Which manual intervention technique is described to test user interaction with external links while on a call?

The idea being tested is how a user behaves with external links in a real-time, human-guided scenario. Guiding target personnel to use a stock laptop and surf to different URLs while you’re on a live phone call creates a realistic situation where the user must decide in the moment whether to click, trust the link, or follow instructions. This setup captures authentic user reactions, including hesitations, questions, or compliance, which is exactly what you want to evaluate in social engineering testing. Using a stock laptop helps keep the test environment clean and observable, reducing confounding factors from pre-installed software and making it easier to monitor and document the user’s actions. Conducting the test by speaking with the user in real time also allows the tester to provide cues, answer questions, and see how the user handles guidance under pressure, which is often when security awareness gaps surface. The other approaches described rely on automated or offline methods—phishing emails, scripted client launches, or automated tool-generated emails—rather than interactive, live engagement with the user during a call. They measure different aspects (like susceptibility to email-based phishing or automated payloads) and don’t directly test how a user behaves when guided verbally to interact with external links in the moment.