Organization] |
| Period |
YYYY-MM-DD to YYYY-MM-DD |
| Total Targets |
XX employees |
| Pretext(s) Used |
[List of pretexts] |
| Assessor |
[Name] |
Executive Summary
[Organization] engaged [Company] to conduct a vishing assessment targeting XX employees across XX departments. The assessment measured employee susceptibility to social engineering pretext calls, specifically testing credential disclosure, verification procedures, and incident reporting behaviors.
Results Summary
| Metric |
Result |
Benchmark |
Status |
| Credential Disclosure Rate |
XX% |
<10% |
Pass/Fail |
| Sensitive Info Disclosure Rate |
XX% |
<20% |
Pass/Fail |
| Caller Verification Rate |
XX% |
>80% |
Pass/Fail |
| Security Reporting Rate |
XX% |
>50% |
Pass/Fail |
Call Log
| # |
Target |
Dept |
Pretext |
Cred Disclosed |
Verified |
Reported |
| 1 |
[Name] |
[Dept] |
[Pretext] |
Yes/No |
Yes/No |
Yes/No |
| 2 |
[Name] |
[Dept] |
[Pretext] |
Yes/No |
Yes/No |
Yes/No |
Department Risk Scores
| Department |
Targets |
Disclosure Rate |
Risk Level |
| Finance |
XX |
XX% |
Critical/High/Medium/Low |
| HR |
XX |
XX% |
Critical/High/Medium/Low |
| IT |
XX |
XX% |
Critical/High/Medium/Low |
Recommendations
Immediate (0-30 days)
- Implement mandatory callback verification for credential requests
- Issue security bulletin about vishing threats
Short-Term (30-90 days)
- Deploy role-based security awareness training
- Establish easy suspicious-call reporting mechanism
- Conduct targeted training for high-risk departments
Long-Term (90+ days)
- Implement quarterly vishing simulations
- Integrate vishing metrics into security KPIs
- Develop department-specific verification procedures