December is a busy month for everyone. Between holiday shopping, travel plans, and end-of-year deadlines, it's easy to let your guard down. Unfortunately, cybercriminals see this as an opportunity. Cybercrime activities are highest during this time of year, with phishing attempts increasing by up to 400% from October to the start of the holiday season in November. (CyberReady, 2023).
With inboxes overflowing and attention spans stretched thin, people are more likely to fall victim to phishing scams. That's why it's crucial to keep your team vigilant and prepared to spot these threats.
Download these phishing templates for your in-person security awareness training materials!
Signature Phish
This simulation plays on our natural curiosity and the common fear of missing important deadlines. You receive an email seemingly from Adobe Sign, notifying you of a document awaiting your signature. It warns that the document is at risk of cancellation due to the missing signature, creating a sense of urgency and prompting you to click without thinking. But beware! This could be a trap. Clicking the 'Sign Now' button could lead to a fake Adobe Sign page designed to steal your login credentials or other sensitive information.
If you receive any e-sign document emails you believe could be authentic, instead of clicking the email, you can verify if the request is legit by contacting the owner of the document through a trusted communication channel.
Policy Persuasion
Workplace policies are always changing, and staying up-to-date is crucial. This simulation uses that to its advantage, notifying you of an updated policy from HR. The email creates a sense of obligation and compliance, prompting you to click a link to view the new Drug & Alcohol Policy. In the wild, this link could lead to a fake company intranet page or a malicious document designed to steal login credentials or infect your device with malware.
If you think the email is authentic, check if the sender’s email is familiar and legit. You can also contact the sender on an alternate, trusted form of communication to verify the request before clicking.
Eyes on the Prize
This simulation plays on that excitement, with an added twist. The email not only notifies you that you're the winner of a Walmart prize draw but also mentions a possible delivery fee if the prize is over 10 lbs. This detail adds another layer of curiosity, prompting you to click the link to see what you've won and if you'll need to pay extra for delivery. Fake giveaways frequently impersonate credible companies and request sensitive information or upfront payments. This could lead to a fake Walmart website designed to steal personal information or financial credentials.
Did you know? In 2023, according to the FTC, the total loss for prizes, sweepstakes, and lottery fraud amounted to $30.3 million, with an average loss of $1,000 per victim (Federal Trade Commission, 2024).
Merging of minds
.jpg?width=620&height=517&name=miro-brainstorming-Dec-2024%20(1).jpg)
Collaboration is key in the workplace, and this simulation uses that to its advantage. The email invites you to join a brainstorming board on Miro, a popular online whiteboard tool. The invitation creates a sense of inclusion and curiosity, prompting you to click a link to accept. But be careful – this could be a trick! The 'Accept Invite' button could lead to a fake Miro website designed to steal login credentials or personal information.
If you think this is an authentic invite, ask yourself: Does my company use this tool? Do I have an authorized company Miro account already? If so, do I recognize the person inviting me? Instead of clicking the link, log into Miro directly to check if it’s real.
Mystery Order
This simulation capitalizes on the intrigue of unexpected deliveries. You receive an email that appears to be from Target, notifying you that an order is on its way. But here's the catch – you don't remember placing an order. Did your spouse make a surprise purchase? Was your account compromised? Or maybe it's a forgotten subscription resurfacing? This uncertainty, mixed with a dash of curiosity about what might have been ordered, entices you to click the "Track Order" button. However, this seemingly harmless action could lead you to a fake Target website designed to steal your login credentials or financial information.
Instead of clicking, you can verify if it’s legit by asking Target customer service directly. Visit their website and locate a support phone number or email. If the email provides a number to call, skip over that as it could be fake, too.
Staying ahead of cyber threats is a continuous effort, not a one-time fix. Integrating these five phishing scenarios into your training program empowers your team to remain vigilant against evolving cybercriminal tactics. A well-informed and prepared team is your most robust defense against phishing attacks.
Explore our blog for diverse examples to keep your security awareness training engaging and effective!
Want more phishing template inspiration?Explore our blog for diverse examples to keep your security awareness training fresh and engaging!
Ready to launch your next phishing campaign? Register now for a free 10-day trial of Wizer Boost to explore all of Wizer’s Phishing Simulation Templates and Phishing Exercises.
Sources:
CyberReady. It’s the phishiest time of the year again. October 25, 2023. https://cybeready.com/phishing-attacks/its-the-phishiest-time-of-the-year-again.
Federal Trade Commission. 2023 Consumer Sentinel Network Data Book. February 2024. https://www.ftc.gov/system/files/ftc_gov/pdf/CSN-Annual-Data-Book-2023.pdf.
.png)
