Security Awareness
Training

Handle a fake invoice designed to make you call.

• Identify TOAD attack patterns
• Spot fake invoices with callback numbers
• Respond without clicking any links

Spot a phishing email before you click.

• Identify spoofed senders and URLs
• Recognize credential theft attempts
• Report phishing through proper channels

Handle a realistic voice phishing call.

• Detect caller ID spoofing tactics
• Practice callback verification steps
• Resist urgency and authority pressure

Detect fraud hiding in your text messages.

• Spot SMS phishing red flags
• Understand why text links get more clicks
• Verify messages without tapping links

Recognize the two-email trust trap.

• Identify the benign setup message
• Spot the malicious follow-up payload
• Break the false trust chain

Stop a CEO impersonation wire fraud.

• Detect executive impersonation emails
• Verify payment requests out-of-band
• Understand BEC financial impact

Recognize manipulation before you comply.

• Detect pretexting and authority scams
• Practice verification under pressure
• Understand the human element in breaches

Spot an AI-generated executive on a video call.

• Detect deepfake video call indicators
• Verify identity during live meetings
• Learn from the $25M Hong Kong case

Your public profile is their attack playbook.

• Spot phishing emails built from your own social media posts
• Verify unknown contacts through independent channels before engaging
• Detect credential harvesting pages disguised as collaboration portals

That QR code skips every email filter you have.

• Recognize phishing emails that use QR codes to bypass security filters
• Inspect URLs on mobile devices before entering credentials
• Apply verification steps for unexpected IT requests containing QR codes

Your "boss" on WhatsApp isn't your boss.

• Recognize boss impersonation tactics on messaging platforms
• Resist urgency and pressure techniques used in gift card scams
• Verify requests through official company communication channels

That virus warning is the actual attack.

• Recognize fake virus alerts and browser hijack tactics
• Refuse remote access requests from unsolicited callers
• Follow proper incident response steps when encountering suspicious pop-ups

Top search results aren't always trustworthy.

• Detect fake software download pages promoted through search engine manipulation
• Verify software authenticity using checksums and official vendor sources
• Recognize SEO poisoning techniques attackers use to rank malicious sites

Catch a fraudulent vendor invoice using the 3-way match before it reaches the payment file.

• Run the 3-way match (PO, goods receipt, vendor master) on every invoice
• Spot lookalike supplier domains and missing PO references
• Use out-of-band callback to verify suspicious invoices

Stop a vendor banking BEC by using your authoritative directory and an out-of-band callback.

• Treat banking-change requests as the highest-risk request type in AP
• Use a procurement-controlled vendor directory as the source of truth
• Place an out-of-band callback on a recorded line before updating any record

Catch an AI-cloned executive voice on the phone before the wire goes out.

• Apply pre-arranged challenge phrases to verify verbal authorizations
• Use out-of-band callback through a separately authenticated channel
• Enforce the two-person rule for transfers above the policy threshold

Catch a spoofed calendar invite before the fake meeting page harvests your credentials.

• Read the actual organizer email, not just the display name
• Inspect the join URL against known meeting platform domains
• Verify suspicious invites out of band before clicking Join

Build a backup plan that survives ransomware.

• Apply the 3-2-1 backup rule
• Distinguish sync from true backup
• Test restoration before you need it

Practice the habits that protect unattended devices.

• Enable full disk encryption
• Build a screen-locking habit
• Secure devices in physical spaces

See why skipping updates opens real attack paths.

• Prioritize security patches by severity
• Learn from the WannaCry outbreak
• Set effective auto-update policies

Survive a ransomware attack in real time.

• Respond to a live ransomware scenario
• Follow containment and isolation steps
• Preserve evidence for forensic analysis

Think twice before plugging in that USB drive.

• Recognize planted USB devices
• Understand Rubber Ducky payloads
• Follow safe handling procedures

Know what your EDR alert means and what to do next.

• Respond correctly to EDR security alerts
• Triage alerts by severity level
• Check your device's patch status

It looks like a PDF. It runs like malware.

• Spot double-extension tricks that disguise executables as documents
• Practice safe file verification before opening shared deliverables
• Respond correctly to antivirus alerts instead of dismissing them

Your headphones are broadcasting more than music.

• Audit paired devices and remove unknown or outdated connections
• Configure Bluetooth discoverability to prevent unauthorized pairing
• Detect signs of Bluetooth eavesdropping and interception attacks

One fake text. Eight hours of stolen access.

• Detect SMS phishing attempts that mimic legitimate IT requests
• Practice proper MDM enrollment through verified security portals
• Configure device encryption and mobile security controls correctly

Your smart camera scores 28 out of 100.

• Discover and remediate default credentials on connected devices
• Apply network segmentation to isolate IoT devices from work systems
• Detect botnet indicators in smart device network traffic

A free flashlight and a free QR scanner harvest your contacts, microphone, and location. Audit and fix the device.

• Apply the one-sentence rule when reviewing permission requests
• Audit installed app permissions in device Settings
• Choose between surgical revocation and full uninstall

Defend account recovery from social engineering.

• Verify identity before processing recovery requests
• Recognize pretexting tactics targeting help desks
• Secure recovery questions and backup methods

See how breached passwords fuel automated attacks.

• Understand how credential stuffing works
• Check if your accounts appear in breaches
• Break the password reuse chain

Manage access rights through role transitions.

• Request correct access during onboarding
• Adjust permissions when changing roles
• Ensure clean offboarding removes all access

Keep access to the minimum your job requires.

• Identify when you have more access than needed
• Request and approve access changes properly
• Spot permission creep before auditors do

Set up multi-factor authentication the right way.

• Compare SMS, authenticator, and hardware keys
• Recognize and resist MFA fatigue attacks
• Configure backup methods for account recovery

Your phone buzzes for the thirtieth time. Then a Slack message says approve.

• Recognize push-bombing patterns and the urge to silence them
• Reject any MFA prompt you did not initiate, every time
• Switch from tap-to-approve to phishing-resistant factors

Build strong habits with your password manager.

• Generate unique passwords for every account
• Use autofill as a phishing detection tool
• Maintain a clean, organized password vault

Learn why admin accounts need special handling.

• Apply just-in-time access principles
• Practice separation of duties
• Secure root and admin credentials

Learn why the padlock icon is not proof of safety.

• Understand what TLS actually protects
• Spot expired and mismatched certificates
• Move past padlock misconceptions

Spot malicious downloads before they run.

• Recognize fake update prompts
• Verify file signatures before executing
• Avoid drive-by download traps

Catch the domain tricks attackers use against you.

• Spot lookalike and homograph domains
• Build URL verification habits
• Recognize common typosquatting patterns

Hidden fields silently steal your autofilled data.

• Spot hidden form fields that harvest sensitive autofill data
• Configure browser autofill settings to limit data exposure
• Report and respond to autofill-based data theft incidents

That helpful extension might be stealing everything.

• Evaluate extension permissions before installing anything
• Audit installed extensions and remove unnecessary access
• Detect signs of data exfiltration from malicious extensions

That CAPTCHA was a trap for push spam.

• Recognize fake CAPTCHA prompts designed to hijack notification permissions
• Revoke notification access from malicious websites in browser settings
• Respond to credential phishing delivered through push notifications

Know when and how to report a security incident.

• Recognize what qualifies as an incident
• Complete a security report correctly
• Understand reporting timelines and thresholds

Build a team that reports without fear.

• Practice blameless incident reporting
• Understand psychological safety principles
• Apply the aviation CRM framework

Audit who can see your shared files right now.

• Review and tighten sharing permissions
• Set link expiration dates
• Find over-shared files before auditors do

Control what external users can reach and for how long.

• Set time-bound guest permissions
• Audit and remove dormant accounts
• Limit vendor access to specific resources

Stop sensitive data from leaking through chat apps.

• Avoid sharing secrets in Slack or Teams
• Spot compromised account behavior
• Use proper channels for sensitive data

Learn what not to post on corporate accounts.

• Identify OPSEC risks in social posts
• Avoid accidental data leaks online
• Apply corporate social media guidelines

See how attackers exploit your public profiles.

• Discover what OSINT reveals about you
• Understand how posts enable spear phishing
• Audit your own social media exposure

Check what you gave permission to access.

• Review OAuth permissions on your accounts
• Spot excessive permission requests
• Revoke access from unused or suspicious apps

Spot the drop-in attendee, remove them, lock the meeting, file the report.

• Read the participant card to spot uninvited attendees
• Apply the remove-and-lock reflex within the first minute
• Use waiting rooms, passcodes, and fresh links per session

Think like an auditor to find compliance gaps.

• Identify control weaknesses before auditors do
• Map evidence to common audit frameworks
• Prioritize findings by risk severity

Navigate GRC portals and submit audit evidence.

• Upload and tag compliance evidence correctly
• Track remediation tasks to closure
• Avoid common portal submission errors

Know your personal security duties at work.

• Recognize tailgating and credential sharing risks
• Report incidents through the right channels
• Protect physical and digital access points

Connect ISO 27001 policies to your daily work.

• Match ISMS policies to real work situations
• Understand the ISO 27001 policy structure
• Spot gaps between policy and daily practice

Stay within corporate internet and email policies.

• Recognize risky email forwarding behaviors
• Understand personal device boundaries at work
• Avoid common acceptable use violations

Label data correctly by sensitivity level.

• Classify data as Public, Internal, or Restricted
• Apply the right handling rules per level
• Avoid mislabeling that leads to data exposure

Spot identity theft tactics targeting employees.

• Detect fake HR and payroll redirect emails
• Protect PII from social engineering attacks
• Respond quickly when personal data is exposed

Share files safely without creating security gaps.

• Set correct link permissions and expiration
• Choose approved tools over shadow IT options
• Encrypt sensitive files before sharing externally

Stop sensitive data from leaving your org.

• Catch misdirected emails before sending
• Strip hidden metadata from documents
• Understand insider threat patterns

Recognize the sensitive data that lives in production logs, and sanitize before sharing them externally.

• Spot PII, JWTs, and secrets in URL query strings
• Sanitize logs before sharing with vendors or third parties
• Preserve operational signal while removing sensitive values

See what your documents actually carry beyond the rendered page, and sanitize before any external share.

• Strip tracked changes, comments, and author metadata before sending
• Recognize that "Save as PDF" is layout, not sanitization
• Apply real redaction instead of drawing black rectangles

Use generative AI without leaking sensitive client data.

• Choose approved enterprise AI over consumer chatbots
• Sanitize prompts before sending sensitive details
• Re-personalize AI output inside a secure channel

Recognize the warning signs of a malicious insider.

• Spot behavioral indicators of data theft
• Understand reporting responsibilities
• Review real insider threat scenarios

Find out what happens when teams use unapproved apps.

• Identify unauthorized SaaS tools
• Understand compliance and data risks
• Learn the approval request process

That image file might be carrying more than pixels.

• Understand how malware hides in images
• Detect suspicious image file behavior
• Apply safe image handling practices

One wrong attachment. Forty-seven salaries exposed.

• Spot risky email habits before confidential data leaves your inbox
• Practice incident reporting workflows that minimize breach damage
• Build verification routines that prevent misdirected attachments

One shortcut in Slack. Credentials everywhere.

• Audit channel integrations and memberships for hidden data leaks
• Practice secure credential sharing through password managers
• Detect stale webhooks and ex-employee access before attackers do

Configure and use your VPN without leaving gaps.

• Identify split tunneling risks
• Handle dropped VPN connections safely
• Apply VPN best practices for remote work

Find out who else is on your home network.

• Change default router credentials
• Spot unauthorized devices on your network
• Update router firmware and enable WPA3