Callback Phishing

Handle a fake invoice designed to make you call.

What You'll Learn

Training Steps

  1. A Busy Wednesday

    It's Wednesday afternoon at Harmon & Blake Consulting. You are Alice, a senior consultant who frequently uses your corporate credit card for client expenses and travel bookings. You have a packed schedule today - two client calls this afternoon and a business trip to book for next week.

  2. The Fraud Alert

    A new email arrives in Alice's inbox. The subject line catches her eye immediately - something about her corporate card.

  3. Panic Sets In

    Alice's heart races. $2,847 is a significant amount, and she definitely did not make that purchase. The email mentions account suspension - that would be a disaster with the client trip next week. Despite the red flags, panic overrides caution. Alice grabs her phone and dials the number from the email: 1-888-445-9127 .

  4. Identity Verification

    'Michael' sounds professional and reassuring. He asks Alice to verify her identity before they can discuss the charge - standard procedure, he explains.

  5. The Secure Portal

    Michael explains that to complete the fraud claim, Alice needs to verify her card details through their 'secure online portal.' He provides a URL and stays on the line to walk her through the process.

  6. Opening the Portal

    Alice opens her browser and navigates to the URL Michael provided. The website looks professional with a corporate card logo and secure-looking design.

  7. Guided Through the Form

    Michael guides Alice through the form on the screen, asking her to enter her full card number, expiration date, and security code to 'flag the compromised card and issue a replacement.'

  8. Entering Card Details

    Alice enters her corporate card details as directed by Michael over the phone.

  9. The Final Piece

    Michael thanks Alice for her patience. He explains there is 'one more step' - they need to verify her corporate banking credentials to check if any linked accounts were also compromised.

  10. Banking Credentials

    The page now shows a form asking for Alice's corporate banking portal login. Michael assures her this is the final step to complete the fraud claim.