Phishing has always been a game of mimicking existing inbox triggers, but 2025 has seen attackers crank up both volume and believability. AI is doing the heavy lifting now, helping cybercriminals tailor lures at scale with less effort, more impact, and few mistakes!
While these lures still arrive by email, they no longer look like the phishing of old. They blend into everyday messages: Slack alerts, MFA notifications, or even friendly mentions on LinkedIn. This month’s simulations reflect real-world tactics that are catching users out: not through sloppy typos or obvious red flags, but through familiarity, speed, and misplaced trust.
Here are five templates for your June awareness program, based on recent phishing trends in the wild.
Download these phishing templates for your in-person security awareness training materials!
Udemy Unlocked
The Hook: Imagine receiving an email from Udemy, a platform you recognize for online learning, stating that your company has granted you access to a corporate trial. It promises valuable learning content and invites you to "Start Learning" to level up your skills. This email feels like a genuine perk, a welcome opportunity for professional development, appealing to your curiosity and ambition. The perceived value and the official-looking sender bypass your usual caution, making the call to action feel natural and desirable.
Real-World Risk:
Clicking the link could take users to a fake Udemy login page, harvesting corporate credentials or redirecting them to malicious downloads disguised as training content.
Learning Moment:
Communications that offer unexpected professional perks or access to third-party services are high-value targets for cybercriminals. Employees should always verify such offers with their employer or HR team through official internal channels, rather than clicking direct email links or entering credentials on unfamiliar pages. Legitimate corporate trials are usually communicated internally first.
Duo Dilemma
The Hook:
You're going about your day when an alarming email pops up, seemingly from "Duo," your multi-factor authentication provider. The subject line screams "Your MFA Code Was Just Used," and the body warns of a login from a new, unfamiliar location like Toronto, Canada. A wave of panic might hit as you immediately wonder if your account has been compromised. The urgency to "Secure My Account" feels paramount, pushing you to click before a second thought can verify the sender. This impersonation of a critical security service exploits your fear and sense of duty to protect your account.
Real-World Risk:
Clicking the "No, it wasn’t me" button could direct you to a fake login page designed to steal your credentials or grant attackers access to your accounts.
Learning Moment:
Urgent account security messages, especially those from unfamiliar email addresses or external domains, are a common phishing tactic. Employees must pause and verify the source of such alerts directly with IT security or by checking their login history on the actual service, rather than acting impulsively on email links. Watch out for urgent messages from domains that look similar but aren't quite right.
LinkedIn Lure
The Hook:
You see a notification from LinkedIn, a platform central to your professional identity. The subject line implies a colleague or contact has "mentioned you in a post," and the preview hints at praise: "'Couldn’t have done this without [Your Name]!'". Your professional curiosity is immediately piqued. You want to see what was said, who said it, and why. The desire to engage, network, or simply acknowledge a professional compliment makes clicking "View Post" feel entirely natural, without considering the source's authenticity. This plays directly into professional curiosity and mild social anxiety.
Real-World Risk:
Clicking the "View Post" button could lead to a spoofed LinkedIn login page, where your credentials would be stolen, giving attackers access to your professional network and potentially other linked accounts.
Learning Moment:
Emails referencing tags or mentions on social/professional platforms are common lures that prey on curiosity. Employees should always navigate to social media platforms directly (e.g., by typing the URL or using the official app) to check notifications, rather than clicking on potentially malicious links in emails, even if the sender appears legitimate.
Quarantine Quandary
The Hook:
An email from "Microsoft365 Alerts" lands in your inbox, announcing that three "potentially harmful messages" have been quarantined. The headline adds a layer of urgency: "Unreviewed Messages Will Be Deleted in 24 Hours." The thought of missing important work emails, or worse, inadvertently deleting crucial information, can spark immediate concern. This common workplace annoyance, combined with the time pressure, often leads to an impulsive click to "Review Messages" and prevent deletion, bypassing critical security checks. This preys on fear of missing out (FOMO) and creates a powerful sense of urgency.
Real-World Risk:
Clicking the "Review Messages" button could redirect you to a fake Microsoft login page designed to harvest your credentials, giving attackers access to your email and other connected Microsoft services.
Learning Moment:
Email quarantine notices that create urgency or demand immediate action should be treated with extreme caution. Employees should always verify suspicious alerts by logging into their email platform or Microsoft 365 services directly through official channels (e.g., by typing the URL into their browser), rather than clicking links in emails.
Slack Shock
The Hook:
An internal "Security Alert" from "https://www.google.com/search?q=slack-notify.com" hits your inbox, claiming a "Potentially Malicious File Found" in a shared Slack media folder. The message immediately makes you think of your responsibility to keep company data safe and avoid being associated with a security incident. The familiar Slack branding and the serious tone of the alert prompt a quick reaction. You feel compelled to investigate and fix the problem by clicking "View and Delete File," assuming it's a legitimate warning from an internal security bot. This tactic exploits your sense of responsibility and trust in internal communication platforms.
Real-World Risk:
Clicking the "View and Delete File" link could lead to a fake Slack login page designed to steal your credentials, or it could initiate the download of malware onto your device.
Learning Moment:
Internal alerts regarding suspicious activity or files should always be verified through known, secure channels. Employees must check with colleagues or their IT department directly, or log into the official Slack platform (not via email links), to confirm any such warnings before taking action, ensuring the alert matches the tone and platform they are used to.
Stay Vigilant This Summer
The message from the data is clear: phishing is evolving faster than most people can keep up. Today’s lures aren’t crude scams: they’re believable messages in familiar formats. Each simulation above is designed not to catch people out, but to help them pause, notice, and question. Because the biggest shift we need isn’t more alerts, it’s better instincts.
Want to explore more phishing simulations? Browse our blog for additional templates, and stay ahead of cyber threats with our curated training resources.
Ready to level up your organization's cybersecurity? Register for a free trial of Wizer Boost to access our full library of phishing templates and exercises!
