⚠️ You’ve been caught

🚨 Why this is serious

Phishing is one of the fastest ways attackers gain access to organisations. A single click can lead to:

• Compromised accounts
• Data loss or fraud
• Malware or ransomware infections
• Disruption to services and operations

Attackers are skilled at creating convincing messages that appear urgent, routine, or authoritative.

🔍 What should have raised suspicion?

While every phishing email is different, common red flags include:

• Unexpected requests for action, payments, or logins
• A sense of urgency or pressure to act quickly
• Sender addresses that don’t exactly match the organisation
• Links that lead somewhere unexpected when hovered over
• Messages that ask you to bypass normal processes

Spotting just one of these signs is often enough to stop an attack.

✅ What to do next time

If something feels even slightly off:

✅ Pause before clicking — attackers rely on speed and distraction

✅ Verify the sender using a known contact method

✅ Hover over links to check where they really go

✅ Report the email immediately using the “Report Phishing” button or your IT / Security contact

✅ Delete the email once it has been reported

Reporting suspected phishing — even if you’re unsure — is always the right decision.

💡 Important to remember

Getting caught in a simulation is not about blame. These exercises exist because phishing works — even on experienced professionals.

What matters is recognising the signs, reporting quickly, and learning from the experience.

Thank you for taking security seriously and helping protect our organisation.

Questions or concerns?

Contact your IT or Information Security team if you’re unsure about any email you receive.