S
SECURITY.EXE
_
[]
X
🎣

SPOT THE PHISH

Security Awareness Training: Phishing Edition • Use arrow keys or navigation dots to browse slides

The tells, the drill, and what to do in the first 60 seconds.


All Employees • 20 Minutes • Required Annually

A
AGENDA.TXT
_
[]
X

Today's Phishing Awareness Training

Select an item to navigate. Use keyboard shortcuts for faster access.


Primary Items
  • Why Phishing Still Wins
  • Attempts Blocked by Quarter
  • The 5 Tells of a Fake Email
  • Attacks by Channel
  • Reporting Metrics Dashboard
Secondary Items
  • The First 60 Seconds Playbook
  • Live Drill, Step by Step
  • Report Phish & What Happens Next
  • Practice: 3 Sample Emails
  • Open Discussion & Q&A Session
Status: READY
x
Notify participants
Record session
Estimated duration: 20 minutes Last updated: 05/01/2026 Items: 10 total
R
README.DOC
_
[]
X

Why Phishing Still Wins

Last quarter, phishing was the initial entry point in the majority of the incidents our security team investigated. Attackers don't need to break in — they only need one employee to click one link, in the six seconds it takes to skim an inbox. This module builds the reflex that stops that click.

The Problem

Modern phishing spoofs real coworkers, vendors, and even IT itself. Messages arrive at 8:58am with a fake calendar invite or invoice, timed for when you're moving fast. One click can hand over a password, an MFA code, or a live session token.

The Defense

Pause before you click. Verify the sender's real domain. Hover every link before trusting it. Report suspicious mail with the Phish Alert button — Security triages every report, and reporting is never the wrong call.

Reports / Qtr

1,340

Median Report Time

4m 12s

Training Completion

96%

Attacks Blocked

312 this qtr

D
DATAVIEW.CSV
_
[]
X

Attempts Blocked by Quarter


Phishing Emails Reported (hundreds)

7
9
11
13
Q1Q2Q3Q4
Highlights
  • 1,340 phishing emails reported this quarter
  • Median report time down to 4m 12s
  • 312 real attacks stopped before a click
MetricCountNote
Reported Emails1,340this qtr
Confirmed Phish312blocked
Credentials Reset6contained
Training Completion96%all employees
Data source: Phish Alert reporting log Chart: quarterly reported volume Latest: 312 confirmed blocks
F
FEATURES.INI
_
[]
X

The 5 Tells of a Fake Email

Every real phishing sample from last quarter had at least one of these five signals.


Tell Frequency (last quarter)
x
Sender domain mismatch
x
Urgent or threatening language
x
Link text hides a different URL
Unexpected attachment or login page

Emails Caught by These 5 Tells

86%

Tell Details

Sender mismatch: Display name says "IT Help Desk" but the address is it-support@secure-mail-verify.com, not @company.com.

Urgency: "Your account will be suspended in 2 hours" or "Action required immediately" pressures you to skip verification.

Hidden links: Button reads "Reset Password" but hovering shows a link to a lookalike domain, not company.com.

Generic greeting: "Dear Valued Employee" instead of your name is a strong signal of a mass phishing campaign.

Reported

1,340

Confirmed

312

Clicked Before Report

6

G
GRAPHS.BMP
_
[]
X

Attacks by Channel


61%
19%
13%
7%
EmailText (Smishing)Voice (Vishing)Chat Apps
Channel Breakdown (last quarter)
Email 61%
Text / SMS (Smishing) 19%
Phone Calls (Vishing) 13%
Teams / Slack Chat 7%

Key Insight

Email is still the top vector, but smishing and vishing are the fastest-growing this year — the same 5 tells and the same first-60-seconds drill apply to every channel.

Total Attempts Tracked: 1,652 • Channels Covered: 4

M
METRICS.LOG
_
[]
X

Reporting Metrics Dashboard


Reported

1,340

▲ up 22%

emails this quarter

Median Report Time

4m 12s

▲ faster

was 11m last year

Training Done

96%

▲ +4pts

all employees

Attacks Blocked

312

▲ contained

before any damage

Reports Trend (6 months)

180
210
260
300
370
470
JanFebMarAprMayJun
Program Facts
Employees Trained2,180
Modules RequiredAnnual
Simulated Phish Sent / Qtr4,200
Click Rate vs Last Year-64%
Report-to-Triage SLA15 min
Report Phish button lives in your Outlook toolbar — one click sends it straight to Security ● ACTIVE
E
EXPLORER.EXE
_
[]
X

The First 60 Seconds Playbook


C:\SECURITY\PLAYBOOK

-📁 0-15s: Stop
+📁 Do not click any link
+📁 Do not reply or forward
-📁 Do not open attachments
 📄 screenshot it first
 📄 note the sender address
-📁 15-35s: Verify
+📁 Hover the link, read the real URL
+📁 Check sender domain vs company.com
+📁 Confirm by phone or Teams if unsure
-📁 35-60s: Report
+📁 Click the Report Phish button
+📁 Or forward to phish@company.com
+📁 Delete after confirmation lands
-📁 If You Already Clicked
+📁 Change your password now
+📁 Call the Security hotline
+📁 No blame — fast reporting is what matters
Response Playbook
StepTime BudgetOwner
Stop0-15sYou
Verify15-35sYou
Report35-60sYou + Security
Triage<15 minSecurity team

How Reporting Works

The Report Phish button lives in every mailbox toolbar. One click routes the email to Security, quarantines matching copies company-wide, and confirms receipt in your inbox.

Outlook Add-in Report Button IT Hotline
Average time to triage a report Under 15 minutes
T
TIMELINE.PRJ
_
[]
X

Live Drill: 3 Sample Emails


SAMPLE 1
x
"IT Password Expiring"
  • Sender: it-help@secure-verify-mail.com
  • Link text hides a lookalike domain
  • Verdict: phishing — report it
SAMPLE 2
x
"Invoice #4471 Overdue"
  • Fake vendor, real logo, wrong domain
  • PDF attachment requests macros enabled
  • Verdict: phishing — report it
SAMPLE 3
"Team Standup Moved"
  • From a real @company.com colleague
  • Link points to your real calendar tool
  • Verdict: legitimate — no action
SCORE
Your Turn
  • 3 for 3 = ready for the real inbox
  • 2 for 3 = re-watch the 5 tells
  • Ask Security if ever unsure

Check: Can you name the tell in each sample above without looking back?

Quiz

2 of 3 samples reviewed

Passing Score

3 OF 3

no partial credit on phish

Your Next Real Email

CHECK IT

apply the drill today

Unsure?

REPORT IT

reporting is never wrong

?
SHUTDOWN.EXE
_
[]
X
🛡

STOP. VERIFY. REPORT.

Your new default: pause on every unexpected email, verify before you click.
Practice the 60-second drill on your next real inbox today.

Report Phish button • phish@company.com • Security Hotline ext. 4357

Report

Phish Alert Button

Email

phish@company.com

Hotline

ext. 4357 (HELP)


Security Awareness Training • All Employees • Practice the drill today

1 / 10