Phishing Awareness Training
Learn to protect yourself from cyber threats
Welcome to CCG Cyber World's interactive phishing awareness training. This tool will help you recognize phishing tactics, understand social engineering, and reinforce safe online behaviors. Select your preferred difficulty level below to get started!
Select Difficulty Level
Did you know? 90% of cybersecurity breaches are due to human error!
Phishing Email Simulator
Click on elements in the email that you identify as suspicious or indicate phishing.
From: [email protected]
Subject: URGENT: Your Account Has Been Compromised - Immediate Action Required!
Dear Valued Customer,
We have detected unusual activitys on your account. Your account may have been compromized and require immediate verification to prevent unauthorized charge and account suspension.
Please click the link below to verify your identity and secure you're account:
https://amezon-account-verify.com/secure-login
If you do not verify within 24 hours, your account will be suspended for security purposes.
Thank you for your cooperation,
The Amazon Security Team
Suspicious URL Detector
Practice identifying suspicious URLs. Look closely at each URL and decide if it's legitimate or suspicious.
Tips for identifying suspicious URLs:
- Check for misspellings (e.g., "paypaI.com" with a capital "I" instead of "l")
- Look for added words or characters (e.g., "paypal-secure.com")
- Watch for subdomains (e.g., "paypal.suspicious-site.com")
- Be wary of URLs with random strings of characters
- Check if HTTPS is present (though phishing sites can use HTTPS too)
Real-World Phishing Case Studies
Learn from actual phishing attacks that impacted organizations and individuals.
The 2020 Twitter Bitcoin Scam
In July 2020, attackers targeted Twitter employees through a sophisticated phone spear-phishing attack. By impersonating IT staff, they tricked employees into providing their credentials for internal systems.
The FACC CEO Fraud Case
In January 2016, Austrian aerospace parts manufacturer FACC fell victim to a sophisticated "CEO fraud" attack. Attackers impersonated the CEO in emails to the finance department.
SolarWinds: Operation SUNBURST
In 2020, attackers compromised SolarWinds' build system and inserted malicious code into the company's Orion software updates. The initial access likely involved targeted phishing against SolarWinds employees.
Resources & Cheat Sheets
Download these resources to keep essential cybersecurity information at your fingertips.
Phishing Red Flags Cheat Sheet
A quick reference guide to spotting common indicators of phishing emails.
Social Engineering Defense Tactics
A comprehensive guide to defending against various social engineering attacks.
Cybersecurity Tips: Phishing Awareness
This page is an educational tool created by CCG Cyber World to help users recognize phishing tactics and reinforce safe online behaviors. Review the tips below to understand common signs of phishing attempts:
-
Inspect the URL Carefully: Phishing websites often mimic legitimate URLs with slight misspellings or additional characters. Always double-check the web address.
-
Ensure HTTPS is Present: A secure site will use HTTPS. While this alone doesn't guarantee authenticity, it's an essential security step.
-
Watch for Urgent Language: Scammers often use alarming phrases like "Immediate action required!" or "Your account is at risk!" to pressure users into making hasty decisions.
-
Hover Before Clicking: Hover over any link to preview its destination before clicking. If something feels off, it's best to avoid it.
-
Protect Sensitive Information: Reputable websites don't request sensitive data (e.g., passwords, banking details) through pop-ups or unsolicited emails.
-
Use Multi-Factor Authentication: Enable MFA whenever possible as it adds an extra layer of security even if your password is compromised.
-
Keep Software Updated: Regularly update your operating system, browsers, and applications to protect against security vulnerabilities.
Social Engineering Awareness
Learn about social engineering tactics beyond phishing that manipulate people into divulging confidential information or performing actions against their interests.
Vishing (Voice Phishing)
Phone-based social engineering where attackers impersonate trusted entities to trick victims into revealing sensitive information or performing actions.
Common Scenarios:
Defense Tactics:
Pretexting
Creating a fabricated scenario (pretext) to engage a victim and gain their trust to obtain information or access to systems, facilities, or data.
Common Scenarios:
Defense Tactics:
Smishing (SMS Phishing)
SMS-based social engineering that uses text messages to deceive recipients into clicking malicious links, downloading malware, or revealing sensitive information.
Common Scenarios:
Defense Tactics:
Impersonation
Assuming the identity of someone else (colleague, executive, IT support) to manipulate victims into performing actions or revealing information.
Common Scenarios:
Defense Tactics:
Social Engineering Simulation
Test your ability to recognize various social engineering attempts. Read each scenario and identify the type of social engineering being used.
You receive a phone call from someone claiming to be from Microsoft Technical Support. They say that your computer has been sending error signals to their server, indicating a severe virus infection. They need your immediate assistance to fix the issue before your data is lost.