We're back with a new installment of our monthly series featuring 5 Phishing Simulation Templates - brought to you by the Wizer Phishing team.
Your approach to phishing simulations should empower your security awareness strategy and support a positive security culture. Peruse our featured templates for this month to uncover elements that seamlessly integrate into your in-person training sessions or simulations. And, for easy inclusion in your training slide deck, simply locate the Download option at the end. Be sure to provide context and followup education that supports the learner and does not punish them.
Maxed out
Our digital lives often need a little TLC, and when a service has to reach out to us, there’s a good chance they’ll use email. This simulated phishing email is letting you know your cloud storage is almost full. Putting the storage at 99% is intentional, as humans can be better engaged by seeing numbers. Another barrier to acting is removed in saying it’s a free additional bit of storage being offered. So when it comes down to it, you’re essentially clicking once to rectify a sudden problem.
Help employees understand when an 'ask' seems too easy so they can more easily recognize red flags.
The invisible issue
When does HelpDesk not help?? When it’s not them behind sending the HelpDesk email! Which makes them an important educational tool in the phishing simulation toolbox. This is actually a very simple email, and its story unfolds in 3 parts.
Firstly, you’re primed about the exact action to take, and when to take it; ‘Install this today’.
Part two is presenting a problem, and being sneaky about it. Emails appearing sent but not sending is not the easiest thing to know you’re affected by - or even might be in future. So there’s a dilemma you have that would you rather risk it… or break away from what you’re doing to do as the email is requesting.
The final stage is reiterating the problem and the solution, and making it seem like you have the autonomy to do it when it suits. Which is actually a strongly persuasive tactic!
These phishing templates and more available in Wizer Boost Phishing Simulation.
All eyes on you
You might not be on TikTok, but there’s no doubt that it’s a hugely popular platform, and one that can’t be ignored in today’s inbox ecosystem. This simulated phishing email is using our natural curiosity to want to know who’s been learning more about them. Not every platform offers the ability to see who viewed you, so when it is there, it’s something that we’re even more likely to take up. And as with most successful simulated phish; the action is almost effortless to take - literally one click, and you can satisfy your curiosity.
Let your team know it's best to check notifications directly in-app and not via an email.
Ring of truth to it
Everyone might not have a ring doorbell, indeed, depending on their living arrangements, they may not even have a front door! Whilst you do know that a certain percentage of your workforce won’t find this simulated phish relevant, there’s still good reason to send it out.
Simulated phish can be like a sonar for gauging who will be receptive to certain identities that could turn up in your organization's inbox ecosystem. And here the story is about how an Internet of things (IoT) device, and especially one owned by Amazon, can be used to compromise important accounts. Help your teammates understand the different risks associated with different IoT devices.
Popularity contest
Popular market leaders tend to make popular simulated phish, and this Calendly email is a perfect example of this. Certain services reach a point at which anyone you trust can use them at any point, and it just makes sense. Dropbox, DocuSign, or Calendar management apps, like Calendly, become a universally accepted utility of the inbox. In this example, we’re having a bit of fun with the idea that nobody wants a 9 am meeting dropped on them! So we anticipate that the recipient would naturally want to click and see what other times were available. Maybe they would be brave and they would select 9:30, who knows!
As with all the simulated phish that we’ve covered here, the speed at which you go from receiving it, to figuring out what the next action to take is and taking it, is so small. And scammers play on that as they want you to work fast, and to not think too hard about any of the final details.
By leveraging a complete security awareness training and phishing simulation solution like Wizer's, you'll supercharge your program, cultivating a fortified security mindset and enhancing your security culture.
That's it for this month's phishing template ideas - looking for more ideas for phishing templates? Check our blog for more.
