For years, security teams have focused on email as the primary attack surface. That made sense: email was where phishing started, where work happened, where links lived, where users were trained to be cautious.
But the way people work has fundamentally changed. Conversations have moved out of inboxes and into meetings. Decisions are made live, over conference calls, often under time pressure and with incomplete information.
Attackers have noticed.
We’re seeing a clear shift: social engineering is no longer confined to written messages. It’s happening in real time through impersonation, deepfakes, and carefully orchestrated meeting scenarios designed to exploit trust:
- An urgent request from a “leader”
- A vendor asking for sensitive access
- A last-minute change discussed verbally instead of documented
These are harder to detect, harder to train for, and until now, largely untested. Yet most security programs are still preparing employees for threats that arrive in an inbox, not ones that join a meeting.
That gap is exactly what we set out to close.
Today, we’re introducing Zoom Meeting Simulations, the first solution in the industry designed to simulate real-world attacks that happen inside live Zoom meetings.
How Attacks Play Out in Live Meetings
This isn’t just another training module or static scenario. Zoom Meeting Simulations recreate the dynamics of an actual meeting environment: live conversation, social pressure, ambiguity, and the subtle cues that attackers exploit. Instead of asking employees to identify suspicious emails, we place them in realistic meeting situations where they have to make decisions in real time.
For example, an employee might join a Zoom call that appears to include a familiar executive or partner. During the meeting, they’re asked to share sensitive information, approve a request, or take an action that bypasses normal processes. There’s no “hover over the link” moment. No obvious red flags. Just a conversation that feels legitimate—until it isn’t.
Or, a user may join a call with an attacker masquerading as an HR representative with a performance update, or an IT analyst who’s helping them reset their password due to suspicious activity. They’re asked to verify their personal information, screen share, or hand over remote access to their device. The user concedes, wanting to be helpful and cooperative, and the attack takes root in seconds.
This is where traditional training breaks down. And it’s exactly where Doppel’s Zoom Meeting Simulations are designed to operate.
Doppel Brings Human Risk Management Into the Meeting Room
By extending simulations into Zoom, we’re meeting employees where work actually happens today. The experience is immersive but controlled, allowing organizations to safely test how people respond to high-stakes, real-time scenarios. More importantly, it surfaces behaviors that would otherwise go unseen: hesitation, compliance under pressure, or the tendency to trust familiar faces without verification.
What makes this fundamentally different—and why it’s the first of its kind—is that it treats meetings as a primary attack surface, not an edge case. We’re not adapting email-based training to a new format. We’re building a new category of simulation that reflects how modern attacks actually unfold.
And the insights go beyond individual performance. Security teams can identify patterns across the organization: where employees are most vulnerable, which types of requests are most effective, and how social dynamics influence decision-making. This enables a more targeted, realistic approach to strengthening human defenses.
The shift from inbox to meeting room is already underway. Attackers are exploiting it. Now, organizations can prepare for it.
Zoom Meeting Simulations are available starting today.
