Following a series of invoice phishing incidents targeting a German automotive services group, Libertad was engaged to identify and close the vulnerabilities that had enabled the attacks. The engagement needed to address both layers of risk simultaneously: the technical gaps in email authentication and domain configuration, and the human-layer susceptibility that had allowed staff to be deceived.
The added complexity was a hard GDPR compliance requirement — any phishing simulation had to be structured as a legitimate staff awareness programme, with data handled accordingly. The mandate was to deliver a hardened, evidenced security posture within 2–3 weeks, with findings suitable for management review.
Project Details
A Four-Workstream Engagement
All activities were performed remotely across four concurrent workstreams, each addressing a distinct layer of risk.
Technical Vulnerability Scan
Automated and manual review of DADG’s externally facing configuration. Identification of misconfigured or absent SPF, DKIM, and DMARC records, and a full review of domain hygiene and exposure indicators relevant to impersonation risk.
OSINT & Brand Exposure Analysis
Dark-web credential exposure search and SecurityTrails subdomain analysis to map the full attacker-visible surface. Impersonation risk mapping linked directly to the recent phishing incidents targeting the business.
Phishing Simulation & Awareness Training
Controlled “Safe Phish” campaign using Gophish, with lures mirroring the real Unpaid Invoice attack vector used against the business. Staff who interacted with the simulation received instant two-minute just-in-time awareness training. Full campaign monitoring and click-rate reporting included.
Microsoft 365 Hardening
Technical configuration of DMARC to Reject policy, SPF, and DKIM records. Implementation of External Email Banners to alert staff to inbound mail from outside the organisation. Delivery of a Final Executive Report with a prioritised remediation checklist.
The Impact
Delivered a hardened, GDPR-compliant Microsoft 365 environment with measurable, documented improvements across both the technical and human layers of risk — within the agreed 2–3 week timeline.
- Closed email authentication gaps that had made domain impersonation trivially easy, implementing DMARC Reject policy, SPF, and DKIM across the M365 environment.
- Captured and documented staff susceptibility baseline through a controlled phishing simulation, giving leadership measurable evidence of human-layer risk for the first time.
- Delivered a prioritised executive risk report and remediation checklist fully compliant with GDPR requirements, providing a structured security foundation to support the business’s market expansion.