Introducing our March’s 5 Phishing Simulation Templates by the Wizer Phishing team. As part of our monthly series, these simulations bolster your employee’s security awareness savvy when used together with a security awareness training that lays the foundation for a positive security culture.
Explore this month's templates for seamless integration into your training sessions either as part of your phishing simulations OR for in-person presentation. Download them for easy inclusion in your materials. Remember to provide context and follow-up education without penalizing learners – everyone can fall victim to a phishing attempt, our goal is to help illustrate the different tactics scammers use.
Front Row Fraud
You're on with your morning routine, juggling deadlines, errands, and unexpected tasks. Suddenly, your phone pings. It's a confirmation email from Ticketmaster for concert tickets... that you didn't buy. ‘Why has this arrived?!’ is the question you want an answer to, ASAP. Did you sleep-shop? Is your account compromised? The immediate need to reverse this unexpected issue is now your primary focus. And… it seems like it’s not going to involve phone calls and logging in… there’s a handy button there proudly displaying the way to save the day.
This phishing simulation template taps into our desire to quickly solve unexpected problems. It’s a good one to highlight with your team how easy it is to click without careful thought when we feel confused or pressured. This serves as a great reminder to always pause, check the sender's address, examine links closely, and report anything that seems suspicious.
SaaSy Scams
A notification from Loom catches your eye. You don't use Loom yourself, but you know plenty of colleagues who have their own favorite SaaS tools to help them with their work. The subject line draws you in: "Do you have any idea why I keep seeing this error?". It instantly pricks your curiosity - maybe someone on your team needs your help with a technical glitch they encountered using Loom? The desire to help a teammate and solve a problem kicks in. Before you can question the unusual format of the message, you find yourself clicking the "View Recording" button, eager to lend a hand.
This phishing simulation template highlights the dangers of seemingly harmless requests within the familiar context of workplace communication tools. It also demonstrates how scammers like to use our own goodwill against us. It's a powerful reminder to stay vigilant, even when the situation seems helpful or innocent.
These phishing templates and more available in Wizer Boost Phishing Simulation.
Missed Meeting Puzzle
We don't like to keep people waiting, so a Webex notification with the subject line "Join the call now" will start your internal stopwatch ticking loudly. Did you forget about a scheduled meeting? Is this a spontaneous call you weren't notified of? Not wanting to appear disorganized, you quickly click the "Open in Browser" link, hoping the rest of the pieces will fall into place. But in your rush, you might not realize the pieces falling into place are actually for a scammer who has used time pressure to force an error from you.
Time pressures are such a common tactic in phishing emails; using them in simulations is imperative to build an association of caution when we're faced with situations when we have to act and think fast.
Data Collection Cut-Off
Over the years, you've added tools and plugins to streamline your work and life. Like many, Grammarly was one of them. But, like many, you never really considered the implications of what you typed being accessible to the service. So, a "Changes to how we store your data" email landing in your inbox finally brings an opportunity to decide how comfortable you are with it. The idea of everything you type being potentially read and stored by a third party doesn't sound appealing! And as it seems future functionality won't be affected… Well, it's a no-brainer to disable it, surely?
This phishing simulation is a good reminder how even services we haven't used for some time can suddenly need a little housekeeping to manage what personal information they can access. And if they really want to check an app’s settings, it’s best to do so directly and not from a link.
The Popularity Trap
The AI hype is everywhere, and even the biggest technophobes are becoming intrigued by the potential of tools like Copilot. So when the "Welcome to your future!" email arrives, your FOMO kicks in about your new robot assistant. Wondering about the productivity gains, and being offered this upgrade directly, has all the ingredients for further action. Could you resist the tempting "Get Copilot Pro" button?
Emails such as this make great simulated phish because they put forward a technology advance that could be upgrading so many of the systems you use: browsers, operating systems, email… There’s no limit to the number of stories about how AI as an upgrade to your working digital environment could make sense, and catch you out. Follow up with your employees with a reminder that it’s always best to check with the IT or Security team before taking further action.
Using a complete security awareness training and phishing simulation solution like Wizer's, upgrade your program to lay the ground work for developing a security mindset and enhancing your security culture.
That's it for this month's phishing template ideas - looking for more ideas for phishing templates? Check our blog for more examples of phishing templates.
