Welcome to the June Edition of our monthly series featuring 5 Phishing Simulation Templates - brought to you by the Wizer Phishing team.
Phishing templates and awareness campaigns are absolute must-haves to thwart cyber threats! Phishing simulations play one role in testing susceptibility, while campaigns educate and empower users to better identify phishing attempts. Using a complete security awareness training and phishing simulation solution like Wizer's, can give your program a boost in a stronger security mindset, strengthening your security culture.
Without further ado, here are this month's phishing templates to highlight with your team to help them learn different tactics to be on the lookout for.
Some people like the limelight while others aren’t so keen, to say the least! Whichever camp you fall into, the announcement of a new promotional corporate video (that you might unwittingly be a star in) is hard to not be curious about. WeTransfer might not be something you see regularly in your inbox, but it fits well with the story surrounding the video, as it's popular with the creative industry. As we sit here now studying the email, questions might pop into our head - why is this not hosted somewhere internally?; why have I not seen or heard about this until now?… but that’s not how we process things in the moment. We take shortcuts to get to an answer and don’t sit there wondering when we can simply click.
The golden rule for phishing emails applies here as well - whenever a message causes us a strong emotion that makes us want to react quickly that's a great flag for stepping away before taking further action while we verify this message in other ways. It's important to help our staff identify how and when messaging like this creates these feelings in us so we can keep a level head instead of just reacting in the moment.
We can all sense when something doesn’t sound like a good thing. Anything connecting, resetting, or changing settings that we didn’t initiate gives off major hacker vibes. We can’t not respond to notifications like these, because they could be genuine.
But we can acknowledge that these make very popular phishing emails, so take a second when we see one to get in the habit of doing a few checks before continuing.
Why do these make good phishing simulation emails? They highlight that not all legit notification emails have logos or footers; they can be really simple, and even possibly look like a phish! As scammers get better at mimicking real emails, the design will be less of an indicator something is up, which will make being confident in your other checks all the more important.
We may not like to think of ourselves as nosy, but most of us would probably admit to being curious. Cybercriminals often exploit this trait by using phishing emails that pique our interest.
What are you normally doing at 8:41am? Are you racing from the car park to get at your desk for your 9am meeting?; or are you having a last read of the news, while your coffee finishes brewing? The period just before 9 is a time for getting organized, so you can focus on the day ahead. So when you get an email saying you received a message at 8:41 it’s easy to assume as someone else who has prepared for their day, they’ve realized they need to reach out to you. Is it a task they need help with? Could it be some information that will help you with your day? Is it alerting you to a problem?? Well, it could be any of these things.
And that’s the point of these types of phishing emails, it’s hard to know what it’s about without playing the message.
Not everyone is into crypto but those that are can be faced with a multitude of wallets and marketplaces for managing their digital assets. And the more identities that can turn up in your inbox the more you have to take care no one is impersonating them. A coinbase simulated phish will never get the same engagement that an email from HR will get - the audiences are very different - but it does allow you to see who does respond to topics like crypto. This gives you an opportunity to reach out and ensure they’re offered education to help them keep their digital assets, and data, safe.
It’s June and that means holiday time! What could be more topical than an email that alludes to the vague impact of ‘changes’… that may or may not affect you? Obviously, they won’t affect you, because this is a phishing simulation, so no one's plans will change. But scammers are well versed in presenting changes and adding pressure on us to push us to see if we’re affected. And they don’t mind pushing the ethical boundaries and will happily make you think your job is in danger to urge you to click, login, and put your mind at ease.
While we urge caution in utilizing these types of emails in phishing simulations as it runs the risk of cultivating bad feelings rather than inspiring stronger security habits, it is important employees are aware of the lengths criminals will go to without any qualms. That's why our downloaded version of this template (see below) also makes a good slide presentation as an alternative to using them in a real phishing simulation. Or alternatively, consider our 1-minute training of a real-life instance of the lows real phishing attacks can go.
Check out more 1-minute security awareness training videos
📥Download these Phishing Templates to use in a security awareness training session
Ready to launch your next phishing campaign? Register now for a free 10-day trial of Wizer Boost to explore all of Wizer’s Phishing Simulation Templates and Phishing Exercises.
That's it for this month's phishing template ideas - looking for more ideas for phishing templates? Check out the resources below ⬇️ And check back next month for more!
Top 6 Must-Know Phishing Simulation Templates - May Edition
Top 5 Must-Know Phishing Simulation Templates - April Edition
Top 5 Must-Know Phishing Simulation Templates - March Edition
Top 5 Must-Know Phishing Simulation Templates - February Edition