🇧🇪 PHISHING SIMULATION TRAINING · BELGIUM

Your staff clicks phishing.|
We make them stop.

Fluxive sends realistic phishing simulations to your team. Employees who click receive a personalised AI lesson in Dutch, French, or English — automatically. You provide the employee list. We handle the rest.

🚀 Book a free demo See how it works →

No credit card · Setup in 24 hours · Cancel anytime

✅ NIS2 supported
📋 CCB CyFun® aligned
🔒 GDPR-aware
🇧🇪 Belgian SMEs
H F A N Trusted by Belgian SMEs · 5 active clients
fluxive.be/dashboard · BXL Legal
LIVE
BXL Legal P… ✅ NIS2 Training Active ✅ NIS2 Training Active
5
Employees
4
Critical risk
14
Lessons sent
CRITICAL
Avg click rate
⚡ Team Risk Distribution
CRITICAL
MEDIUM
MEDIUM
LOW
LOW
SENT
⚡ Recent AI Lessons
C
Fake DocuSign: the signs
Charlotte · 10/4
DONE
A
Microsoft 365 phishing
Antoine · 10/4
OPENED
I
CEO fraud: authority trap
Isabelle · 9/4
OPENED
✓ NIS2 Art. 21
of breaches start with a phishing email
✓ CCB CyFun®
avg click rate reduction after 3 campaigns
✓ GDPR · EU Data
AI lesson auto-delivered per employee
✓ Setup in 24h
full setup from employee list

Still deciding?

Why phishing training fails for most Belgian SMEs

Generic training achieves nothing.

Standard cybersecurity training has three fatal flaws — and all three leave your organisation exposed.

of employees fall for AI-generated phishing at the same rate as traditional attacks
📉

Generic videos are ignored

73% of employees forget everything within a week. One video for 50 people — regardless of their actual weaknesses — achieves almost nothing measurable.

🔍

No targeted follow-up

A phishing test without an immediate personalised lesson has near-zero retention. Research shows click rates drop only 2% without targeted, individual training.

The threat landscape Belgian SMEs face

60%
Published security research, 2024–2025
time for AI to craft a convincing phishing email targeting your specific staff
5 min
IBM X-Force Threat Intelligence Index
lost by Belgian firms to CEO fraud and Business Email Compromise in 2025
€42M
CCB Belgium, 2025
average time a threat actor is inside a network before detection
280d
Verizon DBIR, 2025
Verizon DBIR, 2025
How Fluxive phishing simulation training works

How our phishing simulation training works — 4 simple steps.

Everything runs automatically. No software to install, no training sessions to manage, no manual reporting. Just results.

Step 01

You send us your employee list

Name, email, department, preferred language. We handle the entire campaign setup — templates, scheduling, and delivery.

  • Name, email, department — nothing more required
  • NL, FR or EN assigned per employee automatically
  • Setup complete within 24 hours
📂 Drop your employee list here
📄 employees.csv 5 employees detected
NameEmailDept.Lang.
Charlotte D.c.dupuis@…SecretariatFR
Antoine B.a.bernard@…Tax LawFR
Isabelle M.i.moreau@…Labour LawFR
Nicolas P.n.petit@…AccountingNL
Jean-Paul R.jp.renard@…CommercialFR
Step 02

We launch a realistic phishing simulation

We send convincing fake emails impersonating Microsoft 365, Teams, DocuSign, HR payroll tools, or your CEO. We track every open, click and credential submission.

  • 25 Belgian attack templates updated quarterly
  • M365, Teams, DocuSign, bpost, ING, HR/payroll
  • Employees never know which emails were fake until the lesson
From: microsoft-security@account-verify.net← fake domain
⚠️ Urgent: your password expires in 24 hours
Dear Charlotte,
Your account password will expire in 24 hours. Reset your password immediately using the secure link below.
Reset password now
🎯 Fluxive detected — 3 red flags found
Step 03
🔐 IT Reset Lesson · 2 min read
Your IT Reset lesson — Microsoft 365
Hello Charlotte, you received a fake Microsoft email today and clicked the link. Here is exactly what to look for next time so you can spot it within seconds.

AI sends a personalised lesson within minutes

Every employee who clicked receives a 2-minute AI-written lesson targeting their exact failure — in their own language. No scheduling. No training day. No generic content.

  • Written in Dutch, French or English per employee
  • References the exact attack they fell for
  • Delivered automatically within minutes of the click
From: training@fluxive.be
🚩 Red flags you should have spotted
Step 04
Hello Charlotte, you received a fake Microsoft email today and clicked the link. Here is exactly what to look for next time so you can spot it within seconds.
🚩 Red flags you should have spotted
→ account-verify.net is not @microsoft.com
→ Microsoft never resets passwords by email
→ Go directly to portal.office.com — never via an email link
🇬🇧 EN 🇳🇱 NL 🇫🇷 FR
Step 04

You see results. You receive the documentation report.

Your dashboard shows click rates dropping over time, per-employee risk scores, and lesson completion. A CCB CyFun®-aligned PDF report is generated automatically for your NIS2 audit.

  • Live click-rate trends per campaign and employee
  • CCB CyFun®-aligned report for training documentation
  • Downloadable PDF to share with compliance advisors or your cyber insurer
📊 Campaign Results
CampaignTypeTargetsClickedRate
CEO Urgent WireAUTHORITY55100%
HR Salary SlipURGENCY5480%
Microsoft 365IT RESET5360%
DocuSign SignIT RESET5240%
bpost DeliveryPARCEL5120%
Your live security dashboard

Everything a manager needs to monitor — in one place.

After every simulation, your dashboard updates in real time. See exactly which employees are at risk, which attack types they fall for, which lessons they have completed — and export your training documentation with one click.

📊 Real-time overview: team risk distribution, critical employees, lessons sent, and campaign performance — everything you need for a NIS2 audit.

fluxive.be / dashboard · Manager Portal
LIVE
5
Employees
4
Critical Risk
14
AI Lessons
55%
Avg Click Rate
⚡ Recent AI Lessons
🔐
HR salary slip: beware of HR scams
Fake DocuSign: how to verify
SENT
🔐
Microsoft 365: fake login page
CEO fraud: the authority trap
DONE
Microsoft 365 reset: how to spot it
Antoine · Tax Law · 10/4
DONE
🔐
CEO fraud: when authority becomes a trap
Isabelle · Labour Law · 9/4
OPENED
👥 Team Risk Profiles — 5 employees
EmployeeDepartmentRiskLessons
CCharlotte D.SecretariatCRITICAL6
AAntoine B.Tax LawCRITICAL4
IIsabelle M.Labour LawCRITICAL2
NNicolas P.AccountingMEDIUM0
JJean-Paul R.CommercialCRITICAL2
🎯 Campaign Results — 6 campaigns
CampaignTypeClickedRate
CEO Urgent WireAUTHORITY5/5100%
HR Salary SlipURGENCY4/580%
Teams Missed MeetingURGENCY4/580%
Microsoft 365 ExpiryIT RESET3/560%
DocuSign SignatureIT RESET3/560%
Vendor Invoice UpdateINVOICE3/560%
🤖 AI Lessons Tracking — 14 lessons
HR salary slip: beware of HR scams
Jean-Paul · Commercial · FR · 10/4
SENT
🔐
Teams phishing: how to stop falling for it
Charlotte · Secretariat · FR · 10/4
DONE
🔐
Microsoft Teams: fake meeting notifications
Antoine · Tax Law · FR · 10/4
DONE
🔐
CEO fraud: when authority becomes a trap
Isabelle · Labour Law · FR · 9/4
OPENED
HR data: protect your payroll info
Nicolas · Accounting · NL · 8/4
DONE
What's Included in Every Plan

Complete phishing training.
You just provide the employee list.

We operate your entire email security awareness programme — from campaign design to compliance documentation.

🤖

AI-Written Personalised Lessons

Not a video. A 400-word lesson written by AI for this specific employee, targeting their exact failure, in their language — sent automatically within minutes of the click.

NL per employee FR per employee EN per employee
🎯

25 Belgian Attack Templates

Built from real 2026 attack data. Microsoft 365, Teams, DocuSign, bpost, ING, HR payroll, CEO fraud. Updated quarterly to mirror what's hitting Belgian SMEs now.

📊

Live Risk Dashboard

Per-employee vulnerability scores across 5 attack types. Watch risk drop from CRITICAL to LOW over months of targeted training.

−73% Avg click rate
reduction
📋

NIS2 Training Documentation

Each campaign generates a CCB CyFun® aligned report supporting Article 21(2)(g). Download and share with your legal advisor or cyber insurer.

⚙️

Fully Managed. Zero IT Required.

Campaign scheduling, template updates, lesson delivery, report generation — all handled. You review monthly results. That's it.

Setup in 24h No software No training sessions
Proven localisation — not just translation

Every employee gets trained
in their own language. Automatically.

AI lessons are generated in the employee's language from Prisma — completely independent of which page URL they visited. This isn't a toggle. It's how the product works.

🇳🇱 NL 14:32
F
training@fluxive.be
🔐 IT Reset Les · 2 min
Uw IT Reset les — Microsoft 365
Hallo Nicolas, u ontving vandaag een nep-Microsoft-e-mail en klikte op de link. Hier is precies wat u had moeten alarmeren.
🚩 account-verify.net is niet @microsoft.com
🚩 Microsoft reset geen wachtwoorden via e-mail
🇳🇱 NL 🇫🇷 FR 🇬🇧 EN
🇬🇧 EN 14:33
F
training@fluxive.be
🔐 IT Reset Lesson · 2 min
Your IT Reset lesson — Microsoft 365
Hello Charlotte, you received a fake Microsoft email today and clicked the link. Here is exactly what should have alerted you.
🚩 account-verify.net is not @microsoft.com
🚩 Microsoft never resets passwords by email
🇳🇱 NL 🇫🇷 FR 🇬🇧 EN
🇫🇷 FR 14:34
F
training@fluxive.be
🔐 Leçon Réinitialisation · 2 min
Votre leçon — Microsoft 365
Bonjour Isabelle, vous avez reçu aujourd'hui un faux e-mail Microsoft et avez cliqué sur le lien. Voici exactement ce qui aurait dû vous alerter.
🚩 account-verify.net n'est pas @microsoft.com
🚩 Microsoft ne réinitialise jamais les mots de passe par e-mail
🇳🇱 NL 🇫🇷 FR 🇬🇧 EN

Shown: English lesson — generated automatically within minutes of the click

Active Threat Intelligence — Enterprise

The attacks that hit companies,
not just inboxes.

These are not consumer scams. These are sophisticated, AI-assisted attack chains used against Belgian and European companies in 2024–2026 — targeting employees who work with finances, documents, and executive communications.

$2.8B BEC losses 2024 (FBI IC3)
BEC losses 2024 (FBI IC3) Lost in Belgium 2025 (CCB)
Lost in Belgium 2025 (CCB) of breaches start with email
of breaches start with email 🔴 CRITICAL
T1557 · T1566.002

DocuSign AiTM — MFA Bypass

A CFO receives a legitimate-looking DocuSign signing request. Clicking the link routes through an adversary-in-the-middle proxy that silently captures their Microsoft 365 session token — bypassing MFA completely. The attacker now owns the account.

DS
DocuSign Tuesday 09:14
dse@docusign.net SPOOFED ↗ 📝 Thomas Dubois has sent you a document to sign: "Q4 Acquisition NDA_FINAL.pdf"
📄
Q4 Acquisition NDA_FINAL.pdf Sent via DocuSign · Expires in 48 hours
REVIEW DOCUMENT →
1Click → AiTM proxy (not DocuSign)
2Real M365 login page served live
3Session token captured — MFA bypassed
Real-world impact: Full M365 mailbox access. Attacker monitors for pending wire transfers, then modifies bank details. Average loss: $137,000 per incident (FBI, 2024).
🟠 HIGH Credential Harvest · ATO
T1566.002 · T1078

Microsoft 365 SharePoint Lure

An internal-looking email notifies an employee about a shared SharePoint file. The link leads to a pixel-perfect M365 login clone. Once credentials are entered, the attacker uses them to move laterally through the organisation — accessing Teams, OneDrive, and email.

M
Microsoft SharePoint Thursday 14:33
no-reply@sharepointonline-notifications.com 📁 [EXTERNAL] Sarah Lambert shared "H1_Financial_Report_CONFIDENTIAL.xlsx" with you
📊
H1_Financial_Report_CONFIDENTIAL.xlsx Shared by: sarah.lambert@yourcompany.be
Open in SharePoint →
1Fake domain mimics Microsoft
2Cloned M365 login page displayed
3Credentials stolen — full tenant access
Real-world impact: Lateral movement across the entire Microsoft tenant. Access to all Teams messages, SharePoint documents, and email — used to launch further BEC attacks from a trusted internal account.
🔴 CRITICAL Whaling · AI-Crafted
T1598.003 · T1657

AI-Crafted CFO Whaling (BEC)

Using AI, attackers craft a hyper-personalised email to the CFO during a known acquisition period (scraped from LinkedIn/press releases). The email mimics the CEO's writing style — extracted from publicly available interviews — and requests an urgent wire transfer.

JD
Jean Dubois — CEO Friday 17:52
j.dubois@yourcompany-group.com LOOKALIKE ↗ 🔒 Confidential — urgent payment for Nexum acquisition closing

Hi Marc,

The Nexum acquisition closes Monday. Our M&A counsel confirmed we need to wire €487,000 to escrow by 18:00 today — I'm in meetings in Paris and can't call.

Please process discreetly. I'll call you first thing Monday.

Jean

1LinkedIn/press releases scraped for context
2AI generates CEO-style text + timing
3End-of-week urgency forces rushed decision
Real-world impact: Arup (Hong Kong, 2025): US$25.6M transferred via AI deepfake video call. Belgian firms lost €42M to CEO fraud in 2025 alone (CCB).
🟠 HIGH Supply Chain · Account Takeover
T1586.002 · T1657

Compromised Vendor — Invoice Bank Swap

The attacker silently compromises a real vendor's email account, monitors ongoing invoice conversations for weeks, then intercepts at the exact moment an invoice is expected — replacing the bank details with their own. The email comes from the real vendor address.

VP
Van Peteghem & Partners Wed 08:12
invoicing@vanpeteghem-partners.be COMPROMISED ↗ 📎 Invoice #2026-1047 — November services — updated banking details

Hi,

Please find attached invoice #2026-1047 for November (€23,400). Our banking details have changed — please update your records.

📎Invoice_2026-1047.pdf
1Vendor account silently compromised
2Attacker monitors email for weeks
3Invoice sent with attacker's bank IBAN
Why it works: The email passes every technical check — it comes from the real domain, real sender name, with prior conversation history. No spam filter catches it. Only a phone call to the vendor confirms the fraud.
🟠 HIGH Payroll Fraud · HR Impersonation
T1585.001 · T1566.001

Payroll Diversion (Storm-2657)

Microsoft Threat Intelligence (2025) documented a campaign where attackers impersonate employees requesting bank account updates in HR portals. Payroll staff receive an authentic-looking self-service portal link — leading to a credential-harvesting page designed to access HR systems.

HR
HR Self-Service Portal Monday 07:58
noreply@hr-selfservice-portal.yourcompany.net ⚙️ Bank account update request — Nicolas Lecomte — Action required
Employee: Nicolas Lecomte Request: Update salary bank account New IBAN: BE71 0961 2345 6789 Effective: This payroll run
Approve in HR Portal →
1Fake employee identity created (LinkedIn data)
2HR staff log in → credentials stolen
3Entire payroll redirected to attacker account
Real-world impact: Microsoft documented "Storm-2657" compromising HR systems across multiple industries. Entire payrolls diverted for one or more pay cycles before detection. Average discovery time: 17 days.
🟠 HIGH Quishing · URL Filter Bypass
T1566.001 · T1059

QR Code Phishing — Quishing

A security alert email contains a QR code instead of a clickable link. Since email security gateways scan URLs but not QR code content, the attack bypasses every filter. The employee scans it on their personal phone — which has no corporate security controls — and enters credentials on a cloned login page.

M
Microsoft Security Thursday 11:01
security@microsoft-mfa-update.com 🔐 Action required: Complete your Microsoft Authenticator re-enrolment

Your Microsoft Authenticator enrolment must be updated by Friday 23:59. Scan the QR code below using your mobile device to complete re-enrolment.

Scan with phone camera
1QR code bypasses all URL scanners
2Personal phone has no MDM/security
3Credentials entered on phone — undetected
Why it evades security: Standard email gateways (Defender, Proofpoint, Mimecast) scan embedded URLs — not QR code images. Microsoft Threat Intelligence documented QR code tax-themed campaigns active across EU in 2024–2025.
🛡️

Fluxive simulates all 6 of these attack types.

We reconstruct the exact social engineering techniques used in the wild — DocuSign lures, CFO whaling, SharePoint harvests — so your team recognises them before the real attack lands.

Book a demo → No IT setup · First simulation within 24h
NIS2 Training Documentation for Belgian Organisations

Belgian NIS2 law is in force.
Your training documentation matters.

Belgian NIS2 law (Article 21(2)(g) of the Law of 26 April 2024) requires in-scope organisations to implement security awareness measures and maintain documentation. Fluxive helps you build that documentation automatically.

Training records designed for Article 21(2)(g)

Each campaign produces a training record — who was tested, who failed, what lesson they received, whether they completed it. Structured records supporting Article 21(2)(g) documentation.

Structured around the CCB CyFun® framework

Reports align with CCB CyFun® Basic — the benchmark most Belgian organisations use for NIS2 assessments. Download and share with legal, compliance, or your insurer.

Belgian NIS2 is active — documentation matters now

The Law of 26 April 2024 has been in force since 18 October 2024. CCB CyFun® assessments are underway. Documented training activity is a practical starting point.

⚠️

Important: Fluxive's reports support training documentation and awareness programme management. They are not a legal certification, compliance audit, or CCB assessment. Consult a qualified legal or compliance advisor for your specific NIS2 obligations.

🇧🇪 Belgium among the first EU states to transpose NIS2
📅 Law of 26 April 2024 ✅ In force since 18 October 2024 🔍 CCB CyFun® assessments active
📋
NIS2 Training Documentation Fluxive Activity Report
Sample
Organisation BXL Legal Partners
Framework CCB CyFun® Basic
Article reference NIS2 Art. 21(2)(g)
Period covered Q1–Q2 2026
Employees trained 5 / 5
Simulations run 6
Lessons delivered 14
Completion rate 100%
Training Programme Active

Supporting documentation only — not a legal certification or compliance audit.

Results from personalised phishing awareness training

Three things you can prove to anyone who asks.

−73%
Click rate reduction

Every campaign automatically generates a CCB CyFun®-aligned documentation report. Hand it to your NIS2 auditor directly. No extra preparation, no manual logs.

10+
Audit hours saved

Every campaign automatically generates a CCB CyFun®-aligned documentation report. Hand it to your NIS2 auditor directly. No extra preparation, no manual logs.

−20%
Insurance premium reduction

Industry research on personalised phishing simulation programmes reports click rate reductions of up to 73% within 12 months — compared to significantly lower reductions from generic video-only training. Published research, not Fluxive client data. Individual results vary.

Why Fluxive for phishing training in Belgium

Why Belgian SMEs choose Fluxive for phishing awareness training.

Everything you need. Nothing you don't. Fluxive is built specifically for Belgian SMEs that want to be serious about security without dedicating internal IT hours to it.

FLUXIVE ✅ Other providers Enterprise platforms
Belgian phishing templates (M365, Teams, DocuSign…)
AI-written personalised lesson per employee (not a video)
Dutch / French / English per employee automatically
NIS2 CCB CyFun® training documentation included
Fully managed — you only provide the employee list
Data processed within the EU · GDPR-aware
Minimum users11–2550+
Monthly price (50 employees)from €179/mo€200–€500/mo€500–€900+/mo
Pricing

Monthly service. Cancel anytime.

💡 Annual billing saves 10% — ask during your demo

One-time onboarding fee of €499 covers campaign design, employee import and your first simulation. No annual contract required.

Monthly Annual Save 10%
Starter
👥 Up to 15 employees · 🎯 4 campaigns/year
179/month
  • 4 phishing simulations per year (quarterly)
  • AI personalised lesson per employee (NL/FR/EN)
  • 25 Belgian phishing templates
  • Live risk dashboard
  • Training documentation report per campaign
Get started
MOST POPULAR
Professional
👥 Up to 50 employees · 🎯 12 campaigns/year
299/month
  • Everything in Starter
  • Monthly campaigns (12/year)
  • Live Belgian threat intelligence feed
  • Deep analytics per department
  • Priority support (4h response)
Book demo →
Enterprise
👥 150+ employees · 🎯 Unlimited campaigns
Custom
  • Everything in Professional
  • Unlimited campaigns
  • Custom Belgian phishing templates
  • Multi-site / group management
  • Dedicated account manager
Contact us

All plans include onboarding support, full technical management, and training documentation reports.
One-time onboarding fee: €499 · No annual contract required.

Frequently asked questions

Questions we get before every demo

Straight answers about how Fluxive works, what it costs, and what happens with your data.

Yes. All data is processed within the EU. We store only the minimum required data (name, email, department, language preference) and never sell or share it. Full details in our Privacy Policy.
Simulation effectiveness depends on employees not knowing the exact timing. We recommend informing staff that phishing simulations may happen periodically, without revealing specific dates. Transparency builds trust; surprise builds learning.
Setup is complete within 24 hours of receiving your employee list. You need zero IT involvement — no software to install, no DNS changes, no technical configuration on your side. We handle everything.
No — and any vendor who says otherwise is misleading you. What Fluxive does is generate structured training activity documentation that supports your NIS2 Article 21(2)(g) obligations. Compliance itself is determined by your organisation's broader security programme and validated by a qualified auditor or CCB assessment.
They are immediately redirected to a branded awareness page showing what they missed. Within minutes, they receive a personalised AI-written lesson by email in their own language — explaining exactly what red flags they should have noticed, using Belgian-specific examples.
Yes — month-to-month, cancel anytime with 30 days notice. There is no annual contract requirement (though annual billing at a 10% discount is available). The one-time €499 onboarding fee covers initial setup and your first campaign; it is non-refundable after onboarding begins.
Starter covers up to 15 employees (4 campaigns/year at €179/month). Professional covers up to 50 employees (12 campaigns/year at €299/month). For larger organisations (150+ employees) we offer Enterprise with custom pricing.
Dutch, French, and English — assigned per employee, automatically. Belgium's bilingual/trilingual reality is built into the product. When you upload your employee CSV, you indicate each person's preferred language and they always receive simulations and lessons in that language.
Book Your Demo

30 minutes. Free. See a live attack on your team.

In 30 minutes, we run a live phishing simulation on your domain, show you the AI-personalised lesson your employees would receive, and walk through the NIS2 documentation report. No commitment. No credit card. No preparation needed.

  • Demonstration simulation using your domain
  • Real AI lesson in Dutch or French
  • Sample training activity report with your company name
  • Pricing quote for your exact headcount
📞+32 472 92 57 41 · Mon–Fri 9–18h
✉️info@fluxive.be· Reply within 4h
🌐fluxive.be · BTW BE1029968269 · Ninove
1
Fill the form below — takes 2 minutes
2
We call you within 4 hours — Mon–Fri 9–18h
3
30-minute live demo — we attack your domain live
4
Get your sample NIS2 report — with your company name
From demo to live — 3 days
1
Day 0
30-min demo call
2
Day 1
Send employee CSV
3
Day 2
Campaign designed
4
Day 3
First email sent 🚀

✓ No spam · ✓ No commitment · ✓ Reply within 4 hours · ✓ Free

No commitment. No credit card. Reply within 4 hours.

See a live phishing attack
on your own team. 30 minutes.

No commitment. No credit card. Reply within 4 hours.

🎯 Book your free demo 📞 +32 472 92 57 41
✓ NIS2 Art. 21 ✓ CCB CyFun® ✓ GDPR · EU Data ✓ Setup in 24h