Cyber Awareness

Phishing Awareness Training

Teach your team to spot phishing attacks before they click. Real-world scenarios built from actual penetration testing engagements.

45 Minutes 4 Modules All Levels Certificate Included
Start Training
91%

Of Breaches Start with Phishing

Phishing remains the #1 initial attack vector for data breaches globally.

$2.4B

Lost to BEC in 2023

Business email compromise caused the highest financial losses of any cybercrime category.

3.4B

Phishing Emails Sent Daily

An estimated 3.4 billion phishing emails are sent worldwide every single day.

Overview

What You'll Learn

Four comprehensive modules covering every aspect of phishing defense, from basic email red flags to advanced BEC tactics.

Email Phishing Red Flags

Recognize suspicious sender addresses, urgency tactics, malicious links, spoofed domains, and the psychological triggers attackers exploit to bypass your defenses.

Spear Phishing & BEC Attacks

Understand targeted campaigns that impersonate executives, vendors, and trusted contacts. Learn how attackers research victims and craft convincing pretexts.

Reporting & Response Procedures

Master proper procedures for reporting phishing attempts, escalating threats to your security team, and protecting colleagues from active campaigns in progress.

Safe Browsing & Link Verification

Develop safe web browsing practices to avoid drive-by downloads, malicious redirects, fake login pages, watering hole attacks, and credential harvesting sites.

Curriculum

Course Modules

A structured learning path that builds your team's phishing defense skills from foundational knowledge to advanced threat recognition.

01

Understanding the Phishing Threat Landscape

12 min
  • What phishing is and why it's the #1 attack vector
  • Types of phishing: email, SMS (smishing), voice (vishing), and QR codes (quishing)
  • How attackers choose their targets and build campaigns
  • Real breach case studies caused by phishing attacks
  • The psychology behind why phishing works
02

Identifying Phishing Emails & Messages

15 min
  • Analyzing sender addresses and header information
  • Spotting spoofed domains and lookalike URLs
  • Recognizing urgency, fear, and authority manipulation tactics
  • Identifying malicious attachments and embedded links
  • Interactive exercise: Spot the phishing email (real examples)
03

Spear Phishing, BEC & Targeted Attacks

10 min
  • How attackers use OSINT to craft personalized attacks
  • Business Email Compromise (BEC): CEO fraud, invoice scams, payroll diversion
  • Vendor and supply chain email compromise scenarios
  • Wire transfer and payment redirect attack patterns
  • Verification procedures and out-of-band confirmation techniques
04

Reporting, Response & Safe Browsing

8 min
  • How to report suspected phishing to your security team
  • What to do if you've already clicked a malicious link
  • Protecting colleagues from active phishing campaigns
  • Safe browsing habits: URL verification, HTTPS checking, bookmark usage
  • Password manager usage and MFA as phishing defenses
Attack Scenarios

Real-World Examples You'll Analyze

Every scenario in this course is based on actual attacks we've encountered during penetration testing engagements.

BEC Attack

The CFO Wire Transfer

An attacker impersonates the CEO via email, requesting an urgent wire transfer to a "new vendor." The email comes from a domain that's one character off from the real one.

Credential Harvest

The Microsoft 365 Login Page

A convincing Microsoft login page hosted on a compromised WordPress site captures credentials. The only tell is a slightly wrong URL that most employees overlook.

Spear Phishing

The HR Benefits Update

Employees receive a personalized email about their benefits enrollment with an attachment that installs malware. Names and departments pulled from LinkedIn.

Supply Chain

The Vendor Invoice Redirect

A legitimate vendor's email is compromised and used to send invoices with updated bank details. The email thread is real, only the payment details have changed.

Who It's For

Built for Every Role in Your Organization

Phishing targets everyone. This course gives every employee the skills to defend themselves and your organization.

All Employees

Foundational phishing awareness for everyone

Finance Teams

BEC and wire fraud defense training

Data Handlers

Protecting sensitive data from social engineering

Customer Support

Defending against pretexting and impersonation

FAQ

Common Questions

Is this course suitable for non-technical employees?

Absolutely. This course is designed for all skill levels. We use clear, jargon-free language and real-world visual examples that anyone can understand, regardless of their technical background.

Does this include phishing simulations?

Yes. The course includes interactive exercises where employees analyze real phishing emails. Additionally, your organization portal includes phishing simulation campaigns you can deploy to test your team after training.

How often should employees retake this training?

We recommend annual training at minimum, with quarterly phishing simulations to reinforce learning. Most compliance frameworks require annual security awareness training, and our platform makes it easy to schedule recurring enrollments.

Do employees receive a certificate upon completion?

Yes. Each employee receives a completion certificate that can be used for compliance documentation. Administrators can also generate bulk compliance reports from the dashboard.

Protect Your Team from Phishing Attacks

Reduce your organization's #1 cyber risk. Deploy phishing awareness training to your entire team in minutes.

Interactive exercises Real attack scenarios Completion certificates
Start Training