✅ NIS2 supported
🇧🇪 PHISHING SIMULATION TRAINING · BELGIUM

Your staff clicks phishing.
We make them stop.

Fluxive sends realistic phishing simulations to your team. Employees who click receive a personalised AI lesson in Dutch, French, or English — automatically. You provide the employee list. We handle the rest.

🚀 Book a free demo See how it works →
✅ NIS2-supported 🤖 AI-personalised lessons 🔒 GDPR-aware 🇧🇪 Belgian SMEs ⚡ Quick setup
How Fluxive phishing simulation training works

Four steps. Fully automatic.
Zero IT involvement.

📂 Drop your employee list here

You send us your employee list

Everything runs automatically. No software to install, no training sessions to manage, no manual reporting. Just results.

5 employees detected GoPhish engine Zero employee notice
📧 Outlook — Phishing simulation
I
ING Belgium Security security@ing-verify-account.net
Step 01
Step 02
⚠️ Urgent: your password expires in 24 hours
← fake domain

We launch a realistic phishing simulation

Name, email, department, preferred language. We handle the entire campaign setup — templates, scheduling, and delivery.

From: training@fluxive.be From: training@fluxive.be Real-time data
📊 Risk dashboard
4📊 Campaign Results
6📊 Campaign Results
3Improving
27Employees
Reset password now
Urgency
Authority
Invoice
IT Reset
03 — TRAIN

AI sends a personalised lesson within minutes

We send convincing fake emails impersonating Microsoft 365, Teams, DocuSign, HR payroll tools, or your CEO. We track every open, click and credential submission.

🇳🇱 Nederlands 🇫🇷 Français 🇬🇧 English Per employee
🤖 AI lesson — Charlotte
🎯 Fluxive detected — 3 red flags found
Step 03
🔐 IT Reset Lesson · 2 min read
Dear Charlotte,
Your account password will expire in 24 hours. Reset your password immediately using the secure link below.
Your IT Reset lesson — Microsoft 365
Hello Charlotte, you received a fake Microsoft email today and clicked the link. Here is exactly what to look for next time so you can spot it within seconds.
🇳🇱 NL 🇫🇷 FR 🇬🇧 EN
04 — PROVE

You see results. You receive the documentation report.

Every employee who clicked receives a 2-minute AI-written lesson targeting their exact failure — in their own language. No scheduling. No training day. No generic content.

NIS2 Art. 21(2)(g) CCB CyFun® Basic PDF download
📋 NIS2 Training Report
📋
NIS2 Training Documentation Fluxive Activity Report
SAMPLE
organisationBXL Legal Partners
frameworkCCB CyFun® Basic
articleNIS2 Art. 21(2)(g)
completion rate100%
Training Programme Active
Six pillars of the service

Complete phishing training.
You just provide the employee list.

We operate your entire email security awareness programme — from campaign design to compliance documentation.

Start your free demo →
🎯

AI-Written Personalised Lessons

Not a video. A 400-word lesson written by AI for this specific employee, targeting their exact failure, in their language — sent automatically within minutes of the click.

Avg click rate
reduction 🤖

25 Belgian Attack Templates

Built from real 2026 attack data. Microsoft 365, Teams, DocuSign, bpost, ING, HR payroll, CEO fraud. Updated quarterly to mirror what's hitting Belgian SMEs now.

Explore attack types 📊

Live Risk Dashboard

Per-employee vulnerability scores across 5 attack types. Watch risk drop from CRITICAL to LOW over months of targeted training.

See the dashboard 🌐

NIS2 Training Documentation

Each campaign generates a CCB CyFun® aligned report supporting Article 21(2)(g). Download and share with your legal advisor or cyber insurer.

View sample report 📋

Fully Managed. Zero IT Required.

Campaign scheduling, template updates, lesson delivery, report generation — all handled. You review monthly results. That's it.

How we run it 🌍

Trained in NL · FR · EN

Every employee gets the lesson in their preferred language. Same product, three languages — no toggle to flip, no extra setup.

See language pillars
Proven localisation — not just translation

Every employee gets trained
in their own language. Automatically.

AI lessons are generated in the employee's language from Prisma — completely independent of which page URL they visited. This isn't a toggle. It's how the product works.

01

Realistic simulation — not theoretical training

Your employees encounter actual phishing techniques — AiTM, CEO fraud, fake invoices — in a controlled environment before the real attack arrives.

02

AI personalisation — not generic content

Every lesson is written for the specific employee who clicked, targeting their specific weakness type, in their language. Generic training achieves near-zero retention.

03

Measurable evidence — not a black box

Every campaign produces a CCB CyFun® aligned PDF. You can show your insurer, auditor, or legal advisor exactly what training was delivered and when.

−73% Click rate reduction
−20% Employees protected
100% NIS2 documentation
24h Setup time
Active Threat Intelligence — Enterprise

The attacks that hit companies,
not just inboxes.

These are not consumer scams. These are sophisticated, AI-assisted attack chains used against Belgian and European companies in 2024–2026 — targeting employees who work with finances, documents, and executive communications.

$2.8B BEC losses 2024 (FBI IC3)
€42M Lost in Belgium 2025 (CCB)
94% of breaches start with email
AiTM · MFA Bypass 🔴 CRITICAL
T1557 · T1566.002

DocuSign AiTM — MFA Bypass

A CFO receives a legitimate-looking DocuSign signing request. Clicking the link routes through an adversary-in-the-middle proxy that silently captures their Microsoft 365 session token — bypassing MFA completely. The attacker now owns the account.

DS
DocuSign Tuesday 09:14
dse@docusign.net SPOOFED ↗ 📝 Thomas Dubois has sent you a document to sign: "Q4 Acquisition NDA_FINAL.pdf"
📄
Q4 Acquisition NDA_FINAL.pdf Sent via DocuSign · Expires in 48 hours
REVIEW DOCUMENT →
1Click → AiTM proxy (not DocuSign)
2Real M365 login page served live
3Session token captured — MFA bypassed
Real-world impact: Full M365 mailbox access. Attacker monitors for pending wire transfers, then intercepts at the right moment — replacing legitimate beneficiary IBANs with their own.
🟠 HIGH Credential Harvest · ATO
T1566.002 · T1078

Microsoft 365 SharePoint Lure

An internal-looking email notifies an employee about a shared SharePoint file. The link leads to a pixel-perfect M365 login clone. Once credentials are entered, the attacker uses them to move laterally through the organisation — accessing Teams, OneDrive, and email.

M
Microsoft SharePoint Thursday 14:33
no-reply@sharepointonline-notifications.com 📁 [EXTERNAL] Sarah Lambert shared "H1_Financial_Report_CONFIDENTIAL.xlsx" with you
📊
H1_Financial_Report_CONFIDENTIAL.xlsx Shared by: sarah.lambert@yourcompany.be
Open in SharePoint →
1Fake domain mimics Microsoft
2Cloned M365 login page displayed
3Credentials stolen — full tenant access
Real-world impact: Lateral movement across the entire Microsoft tenant. Access to Teams chats, OneDrive files, calendar — and from there, more sophisticated attacks like internal CEO fraud become possible.
🔴 CRITICAL Whaling · AI-Crafted
T1598.003 · T1657

AI-Crafted CFO Whaling (BEC)

Using AI, attackers craft a hyper-personalised email to the CFO during a known acquisition period (scraped from LinkedIn/press releases). The email mimics the CEO's writing style — extracted from publicly available interviews — and requests an urgent wire transfer.

JD
Jean Dubois — CEO Friday 17:52
j.dubois@yourcompany-group.com LOOKALIKE ↗ 🔒 Confidential — urgent payment for Nexum acquisition closing

Hi Marc,

The Nexum acquisition closes Monday. Our M&A counsel confirmed we need to wire €487,000 to escrow by 18:00 today — I'm in meetings in Paris and can't call.

Please process discreetly. I'll call you first thing Monday.

Jean

1LinkedIn/press releases scraped for context
2AI generates CEO-style text + timing
3End-of-week urgency forces rushed decision
Real-world impact: Arup (Hong Kong, 2025): US$25.6M transferred via AI deepfake video call. Belgian firms lost €42M to CEO fraud and Business Email Compromise in 2025 alone (CCB).
🟠 HIGH Supply Chain · Account Takeover
T1586.002 · T1657

Compromised Vendor — Invoice Bank Swap

The attacker silently compromises a real vendor's email account, monitors ongoing invoice conversations for weeks, then intercepts at the exact moment an invoice is expected — replacing the bank details with their own. The email comes from the real vendor address.

VP
Van Peteghem & Partners Wed 08:12
invoicing@vanpeteghem-partners.be COMPROMISED ↗ 📎 Invoice #2026-1047 — November services — updated banking details

Hi,

Please find attached invoice #2026-1047 for November (€23,400). Our banking details have changed — please update your records.

📎Invoice_2026-1047.pdf
1Vendor account silently compromised
2Attacker monitors email for weeks
3Invoice sent with attacker's bank IBAN
Why it works: The email passes every technical check — it comes from the real vendor address. Detection only happens when the vendor calls about non-payment, weeks later. By then, the money is gone.
🟠 HIGH Payroll Fraud · HR Impersonation
T1585.001 · T1566.001

Payroll Diversion (Storm-2657)

Microsoft Threat Intelligence (2025) documented a campaign where attackers impersonate employees requesting bank account updates in HR portals. Payroll staff receive an authentic-looking self-service portal link — leading to a credential-harvesting page designed to access HR systems.

HR
HR Self-Service Portal Monday 07:58
noreply@hr-selfservice-portal.yourcompany.net ⚙️ Bank account update request — Nicolas Lecomte — Action required
Employee: Nicolas Lecomte Request: Update salary bank account New IBAN: BE71 0961 2345 6789 Effective: This payroll run
Approve in HR Portal →
1Fake employee identity created (LinkedIn data)
2HR staff log in → credentials stolen
3Entire payroll redirected to attacker account
Real-world impact: Microsoft documented "Storm-2657" compromising HR systems at multiple U.S. universities in 2025 — redirecting entire payrolls before detection. Belgian payroll providers are next.
🟠 HIGH Quishing · URL Filter Bypass
T1566.001 · T1059

QR Code Phishing — Quishing

A security alert email contains a QR code instead of a clickable link. Since email security gateways scan URLs but not QR code content, the attack bypasses every filter. The employee scans it on their personal phone — which has no corporate security controls — and enters credentials on a cloned login page.

M
Microsoft Security Thursday 11:01
security@microsoft-mfa-update.com 🔐 Action required: Complete your Microsoft Authenticator re-enrolment

Your Microsoft Authenticator enrolment must be updated by Friday 23:59. Scan the QR code below using your mobile device to complete re-enrolment.

Scan with phone camera
1QR code bypasses all URL scanners
2Personal phone has no MDM/security
3Credentials entered on phone — undetected
Why it evades security: Standard email gateways (Defender, Proofpoint, Mimecast) cannot extract URLs from QR codes. The phishing only renders on a personal device outside corporate visibility — making detection nearly impossible.
1 / 6
🛡️

Fluxive simulates all 6 of these attack types.

We reconstruct the exact social engineering techniques used in the wild — DocuSign lures, CFO whaling, SharePoint harvests — so your team recognises them before the real attack lands.

Book a demo → No IT setup · Book your free 30-min demo
NIS2 Training Documentation for Belgian Organisations

Belgian NIS2 law is in force.
Your training documentation matters.

Belgian NIS2 law (Article 21(2)(g) of the Law of 26 April 2024) requires in-scope organisations to implement security awareness measures and maintain documentation. Fluxive helps you build that documentation automatically.

Training records designed for Article 21(2)(g)

Each campaign produces a training record — who was tested, who failed, what lesson they received, whether they completed it. Structured records supporting Article 21(2)(g) documentation.

Structured around the CCB CyFun® framework

Reports align with CCB CyFun® Basic — the benchmark most Belgian organisations use for NIS2 assessments. Download and share with legal, compliance, or your insurer.

Belgian NIS2 is active — documentation matters now

The Law of 26 April 2024 has been in force since 18 October 2024. CCB CyFun® assessments are underway. Documented training activity is a practical starting point.

⚠️

Important: Fluxive's reports support training documentation and awareness programme management. They are not a legal certification, compliance audit, or CCB assessment. Consult a qualified legal or compliance advisor for your specific NIS2 obligations.

🇧🇪 Belgium among the first EU states to transpose NIS2
📅 Law of 26 April 2024 ✅ In force since 18 October 2024 🔍 CCB CyFun® assessments active
📋
NIS2 Training Documentation Fluxive Activity Report
Sample
Organisation BXL Legal Partners
Framework CCB CyFun® Basic
Article reference NIS2 Art. 21(2)(g)
Period covered Q1–Q2 2026
Employees trained 5 / 5
Simulations run 6
Lessons delivered 14
Completion rate 100%
Training Programme Active

Supporting documentation only — not a legal certification or compliance audit.

Why Fluxive for phishing training in Belgium

Why Belgian SMEs choose Fluxive for phishing awareness training.

Everything you need. Nothing you don't. Fluxive is built specifically for Belgian SMEs that want to be serious about security without dedicating internal IT hours to it.

Feature FLUXIVE ✅ Other providers Enterprise platforms
Belgian phishing templates (M365, Teams, DocuSign…)
AI-written personalised lesson per employee (not a video)
Dutch / French / English per employee automatically
NIS2 CCB CyFun® training documentation included
Fully managed — you only provide the employee list
Data processed within the EU · GDPR-aware
Minimum users151–2550+
Monthly price (50 employees)from €179/mo€200–€500/mo€500–€900+/mo
Pricing

Monthly service. Cancel anytime.

💡 Annual billing saves 10% — ask during your demo

One-time onboarding fee of €499 covers campaign design, employee import and your first simulation. No annual contract required.

Monthly Annual Save 10%
Starter
👥 Up to 15 employees · 🎯 4 campaigns/year
179/month
  • 4 phishing simulations per year (quarterly)
  • AI personalised lesson per employee (NL/FR/EN)
  • 25 Belgian phishing templates
  • Live risk dashboard
  • Training documentation report per campaign
Get started
MOST POPULAR
Professional
👥 Up to 25 employees · 🎯 12 campaigns/year
299/month
  • Everything in Starter
  • Monthly campaigns (12/year)
  • Live Belgian threat intelligence feed
  • Deep analytics per department
  • Priority support (4h response)
Book demo →
Enterprise
👥 150+ employees · 🎯 Unlimited campaigns
Custom
  • Everything in Professional
  • Unlimited campaigns
  • Custom Belgian phishing templates
  • Multi-site / group management
  • Dedicated account manager
Contact us

All plans include onboarding support, full technical management, and training documentation reports.
One-time onboarding fee: €499 · No annual contract required.

Frequently asked questions

Questions we get before every demo

Straight answers about how Fluxive works, what it costs, and what happens with your data.

Yes. All data is processed within the EU. We store only the minimum required data (name, email, department, language preference) and never sell or share it. Full details in our Privacy Policy.
Simulation effectiveness depends on employees not knowing the exact timing. We recommend informing staff that phishing simulations may happen periodically, without revealing specific dates. Transparency builds trust; surprise builds learning.
Setup is typically complete within a few business days of receiving your employee list. You need zero IT involvement — no software to install, no DNS changes, no technical configuration on your side. We handle everything.
No — and any vendor who says otherwise is misleading you. What Fluxive does is generate structured training activity documentation that supports your NIS2 Article 21(2)(g) obligations. Compliance itself is determined by your organisation's broader security programme and validated by a qualified auditor or CCB assessment.
They are immediately redirected to a branded awareness page showing what they missed. Within minutes, they receive a personalised AI-written lesson by email in their own language — explaining exactly what red flags they should have noticed, using Belgian-specific examples.
Yes — month-to-month, cancel anytime with 30 days notice. There is no annual contract requirement (though annual billing at a 10% discount is available). The one-time €499 onboarding fee covers initial setup and your first campaign; it is non-refundable after onboarding begins.
Starter covers up to 15 employees (4 campaigns/year at €179/month). Professional covers up to 50 employees (12 campaigns/year at €299/month). For larger organisations (150+ employees) we offer Enterprise with custom pricing.
Dutch, French, and English — assigned per employee, automatically. Belgium's bilingual/trilingual reality is built into the product. When you upload your employee CSV, you indicate each person's preferred language and they always receive simulations and lessons in that language.
Book Your Demo

30 minutes. Free. See a live attack on your team.

In 30 minutes, we run a live phishing simulation on your domain, show you the AI-personalised lesson your employees would receive, and walk through the NIS2 documentation report. No commitment. No credit card. No preparation needed.

  • Demonstration simulation using your domain
  • Real AI lesson in Dutch or French
  • Sample training activity report with your company name
  • Pricing quote for your exact headcount
📞+32 472 92 57 41 · Mon–Fri 9–18h
✉️info@fluxive.be· Reply within 1 business day
🌐fluxive.be · BTW BE1029968269 · Ninove
1
Fill the form below — takes 2 minutes
2
We call you within 1 business day — Mon–Fri 9–18h
3
30-minute live demo — we attack your domain live
4
Get your sample NIS2 report — with your company name
From demo to live — 3 days
1
Day 0
30-min demo call
2
Day 1
Send employee CSV
3
Day 2
Campaign designed
4
Day 3
First email sent 🚀

✓ No spam · ✓ No commitment · ✓ Reply within 1 business day · ✓ Free