Welcome to the July Edition of our monthly series featuring 5 Phishing Simulation Templates - brought to you by the Wizer Phishing team.
Phishing templates and awareness campaigns are absolute must-haves to thwart cyber threats! Using a complete security awareness training and phishing simulation solution like Wizer's can give your program a boost in a stronger security mindset, strengthening your security culture.
Be sure to look for the Download option at the end if you want to feature these in a training slide deck.
Passwords: An oldie but a goodie
There are things that will always be on a cyber criminal’s wish list, and passwords are definitely one of their favorite things. It’s not hard to see why. A password tells a service that you are who is rightfully allowed into an account, trusted to use its functions, and access its data.
Due to their desirability, having a single place where all your passwords hide will always be an attractive target for a cyber criminal. Also, with the rise of password managers, comes a worry our most guarded assets will be compromised. And this makes us vulnerable to phishing emails playing on these fears, to trick us into carrying out a rushed action. And it might not be just to trick access to your password manager, it could equally be to make you open a malicious attachment.
This is why phishing simulations of password managers can be a useful tool to educate your colleagues on just how it’s both an attention grabbing topic and also an identity likely to be impersonated.
Anything for a free lunch (or Breakfast)
It’s a fact that we all love a good offer or free benefit. But where phishing simulations are concerned, care needs to be taken that you don’t break the trust of your colleagues (and put your security efforts back) by using things that are known to cause problems for the sending organization. Health benefits, pay raises - these simulated phish have all hit the headlines, and still do, and it’s always an apology being given. While it may be tempting to be as 'real-world' as possible since criminals have no issue stooping so low, we don't recommend it.
What we advise instead would be to simulate the process of someone seeing something they can benefit from, and taking action, keep it very small scale, and ideally something that doesn’t have an instantly redeemable value - like a loyalty upgrade.
And this is one such example, an instant upgrade to the Genius level 3 tier on Booking.com. It’s something that’s just attractive enough to be very tempting to accept, without any of the risks that can come from using more emotionally charged lures.
These phishing templates and more available in Wizer Boost Phishing Simulation.
Dangers of Popularity
One awesome function of phishing simulations can be to safely expose your colleagues to new dangers that might be emerging, before a cyber criminal gets there first. With a global rise in the use of voice notes, so comes a rise in the risk that a new part of ‘normal’ notification life will be weaponized with greater frequency.
We already know that answerphone messages have proved popular with scammers, and still do. So a natural evolution will be to tap into the rise of voice notes, and the extended number of services that add voice note functionality.
Discord Disaster
A lot of emerging AI technology is utilizing Discord as a way to both use their services, and also gain feedback about experiences or problems. Two notable and popular services that rely on Discord are ChatGPT and Midjourney.
As a demographic of user, those that embrace new technology may also embrace things such as cryptocurrency, too. So a Discord simulated phish allows you to send out a sonar to understand the inbox ecosystem your organization has, allowing you to tailor your training program so it’s more personalized to the individual.
This phish could get ultra creative about the story it tells, but we've kept it simple here to reinforce a very common theme to phishing emails - a time constraint and urge to act to prevent a loss of an account.
AI Imagery Fun
To round off this collection of simulated phishing template ideas, here’s a final one that fits into this month's themes of emerging topics and finding creative ways to educate how our desire to accept a benefit can make us vulnerable.
Not everyone is interested to upgrade their Booking.com account to Genius 3, indeed not everyone will be a user of booking.com to begin with! So an alternative, or additional, simulated phish is this Midjourney phish alerting you to early access to their app. And no, Midjourney doesn’t actually have an app yet - and that doesn’t matter in the world of phishing. Something only has to seem like it’s true - it doesn’t actually have to be true.
One extra component of this phish is the use of an image that went viral, tapping into someone's creative urges about what they could possibly create in a text to image editor.
That's it for this month's phishing template ideas - looking for more ideas for phishing templates? Check out the resources below ⬇️ And check back next month for more!
Past Phishing Templates:
Top 5 Must-Know Phishing Simulation Templates - June Edition
Top 6 Must-Know Phishing Simulation Templates - May Edition
Top 5 Must-Know Phishing Simulation Templates - April Edition
Top 5 Must-Know Phishing Simulation Templates - March Edition
Top 5 Must-Know Phishing Simulation Templates - February Edition
