We're back with another round of our monthly series featuring 5 Phishing Simulation Templates - brought to you by the Wizer Phishing team.
Phishing simulations should support both your security awareness strategy and a positive security culture. Peruse our featured templates for this month to uncover elements that seamlessly integrate into your in-person training sessions or simulations. And, for easy inclusion in your training slide deck, simply locate the Download option at the end. Be sure to provide context and followup education to support the learner and does not penalize them - afterall, anyone can fall prey to a phish with the right message at the wrong time.
Your favorite tunes are pumping through your headphones. Suddenly, a message from the Spotify overlords pings your inbox. The subject line spells trouble: "Your Spotify Premium payment method failed." Disruption looms.
Spotify says they couldn't process your payment. The culprits? A problem with your bank, an expired card, or perhaps just not enough money. You're at a crossroads; your ad-free experience hangs in the balance.
A button, enticingly labeled "Update Details," beckons. To the untrained eye, it's a lifeline, but in the phishing world, it could be the start of more continued disruption.
Getting into the zone with some tunes can be a productive way to complete a task. So music streaming subscriptions can make useful simulated phish, as they are a personal service that sees use in a work environment - yet another crossover of personal and work in the digital spheres and all the more reason to keep a wary eye out.
Investing in the stock market, whether for fun or profit, is no longer just for the Wolf of Wall Street. So if an email with the subject line "Your Robinhood Withdrawal Initiated" flashes up, it’s going to get the attention of those who have more financial services on the go than most.
The sum mentioned is not meant to paint a catastrophic picture, as this is a phishing simulation, not a panic attack simulation.
In the world of finance, scammers leverage urgency to make you quickly press the buttons they’d expect you to press if the situation was genuine. So giving your colleagues a chance to drill this in a safe environment is a great way to highlight the risks these messages can hold.
Do you know about every message you’re going to receive? Exactly! There’s much about messaging that we can’t predict. And sometimes we can’t even predict the medium or service someone will use to message us. Nowadays you can send a message via so many apps and services. So if a message marked "REVIEW SECURE MESSAGE" pops up, and it's from the elusive Admin Security, there’s a lot we can’t be certain about in this situation.
And this simulated phishing email has no visible sending platform on purpose. It’s not from Teams, or Slack. Its intention is to test a recipient's perception about whether they judge a platform as less secure message as suspicious. And if they don’t it could mean there has been a gap in their education at some point.
Although simple, the message is still leveraging curiosity and time pressure, so it isn’t without pressures to respond, and click. If a colleague does click on this message, be empathetic as an expert about why they have been caught out. It’s a great opportunity to brief them on how frequently scammers can use emails like this example.
Ah the excitement of an early Black Friday sale and no chance of being thrown to the floor by wild crowds! Picture an email promising up to 85% off for a limited time - that is surely enough to tempt even the most relaxed of bargain hunters. And the fact it’s a phishing simulation is why it says 85%; a less exciting 30% would dramatically lower the number of people tempted to explore further.
It's good to note with your team in their trainings that this is a common feature of both real and simulated phish. An element, or two, are dialed up to an 11. With Black Friday approaching, a quick simulation reminder about offers almost too good to be true can be a good reminder to stay on their toes this holiday online shopping season.
An email from GotoMeeting swoops into your inbox. The subject line is intriguing - "You were mentioned in a meeting transcript." Your curiosity triggered, you wonder what discussions involved you.
A full transcript awaits, but there's a twist; the transcript has a ticking clock - it's available for only 7 days. Urgency sets in; you need to catch up on the dialogue before it vanishes into the digital abyss.
The "Read transcript" button is the only way to satisfy your curiosity… Unless you have spotted all is not as it seems. This is a great way to simulate curiosity in the recipient, a feature being found more frequently with ‘in the wild’ phishing emails.
Ready to launch your next phishing campaign? Register now for a free 10-day trial of Wizer Boost to explore all of Wizer’s Phishing Simulation Templates and Phishing Exercises.
That's it for this month's phishing template ideas - looking for more ideas for phishing templates? Check our blog for more.