When trying to teach users about the dangers of phishing, it’s not only important to show them examples of real phishing attacks at work, but also the types of phishing “lures” that are relevant to their environment. The attacks they’re most likely to experience.
In this university example, we’ve used a simple password reset scam. We explain how the attack works, what the attackers are after, the response they’re expecting from the recipient (whether an employee, faculty member, or student), and perhaps most important, how the recipient can spot the warning signs.
Each version of this lesson can be customized to explain to users how your organization would like them to respond to a phishing attempt, and how and where to report it.
The lesson is also branded to make it feel even more native and relevant. And contact and reporting information for campus IT or security is provided at the end of the lesson.