🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
Security Awareness Coming Soon

SA Phishing Awareness

The course teaches employees the basics of phishing, how to spot red‑flag emails, and the steps to safely report suspicious messages, protecting the organization from BEC and other scams.

Who Should Take This

All staff members who handle email or instant‑message communications, regardless of technical expertise, benefit from this training. It is ideal for non‑technical employees, managers, and support personnel who need to recognize phishing attempts, understand BEC risks, and know the proper reporting procedures to keep their company secure.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

72 learning goals
1 Understanding Phishing Fundamentals
3 topics

What phishing is and why it works

  • Recognize phishing as a social engineering attack that uses deceptive messages to trick recipients into revealing sensitive information, clicking malicious links, or transferring funds.
  • Explain why phishing attacks succeed by exploiting human psychology including trust, urgency, fear, curiosity, and authority compliance rather than technical vulnerabilities.
  • Describe the potential consequences of a successful phishing attack including financial loss, data breaches, ransomware infection, identity theft, and reputational damage to the organization.
  • Explain how a single successful phishing attack on one employee can compromise the entire organization through lateral movement, credential harvesting, and privilege escalation.

Types of phishing attacks

  • Recognize mass email phishing campaigns that cast a wide net using generic lures such as fake shipping notifications, account suspension warnings, and prize claims.
  • Recognize spear phishing attacks that target specific individuals using personalized information gathered from social media, company websites, or previous data breaches.
  • Recognize whaling attacks that specifically target executives and senior leaders using highly customized pretexts such as legal actions, board communications, or confidential business matters.
  • Recognize smishing attacks delivered via SMS text messages that use urgent lures such as package delivery failures, bank fraud alerts, or two-factor authentication bypass attempts.
  • Recognize vishing attacks delivered via phone calls where attackers impersonate IT support, bank representatives, or government agencies to extract sensitive information verbally.
  • Recognize QR code phishing (quishing) attacks where malicious QR codes placed in emails, physical locations, or documents redirect to credential-harvesting websites.
  • Explain how clone phishing duplicates a legitimate previously received email with the original attachment or link replaced by a malicious version.
  • Recognize phishing attacks delivered through collaboration platforms such as Microsoft Teams, Slack, and social media direct messages where employees may have lower suspicion than with email.
  • Recognize search engine phishing where attackers create fake websites that appear in search results for common queries, leading employees to credential harvesting or malware download pages.

Phishing trends and evolution

  • Explain how phishing attacks have evolved from obvious mass emails to highly targeted, AI-assisted campaigns that are increasingly difficult to distinguish from legitimate communications.
  • Describe how attackers use generative AI to create convincing phishing messages free of grammar errors and tailored to specific industries, roles, and organizations.
  • Explain how deepfake audio and video technology enables attackers to impersonate known individuals in vishing calls and video-based social engineering attacks.
2 Recognizing Phishing Red Flags
4 topics

Sender and header red flags

  • Recognize sender spoofing by checking whether the display name matches the actual email address and identifying subtle misspellings in domain names.
  • Recognize mismatched reply-to addresses where the visible sender address differs from the address that would receive a reply.
  • Recognize external email warnings and banner indicators that flag messages originating from outside the organization as a first-line phishing detection cue.
  • Explain why receiving unexpected emails from known contacts may indicate their account has been compromised and is being used for lateral phishing.
  • Recognize lookalike domains that use character substitution, extra characters, or alternate top-level domains to impersonate legitimate corporate or vendor websites.

Content and language red flags

  • Recognize urgency and pressure tactics in phishing messages such as account suspension threats, limited-time offers, and demands for immediate action.
  • Recognize authority exploitation where attackers impersonate executives, HR departments, or IT support to compel compliance with fraudulent requests.
  • Recognize grammar errors, unusual formatting, inconsistent branding, and generic greetings as indicators that an email may not be from a legitimate source.
  • Explain how AI-generated phishing messages have reduced traditional grammar-based detection cues and why employees must rely on contextual and behavioral indicators instead.
  • Recognize emotional manipulation in phishing messages including appeals to greed, curiosity, fear of missing out, and concern for colleagues or family members.

Link and attachment red flags

  • Recognize suspicious links by hovering over hyperlinks to inspect the actual URL before clicking and identifying domain mismatches, character substitution, and URL shorteners.
  • Recognize dangerous attachment types including executable files disguised with double extensions, macro-enabled Office documents, and password-protected archives designed to bypass security scanning.
  • Explain how phishing links can lead to credential harvesting pages that closely mimic legitimate login portals for services like Microsoft 365, Google Workspace, or corporate VPN.
  • Explain how malicious attachments can install malware, ransomware, or keyloggers on corporate devices even when the attachment appears to be a routine document or invoice.
  • Recognize phishing links embedded in calendar invitations, shared documents, and cloud file-sharing notifications that exploit trust in corporate productivity platforms.

Request and context red flags

  • Recognize requests for sensitive information such as passwords, Social Security numbers, or bank details as phishing indicators since legitimate organizations rarely request these via email.
  • Recognize unusual requests that deviate from normal business procedures such as changing payment methods, bypassing approval processes, or sharing information with new recipients.
  • Recognize requests that instruct the recipient to keep the communication secret or to bypass standard channels as strong indicators of social engineering rather than legitimate business needs.
3 Business Email Compromise (BEC)
2 topics

BEC attack patterns

  • Recognize CEO fraud schemes where attackers impersonate senior executives to instruct employees to make urgent wire transfers, purchase gift cards, or share sensitive data.
  • Recognize invoice fraud where attackers impersonate vendors and request payment to updated bank account details, often intercepting legitimate invoice threads.
  • Recognize payroll diversion attacks where compromised or spoofed HR emails request changes to direct deposit information.
  • Explain how BEC attacks leverage compromised email accounts within the organization to send requests from legitimate internal addresses, bypassing external email filters.
  • Explain how attackers conduct reconnaissance on organizational hierarchies, vendor relationships, and financial processes before launching targeted BEC campaigns.
  • Recognize attorney impersonation BEC attacks where fake legal counsel contacts employees about confidential matters requiring urgent wire transfers or document sharing.

BEC prevention and verification

  • Explain the importance of verifying unusual financial requests through out-of-band communication such as a phone call to a known number rather than replying to the email.
  • Describe dual-authorization procedures for financial transactions and vendor payment changes that prevent a single compromised account from executing fraud.
  • Analyze a BEC scenario to determine which verification steps were missed and recommend process improvements to prevent recurrence.
  • Describe the procedure for verifying vendor banking changes including contacting the vendor at a previously known phone number and requiring written confirmation on official letterhead.
4 Safe Email and Messaging Practices
3 topics

Safe link and attachment practices

  • Explain the hover-before-click practice of previewing URLs by hovering the mouse cursor over links to verify the destination before clicking.
  • Explain why employees should navigate directly to websites by typing known URLs into the browser rather than clicking links in unexpected emails.
  • Describe safe attachment handling including not enabling macros in unexpected documents, verifying the sender before opening, and using corporate sandbox tools when available.
  • Analyze a suspicious email scenario to determine the appropriate sequence of safe actions including not clicking, not replying, verifying the sender, and reporting.

Safe practices for mobile and messaging

  • Explain the additional challenges of detecting phishing on mobile devices where full URLs are hidden, screens are small, and emails are often read quickly.
  • Describe safe practices for handling suspicious text messages including not clicking links, not calling phone numbers in the message, and independently verifying claims.
  • Describe safe practices for handling suspicious phone calls including hanging up and calling back on a known number, not providing information to unsolicited callers, and reporting the call.
  • Describe safe practices for QR codes including using the device camera preview to inspect the URL before opening and avoiding QR codes in unexpected contexts.

Safe practices for collaboration tools and social media

  • Describe safe practices for handling unexpected messages in collaboration tools such as Teams and Slack including verifying the sender's identity and not clicking links from external or unfamiliar users.
  • Explain why social media connection requests and direct messages from unknown individuals may be phishing reconnaissance and should be handled with the same caution as suspicious emails.
  • Describe how to verify the legitimacy of shared documents, meeting invitations, and file-sharing notifications received through collaboration platforms before clicking or downloading.
5 Reporting and Response
3 topics

Reporting procedures

  • Describe the organizational phishing reporting procedure including using the report phishing button in the email client and forwarding to the designated security mailbox.
  • Explain why every suspected phishing email should be reported even if the employee is unsure, emphasizing that false positives are preferred over missed threats.
  • Explain how reported phishing emails help the security team identify campaigns in progress, block malicious domains, and protect other employees from the same attack.
  • Describe the escalation path for phishing incidents involving credential compromise, financial transactions, or sensitive data exposure and who to contact immediately.

After clicking or responding

  • Describe the immediate steps to take after clicking a phishing link including disconnecting from the network if possible, not entering credentials, and contacting IT security immediately.
  • Describe the immediate steps to take after entering credentials on a phishing page including changing the password immediately, enabling MFA, and reporting the incident.
  • Explain why prompt reporting after falling for phishing is critical for incident containment and why employees should not feel ashamed of reporting their own mistakes.
  • Analyze a post-click phishing scenario to determine the severity of the compromise and prioritize the appropriate response actions.

Warning colleagues and preventing spread

  • Describe how to warn teammates about a phishing campaign targeting the organization by alerting through approved channels without forwarding the actual phishing message.
  • Explain the importance of not forwarding phishing emails to colleagues as warnings since forwarding can spread malicious links and attachments and instead describing the threat verbally or via approved alerts.
6 Simulated Phishing and Culture
2 topics

Understanding phishing simulations

  • Explain the purpose of simulated phishing campaigns as a training and measurement tool to improve organizational resilience rather than a punitive exercise.
  • Describe how click rates, report rates, and repeat offender metrics from phishing simulations measure organizational security culture maturity.
  • Analyze simulated phishing campaign results to identify which departments or attack vectors present the highest risk and recommend targeted training interventions.

Building a phishing-resistant culture

  • Explain how regular phishing awareness reinforcement through micro-training, newsletters, and shared examples maintains vigilance between formal training sessions.
  • Describe how a positive reporting culture where employees are recognized for catching phishing attempts reduces organizational risk more effectively than punishment-based approaches.
  • Synthesize a personal action plan for maintaining phishing vigilance incorporating hover-before-click habits, reporting discipline, verification procedures, and ongoing self-education.
  • Synthesize recommendations for improving an organization's phishing resilience by integrating technical controls, reporting procedures, simulation programs, and culture change initiatives.

Scope

Included Topics

  • All forms of phishing attacks targeting corporate employees: email phishing, spear phishing, whaling, smishing (SMS phishing), vishing (voice phishing), QR code phishing (quishing), clone phishing, and phishing via collaboration platforms.
  • Recognizing phishing red flags including sender spoofing, urgency and pressure tactics, suspicious links and URLs, unexpected attachments, grammar and formatting anomalies, impersonation of executives and trusted brands, mismatched display names, and context-based red flags.
  • Business email compromise (BEC) scenarios including invoice fraud, CEO impersonation, payroll diversion, vendor impersonation, account compromise chains, and attorney impersonation.
  • Organizational reporting procedures for suspected phishing: using the report phishing button, forwarding to IT security, not engaging with the attacker, preserving evidence, warning colleagues, and understanding the simulated phishing campaign program.
  • Practical scenario-driven training covering real-world phishing examples, safe link inspection techniques, hover-before-click behavior, verifying requests through out-of-band communication channels, and phishing in emerging channels such as Teams, Slack, and social media.

Not Covered

  • Technical email infrastructure configuration such as DMARC, DKIM, SPF, and email gateway administration (covered by IT security teams, not general employees).
  • Advanced threat hunting, malware reverse engineering, and forensic analysis of phishing payloads.
  • Penetration testing methodologies and red team phishing campaign design.
  • Programming or scripting for phishing detection automation.

SA Phishing Awareness is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified