The tells, the drill, and what to do in the first 60 seconds.
All Employees • 20 Minutes • Required Annually
Today's Phishing Awareness Training
Select an item to navigate. Use keyboard shortcuts for faster access.
Why Phishing Still Wins
Last quarter, phishing was the initial entry point in the majority of the incidents our security team investigated. Attackers don't need to break in — they only need one employee to click one link, in the six seconds it takes to skim an inbox. This module builds the reflex that stops that click.
Modern phishing spoofs real coworkers, vendors, and even IT itself. Messages arrive at 8:58am with a fake calendar invite or invoice, timed for when you're moving fast. One click can hand over a password, an MFA code, or a live session token.
Pause before you click. Verify the sender's real domain. Hover every link before trusting it. Report suspicious mail with the Phish Alert button — Security triages every report, and reporting is never the wrong call.
Reports / Qtr
1,340
Median Report Time
4m 12s
Training Completion
96%
Attacks Blocked
312 this qtr
Attempts Blocked by Quarter
Phishing Emails Reported (hundreds)
| Metric | Count | Note |
|---|---|---|
| Reported Emails | 1,340 | this qtr |
| Confirmed Phish | 312 | blocked |
| Credentials Reset | 6 | contained |
| Training Completion | 96% | all employees |
The 5 Tells of a Fake Email
Every real phishing sample from last quarter had at least one of these five signals.
Emails Caught by These 5 Tells
86%
Sender mismatch: Display name says "IT Help Desk" but the address is it-support@secure-mail-verify.com, not @company.com.
Urgency: "Your account will be suspended in 2 hours" or "Action required immediately" pressures you to skip verification.
Hidden links: Button reads "Reset Password" but hovering shows a link to a lookalike domain, not company.com.
Generic greeting: "Dear Valued Employee" instead of your name is a strong signal of a mass phishing campaign.
Reported
1,340
Confirmed
312
Clicked Before Report
6
Attacks by Channel
Key Insight
Email is still the top vector, but smishing and vishing are the fastest-growing this year — the same 5 tells and the same first-60-seconds drill apply to every channel.
Total Attempts Tracked: 1,652 • Channels Covered: 4
Reporting Metrics Dashboard
1,340
▲ up 22%
emails this quarter
4m 12s
▲ faster
was 11m last year
96%
▲ +4pts
all employees
312
▲ contained
before any damage
Reports Trend (6 months)
The First 60 Seconds Playbook
C:\SECURITY\PLAYBOOK
| Step | Time Budget | Owner |
|---|---|---|
| Stop | 0-15s | You |
| Verify | 15-35s | You |
| Report | 35-60s | You + Security |
| Triage | <15 min | Security team |
How Reporting Works
The Report Phish button lives in every mailbox toolbar. One click routes the email to Security, quarantines matching copies company-wide, and confirms receipt in your inbox.
Live Drill: 3 Sample Emails
Check: Can you name the tell in each sample above without looking back?
Quiz
2 of 3 samples reviewed
3 OF 3
no partial credit on phish
CHECK IT
apply the drill today
REPORT IT
reporting is never wrong
Your new default: pause on every unexpected email, verify before you click.
Practice the 60-second drill on your next real inbox today.
Report
Phish Alert Button
phish@company.com
Hotline
ext. 4357 (HELP)
Security Awareness Training • All Employees • Practice the drill today