Wizer Free Security Awareness Blog

Top 5 Must-Know Phishing Simulation Templates - April 2024

Written by Wizer Team | Apr 18, 2024 4:35:00 AM

Introducing our April's 5 Phishing Simulation Templates by the Wizer Phishing team. This month, we're focusing on phishing attacks that play on fear, greed, and the desire to take swift action. Remember, scammers know how to push our emotional buttons! These 5 simulations will help your team recognize the telltale signs of a scam and stay in control of their online security.

Explore this month's templates for seamless integration into your training sessions either as part of your phishing simulations OR for in-person presentation. Download them for easy inclusion in your materials. Remember to provide context and follow-up education without penalizing learners – everyone can fall victim to a phishing attempt, our goal is to help illustrate the different tactics scammers use.

The Unwanted Transfer

You're wrapping up a busy workday when an urgent-looking text from Verizon pops up: 'Your request to transfer your number has been successful!' Panic sets in. You never requested this! Did someone call customer support and impersonate you? Is someone stealing your phone number? The email includes a button to 'resolve the issue.' In the heat of the moment, it's tempting to click...

This phishing attack preys on our fear of losing control of our accounts and the sense of urgency it instills.  This template is a good conversation starter with your staff that when a message creates sudden fear of your account being hacked, it's wise to be extra suspicious and they should treat it as a potential phishing attempt.

 

 

 

Security Alert Panic

Your inbox is overflowing, but a 'Security Alert' from Mozilla makes you pause. Uh-oh! Was your account compromised on a recent trip where you had to use public WiFi? The 'Secure Account Now' button offers a quick fix... almost too quick.

This particular simulation targets our fear of account takeovers. Legitimate security alerts typically arrive in-app or via a verified email address, not with a clickable button as the primary action. As a simulated phish, this is also a valuable way to gauge if you may have shadow IT issues in the form of employees using browsers your organization wasn't aware of.

 

These phishing templates and more available in Wizer Boost Phishing Simulation.

 

 

Too Good to be True?

It's been a long day, you don't much feel like cooking later, and that 80% Grubhub discount is tempting!  But if it was 20%... maybe not quite such a must-have deal. This is why fake offers tend to turn the generosity up to 11 – they aren't bothered about profit, just the information they can compromise.

This preys on the desire for convenience and a good deal. Always check for misspellings, unusual sender addresses, and most importantly, hover over links to reveal their true destination before clicking. And if you're feeling that deal is just too good to be true, that's a flag to step back and think twice.

 

 

The Mystery Verification

The blue and white LinkedIn notification brings a small thrill… followed by a wave of panic. Your account is verified, but you never requested it! Did someone hack your account and submit a fake ID?  Now, there's that tempting 'Unlink Verification' button.  Is it the solution, or part of the scam?

This plays on both the desire for status and, more importantly, the fear of losing control of your online identity. Scammers know that confusion and anxiety can override caution. Legitimate social platforms would handle issues like this directly within their settings, not via email with urgent call-to-action buttons. Use these types of phishing simulations to talk with your colleagues about the importance verifying through the app instead of taking action via an email.

 

 

AI Flattery Trap

The Gemini email is flattering... your name mentioned in AI generated answers! It taps into curiosity, and a bit of ego with the line "It's great to be popular." The 'verify info' button seems harmless enough, but could you be coerced to login giving access to your entire Google world?

This is a highly personalized, tech-forward phish. It subtly builds a sense of urgency ("we want to check the facts"). Always be wary of unusual flattery and requests for personal data, even when they're tied to trendy topics like AI.

 

 

 

Ready to launch your next phishing campaign? Register now for a free 10-day trial of Wizer Boost to explore all of Wizer’s Phishing Simulation Templates and Phishing Exercises. 

That's it for this month's phishing template ideas - looking for more ideas for phishing templates? Check our blog for more examples of phishing templates.