Can you tell the difference? Pick a difficulty.
How does the phishing simulator work?
You’re shown realistic email scenarios and must decide: Is it Phishing, Legitimate, or should you Verify? After each answer, you see a detailed explanation of the red flags (or why it’s safe). Your score tracks how well you detect threats.
Are these real phishing emails?
No — these are crafted scenarios based on real-world attack patterns (BEC, credential harvesting, invoice fraud, etc.). No actual malicious content is involved.
What does 'Verify' mean?
Some emails are genuinely ambiguous. The correct response is to verify the sender through a separate channel (Teams, phone) rather than clicking links. We teach this as a valid response — not everything is binary.
How many scenarios are there?
30 scenarios across 3 difficulty levels — from obvious fakes to expert-level social engineering including BEC, quishing, sextortion, and government impersonation.
Can I use this for team training?
Absolutely! Share the link with your team. Each person gets a random selection of scenarios and can compare scores. The daily challenge gives everyone the same set.
Is this tool still being improved?
Yes! This is V1 and we’d love your feedback. Visit our feedback page to suggest new scenarios or improvements.
Your Admin Toolkit
Conditional Access
🔐PurviewLabels & DLP
⚡PowerShellScript builder
🛡️SecurityCIS assessment
📐SLA CalcUptime budget
🔑Policy TesterScore your policy
📢Incident CommsStatus updates
🚀MigrationPlan your move
📧Admin CommsDraft emails
📋ComplianceFramework passport
💬 Got feedback? Share it here →