Soon
AI-Powered Phishing
Spot AI-generated phishing emails.
- Detect LLM-crafted personalization
- Identify AI writing patterns
Notify Me
Free Security Awareness Training For Everyone
Interactive 3D phishing simulations and employee cybersecurity training exercises. No sign-up, no paywall. Start learning immediately.
25+
Free Exercises
3D
Interactive
100%
Handmade
Exercise Library
What Security Awareness Exercises Are Available?
Master employee cybersecurity fundamentals with interactive phishing simulations and social engineering defense training.
Free
Phishing
Navigate a realistic phishing scenario with suspicious emails.
- Spot mismatched URLs & spoofed addresses
- Recognize urgent manipulation tactics
- Practice secure reporting procedures
Play Exercise
Free
Ransomware
Experience critical moments after opening a suspicious attachment.
- Identify malware delivery warning signs
- Understand network encryption threats
- Master immediate response protocols
Play Exercise
Free
Social Engineering
Face a convincing social engineer using psychological manipulation.
- Identify pretexting & authority tricks
- Practice secure verification techniques
- Protect sensitive information confidently
Play Exercise
Free
Social Media Oversharing
See how attackers exploit your public profiles.
- Vacation plans reveal when you're away
- Workplace details enable targeted phishing
Play Exercise →
Free
Vishing
Handle a realistic voice phishing call.
- Recognize IT support impersonation
- Verify callers through official channels
Play Exercise →
Free
Data Leakage
Explore how sensitive data accidentally escapes.
- Misdirected emails & unsecured shares
- Hidden document metadata risks
Play Exercise →
Free
Smishing
Receive a convincing SMS phishing attack.
- Fake delivery & banking alerts
- Verify before clicking mobile links
Play Exercise →
Free
Double Barrel Phishing
Experience a sophisticated two-stage attack.
- Initial message builds false trust
- Follow-up delivers malicious payload
Play Exercise →
Free
Business Email Compromise
Receive a fake executive wire transfer request.
- Identify CEO/CFO email spoofing
- Practice verification that saves millions
Play Exercise →
Free
Whaling With A Deepfake
Encounter an AI-generated executive video call.
- Deepfake impersonation techniques
- Verification protocols for video calls
Play Exercise →
Free
USB Drop Attack
Learn why found USB drives are dangerous.
- Malicious device delivery tactics
- Safe handling & reporting procedures
Play Exercise →
AI Security Training
AI Security Awareness: Defend Against AI-Powered Threats
Generative AI and large language models have created a new frontier of cybersecurity risks. Our AI security training prepares your workforce to recognize AI-generated phishing, deepfake attacks, and prompt injection threats.
Free
Clawdbot (Moltbot) Prompt Injection
Defend Clawdbot from prompt injection attacks.
- Malicious instructions in documents
- AI agent data exfiltration risks
Play Exercise →
Soon
Prompt Injection Attack
Defend against AI assistant hijacking.
- Hidden instructions in content
- Protect AI-integrated workflows
Notify Me
Soon
Deepfake Voice Cloning
Identify AI-cloned voice attacks.
- Verify suspicious voice calls
- Synthetic media red flags
Notify Me
Soon
AI Chatbot Manipulation
Secure AI-powered customer interactions.
- Chatbot exploitation techniques
- Safe AI interaction protocols
Notify Me
Case Studies
Learn from Real-World Incidents
Study actual security breaches that made headlines and understand how to prevent similar incidents.
Free
Real Incident Report
OneNote Email Attack
Sophisticated BEC attack from a real Reddit post.
Attackers infiltrated a client's email, silently monitored communications for weeks, then struck with a perfectly-timed invoice redirect using a lookalike domain.
IMPACT Nearly undetectable invoice fraud
LESSON Verification steps that stop domain spoofing
Investigate This Case →
Free
Real Incident Report
MGM Resorts Breach
The 2023 attack that cost MGM $100 million.
A single 10-minute phone call to the helpdesk gave attackers the credentials they needed to deploy ransomware across one of the world's largest casino operators.
IMPACT Full network compromise from one call
LESSON Social engineering gaps to identify and fix
Investigate This Case →
GDPR Compliance
GDPR & Data Privacy Compliance Training
Interactive exercises covering GDPR requirements, data subject rights, breach notification, and cross-border transfer rules. Build compliance awareness with practical regulatory scenarios.
Free
Marketing Consent Management
Collect and manage marketing consent properly.
- Implement compliant opt-in flows
- Handle consent withdrawal requests
Play Exercise →
Free
Data Breach Response
Respond to a data breach within 72 hours.
- Assess breach severity & scope
- Meet mandatory notification deadlines
Play Exercise →
Free
Privacy by Design Review
Build privacy into products from the start.
- Apply Privacy by Design principles
- Implement data minimization strategies
Play Exercise →
Free
Legitimate DSAR Processing
Process a data subject access request correctly.
- Verify requester identity securely
- Meet the 30-day response deadline
Play Exercise →
Free
PII Document Redaction
Redact personal data from documents correctly.
- Identify all PII elements
- Apply proper redaction techniques
Play Exercise →
Free
Fraudulent DSAR Detection
Detect fraudulent data access requests.
- Spot red flags in DSAR requests
- Verify requester identity thoroughly
Play Exercise →
Free
Third-Party Data Processor Vetting
Vet vendors who process your data.
- Assess vendor GDPR compliance
- Review Data Processing Agreements
Play Exercise →
Free
Security Incident Response
Coordinate security and privacy response.
- Assess if a breach has occurred
- Coordinate cross-functional response
Play Exercise →
Free
Cross-Border Data Transfers
Transfer data internationally under GDPR.
- Apply Standard Contractual Clauses
- Conduct transfer impact assessments
Play Exercise →
Free
Data Protection Impact Assessment
Assess privacy risks systematically.
- Identify when DPIAs are required
- Document risk mitigation measures
Play Exercise →
Free
Data Mapping and Records of Processing
Map and document your data processing.
- Create Article 30 compliant records
- Map data flows across systems
Play Exercise →
Coming Soon
Free Exercise Builder
Create your own interactive cyber hygiene exercises. Build custom email security simulations, credential theft scenarios, and threat awareness training. All for free.
Why Free Security Awareness Training?
We believe everyone deserves access to quality employee cybersecurity training. These interactive phishing simulations and security awareness exercises are our contribution to making the internet safer for individuals, small businesses, and organizations who can't afford expensive training platforms.
Frequently Asked Questions
Common questions about our free cybersecurity training exercises.
Are these exercises really free?
Yes. Every exercise in our free library is fully playable with no sign-up, no email required, and no paywall. You get the same interactive 3D simulations used by enterprise customers. The free library covers core attack types including phishing, ransomware, social engineering, vishing, smishing, and business email compromise. Enterprise features like analytics dashboards, SSO, and SCORM export require a paid plan.
Who are these free exercises for?
Anyone who wants to improve their cybersecurity awareness. Individuals building personal security skills, students studying cybersecurity, small business owners training their teams, and IT administrators evaluating our platform before purchasing. No sign-up is required. Each exercise takes 5 to 10 minutes and covers topics from basic phishing detection to AI prompt injection and deepfake whaling.
How long does each exercise take?
Most exercises take 5 to 10 minutes. Each one uses an interactive 3D simulation where you face a realistic cybersecurity scenario and make decisions at key points. Wrong choices trigger immediate corrective feedback explaining what went wrong and why. According to National Training Laboratories research, practice-by-doing achieves 75% knowledge retention compared to 5% for lectures.
Can I use these exercises for my organization?
Absolutely. Our enterprise platform adds analytics dashboards with completion tracking and performance metrics by department. Compliance reporting covers SOC 2, ISO 27001, and HIPAA. All exercises export as SCORM 1.2 and 2004 packages for any compliant LMS. SSO, white-labeling, and team management are included.
What topics do the exercises cover?
Over 25 exercises spanning phishing, ransomware, social engineering, vishing, smishing, business email compromise, deepfake whaling, and USB drop attacks. The AI security module covers prompt injection, AI-powered phishing, and deepfake voice cloning. GDPR exercises address data subject access requests, breach notification, cross-border transfers, and privacy impact assessments. New exercises are added regularly as the threat landscape evolves.