New HRM Capabilities Built for How Attacks Actually Happen

Raising the Bar for Human Risk Management: New Capabilities Built for How Attacks Actually Happen

Attackers don’t think in silos. They chain tactics, adapt in real time, and exploit human trust across channels. Human Risk Management programs should do the same.

Today, we’re excited to introduce several new capabilities in Doppel’s Human Risk Management solution. These features are designed to reflect how modern social engineering attacks unfold, while giving security teams clearer insight into where risk lives and how it’s changing over time.

These updates push simulations further, make training more relevant, and turn user-level data into defensible, board-ready evidence of risk reduction.

Multistep, Coordinated Attacks: Simulating the Real World

Social engineering attacks are rarely single-threaded anymore. A call leads to a message. A message leads to a code. Attackers seamlessly traverse channels and the pressure never lets up.

With multistep simulations, Doppel can now simulate these exact attack chains. Voice-cloned attackers actively engage a target on a live phone call while simultaneously sending email verification codes, in response to objections during the call. For instance, if a user pushes back that they don’t share sensitive information over the phone, or don’t have time to complete the necessary steps, Doppel’s voice agents can seamlessly move the conversation to a different channel – just like real adversaries do during account takeover attempts.

This capability allows organizations to test:

• Whether users recognize suspicious behavior across multiple channels
• How users respond when attackers escalate urgency mid-conversation
• The effectiveness of existing controls and training in high-pressure and dynamic scenarios

The result is a more realistic assessment of human risk. It’s one that mirrors modern attacker playbooks instead of oversimplified one-off tests.

Take a look at our multistep simulations here.

QR Code Phishing Simulations: Squishing the Threat of Quishing

QR codes have quietly become a favorite tool for attackers. They bypass traditional link scanning, feel familiar to users, and are increasingly common in message-based lures. And, visual cues often elicit faster reaction times from target users than URLs.

Doppel simulations now support QR codes in message-based simulations, enabling organizations to safely test how users respond to QR-based prompts in messages. This helps security teams identify emerging risk tied to mobile-first workflows and get ahead of a technique that’s rapidly gaining traction among attackers.

As attackers evolve, simulations need to keep pace. This is one more step toward closing that gap.

Custom Content Creation: Training Built for Your Organization

Generic training doesn’t change behavior. Context does.

Doppel’s new Custom Content Requestor makes it easy for customers to request tailored security awareness training directly in Doppel. Teams can specify goals, source materials, length, visual aesthetic, and branding to submit content requests specific to their business needs.

From there, Doppel’s white-glove content team delivers high quality, relevant, organization-specific training content with faster turnaround and less friction. The result: Training that actually reflects your environment and the unique needs of your business.

When training aligns with real risk, it’s far more likely to stick.

User Risk Report: Clear, Defensible, Holistic Insights into Risk

Knowing that risk exists isn’t enough. Security teams need to show where it lives, what it impacts, and how it’s changing.

Doppel’s new User Risk Report moves beyond simple metrics like link clicks and data submissions, to provide a clear picture into risk with trends, susceptibility, and progress over time. This offers a concise, defensible summary of individual risk, including:

• Clear strengths, weaknesses, focus areas, and confidence indicators per user
• Personalized recommendations based upon user behavior
• Visual graphs and stat cards showing performance over time: clicks, data submissions, pass/fail rates, and momentum
• Concrete, user-level evidence that demonstrates how risk is being reduced through the program

These reports shift from simple clicks and data submissions, to offer a holistic evaluation of risk at the user level. They give security leaders a straightforward way to explain risk to stakeholders, justify investments, and prove that Human Risk Management initiatives are moving the needle in the right direction.

Built for How Attacks—and Defenders—Actually Operate

Taken together, these new capabilities reflect a simple idea: effective Human Risk Management has to mirror reality.

With multistep vishing simulations, QR code testing, streamlined custom training, and clear user-level reporting, Doppel continues to help organizations understand, measure, and reduce human risk—based on evidence, not assumptions.

If you’d like to see these features in action, watch a demo in our on-demand webinar.