Spring brings fresh starts, new projects, and unfortunately, fresh phishing tactics. As employees settle into warmer weather and Q2 planning, cybercriminals are adapting their approaches to match our shifting digital habits. May’s simulations explore how everyday emails — helpful, timely, even dull — can quietly hide danger. They don’t scream for attention. They whisper. Until it’s too late.
This month's templates blend geopolitical awareness, AI transparency trends, travel season perks, food delivery convenience, and workplace financial curiosity. Each one tests a different psychological trigger that makes even security-conscious employees pause just long enough to click.
Download these phishing templates for your in-person security awareness training materials!
Tariff Tease
The world of global trade moves fast, and supply chain disruptions have become part of our everyday vocabulary. This simulation taps into that reality with a twist of personal relevance.
The Hook:
An email from "Walmart" informs you that due to new import tariffs, several products you've previously purchased will no longer be available after May 31st. The email includes product images and suggests you "secure remaining stock" of items from your order history. There's even a helpful "View Affected Products" button.
Real-World Risk:
Clicking leads to a fake Walmart login page designed to harvest credentials, or downloads a "product catalog" PDF embedded with malware. Other versions might request payment details to reserve the discontinued items.
Learning Moment:
Personal relevance is a powerful hook. Even when an email references something legitimate (like past purchases), always access your account directly through the official website or app. Scammers are increasingly using real purchase data from breaches to make their phishing attempts more convincing.
Meeting Mentions
AI-generated meeting summaries and action items are becoming workplace staples. This simulation exploits our need to stay informed about what was said when we weren't listening.
The Hook:
A Google Workspace notification claims you were mentioned in three AI-generated meeting transcripts from last week. The email asks you to "review your mentions and assigned actions" through a convenient "View AI Summary" button. It feels like standard workplace housekeeping.
Real-World Risk:
The link redirects to a spoofed Google login page to capture credentials, or downloads a malicious "transcript summary" document. Attackers can then access your entire Workspace environment or deploy malware across your organization.
Learning Moment:
As AI tools become embedded in workplace workflows, employees need to distinguish between legitimate automation and clever impersonation. Always verify AI-generated notifications through your actual Workspace interface, not through email prompts. And because AI summaries do exist, it’s easy to believe one might reference you, even if you didn’t attend.
Mile-High Generosity
Travel season is picking up, and airlines love to surprise passengers with unexpected perks. This simulation plays on that goodwill with a seemingly generous offer.
The Hook:
An email from "Delta SkyMiles" congratulates you on being selected for a complimentary premium Wi-Fi package for your next flight. No payment required — just click "Activate Your Upgrade" to claim the perk before it expires. The timing feels perfect as travel plans ramp up.
Real-World Risk:
The activation link leads to a fake airline portal requesting login credentials or credit card details "for verification purposes." Attackers can then access your frequent flyer account, personal information, or financial data.
Learning Moment:
Unsolicited upgrades and freebies should trigger healthy skepticism, even when they seem harmless. Airlines and other service providers rarely distribute perks via email without prior notification through their official apps or accounts.
Lunch Break Lure
Food delivery apps have become essential workplace tools, and who doesn't love a free meal? This simulation exploits our relationship with convenience and instant gratification.
The Hook:
An email from "DoorDash" announces you've been selected for a "100% off lunch voucher" valid for the entire month of May. The promotion appears to be part of a customer loyalty program, complete with a "Claim Your Free Meal" button and a countdown timer showing the offer expires soon.
Real-World Risk:
Clicking leads to a fake DoorDash login page designed to steal credentials and payment information. Some versions might request credit card details "to activate the account" or install malicious apps disguised as delivery tracking software.
Learning Moment:
Food-related phish feel harmless — just another promo in your inbox. But that sense of casual convenience is exactly what attackers count on. Train employees to verify offers directly through the official app rather than email links, especially when deals seem unusually generous or urgent.
Reimbursement Reveal
Financial transparency in the workplace creates natural curiosity, especially when it's presented as a personalized summary. This simulation leverages our desire to know where we stand financially.
The Hook:
An email from "HR" announces that your "2024 Reimbursement Summary" is ready for review. The message explains that you can see which expenses were approved, which were flagged for additional review, and your total reimbursement amount for the year. A "View My Summary" button promises instant access.
Real-World Risk:
The link redirects to a fake HR portal, designed to capture login credentials, or downloads a malicious spreadsheet with embedded macros. Some versions of this phish even mimic real dashboards, complete with fake totals and clickable rows.
Learning Moment:
Financial and performance-related communications are high-value targets for cybercriminals. Employees should always access expense reports, payroll information, and HR communications through official company portals, never through email links.
Phishing attacks continue to evolve, but the core tactics remain the same: exploit trust, create urgency, and make clicking feel like the natural next step. These simulations help your team recognize when their helpful instincts are being weaponized against them.
Ready to test your team's defenses? These phishing templates offer a perfect blend of current relevance and timeless social engineering principles to keep your security awareness training both effective and engaging.
.png)
