How Would Your Organisation Defend Against a Targeted Social Engineering Attack?

Book Now

NCSC Certified training that puts you in the shoes of the hackers. Train your team to be your greatest defence against social engineering attacks.

Social Engineering Training

Social engineering has proved to be one of the most prolific & effective means of attacking organisations of all sizes. Phishing attacks alone are responsible for over 80% of security incidents and 94% of Malware is delivered by email.

Cyber-attacks involving social engineering are rarely out of the headlines. Cases involving ransomware are hard to hide when all your systems are out of use, but apart from large scale ransomware and reportable data loss where a company has to tell a regulator, it is likely that a vast amount of social engineering attacks are going unreported.

This course equips your employees with the skills to identify & combat social engineering attacks such as not clicking malicious links or opening phishing emails. We follow nationally set standards and best practice to ensure you get the best awareness training possible for your employees.

Course Contents


The biggest attack vector. Learn how malicious emails are crafted and how to spot them.


Phone based attacks often used to gather intelligence for another attack. Learn how to spot and stop this attack.


SMS (text message) based attacks that can be used to collect personal information or user credentials.


A physical attack to gain access to your business & data. Learn strategies for challenging these attacks.


See the business impact of successful attacks and learn ways to improve security within their organisation.

What Our Students Say

Great Course – Really fun and really informative, as well as scary!

star star star star star

I found this course really interesting and useful, and also fun! I’m off to check how many friends I have on Facebook…

star star star star star

This was a fascinating training course. Such an eye opener especially for anyone who uses social media a lot. Has made me much more conscious about my awareness of scammers, hackers, and the various methods used.

star star star star star

A brilliant way to learn.

star star star star star

Great online training. Liked the pauses for us to carry out task and test to ensure our understanding.

star star star star star

Great Course – Really fun and really informative, as well as scary!

star star star star star

I found this course really interesting and useful, and also fun! I’m off to check how many friends I have on Facebook…

star star star star star

This was a fascinating training course. Such an eye opener especially for anyone who uses social media a lot.  Has made me much more conscious about my awareness of scammers, hackers, and the various methods used.

star star star star star


Certified Training

By having your teams complete a NCSC certified training course you can demonstrate a commitment to cyber security to your clients and know the content is in line with established best practice.

Fun and Engaging

Over the years we have received compliments from students and training managers on how refreshing the course is. We look at good security hygiene from a different perspective ensuring the student’s learning journey is fun, consumable and memorable.

Course Objectives


Understand what social engineering is and why it is so effective


Be able to spot the tell tale signs of manipulation and deception

Defend Yourself

Reduce your personal attack surface and be safer online

Defend Your Organisation

Block and report social engineering attempts in your organisation

Social engineering is a common attack vector

94% of Malware is delivered by email.
Phishing attacks are responsible for over 80% of security Incidents.
65% of cyber criminals used spear-phishing as their primary infection vector.
Remote workers have caused a security breach in 20% of organisations.

What people are saying

“Red Goat Cyber Security have created excellent, informative and interactive Social Engineering Awareness training which is suitable for all levels of staff. Lisa manages to get everyone excited about Information Security with her authentic and engaging presentation style. We are proud to call Red Goat Cyber Security one of our key security training providers.” – Deonne Prentice

star star star star star

“Red Goat were very helpful and provided an excellent training course that was really engaging and helpful to a wide range of our staff”.


“Excellent course and great scenarios. We would recommend this course to anyone, really informative and relaxed. Rarely is there a course that is both informative and enjoyable. Really good.”


This is an awareness level course. It is suitable for all company staff and has been designed to be practical and easily understood by anyone. Our clients often employ it to provide their “high risk” staff with more in-depth training.

All our NCSC certified social engineering courses are taught by award-winning cyber security expert Lisa Forte.

The course can be run remotely (Teams, Webex etc) or face to face if circumstances allow.

Students get a certificate of completion of a NCSC accredited course to evidence their training. This benefits their CPD and demonstrates your commitment to cyber security both to your clients & the ICO under the GDPR.

The course lasts for 4 hours Including the exam. This means your staff don’t miss an entire day off work so the course causes minimal operational disruption. Alternatively there is a 2 hour, non-NCSC certified course which has the core elements of the 4 hour course but is not certified by the NCSC. Contact us for more information.

With the abundance of cyber security training courses on offer it can be difficult for customers to identify highly competent trainers and good quality courses. NCSC Certified Training addresses this issue- providing customers with a choice of rigorously assessed training providers, thus they can feel confident they’ll receive training that is consistent with industry best practice.

We Need to Talk about Social Engineering

SOCIAL ENGINEERING within cyber security refers to the psychological manipulation of people into performing actions or divulging confidential information, either in person, over the phone or by message, text or email.

Social engineering is consistently one of the most effective cyber-attack vectors, used by script kiddies in their bedrooms to organised crime groups and nation state actors. It pervades film and popular culture and is the hallmark of fast-talking con-artists and secret agents.

Social engineering is frequently employed in espionage, romance fraud, sextortion, IP theft and getting grandmas to hand over their life savings. It is used in banking and credit card fraud, account takeovers, bitcoin scams, online gaming fraud and the theft of military technology.  It is cheap, requires little investment in technology and is highly adaptable and effective.

Social engineering is used to get all types of malware onto a network from backdoors to ransomware.

20 Years ago, the “I Love You” worm used the pretext of a love letter to spread to 50 million computers – 10% of the total number of computers on the planet at the time.

Today, social engineering has been used to hack major companies, social media accounts, small businesses and governments.

The APMG swirl device logo is a trademark of The APM Group Ltd. Use of this trademark on this with website has been authorised solely for marketing purposes. All rights reserved.

Get in touch to discuss how we can help you achieve your security awareness or resilience goals.

By submitting your message and your phone number and/or email address, you are permitting us to contact you by these means in response to your enquiry or feedback. You also acknowledge that you have read our privacy terms and that you consent to our processing data in accordance with them. Read our privacy policy here.

    Related Content

    voice cloning 35m USD

    Would You Fall For A $35m Voice Cloning Attack?

    A high tech vishing attack utilising voice cloning has lost a UAE bank 35 Million USD. What happened? According to the court documents: the Victim […]

    Read more
    Lisa Forte Defcon talk on Social Engineering and insider threat

    Defcon Talk: Using SE to create insider threats and win all the things

      Lisa Forte’s Defcon 2021 talk on social engineering and insider threat. Transcript to follow.

    Read more
    TV Licence anti scam email example

    The 5 Best Ways to Spot TV Licence Phishing Emails

    TV Licence Phishing Emails In the UK a licence is required to watch live TV in the home. With lockdown continuing and people’s reliance on […]

    Read more
    How to defend against a vishing attack

    What is Vishing?

    What is vishing? How to How to defend your organisation against telephone-based vishing scams

    Read more

    How voice assistants can be used to phish passwords

    We have seen a wealth of articles on the security and privacy issues around voice assistants. This week I came across and new and far […]

    Read more

    Online Radicalisation and Social Engineering

    Online radicalisation and social engineering There has been a lot of media coverage here in the UK about a young woman who previously left the […]

    Read more