3
Reference Pages
03
Module
3
Simulations
Read the foundations first, then run the simulations. Each simulation is safe, self-contained, and reveals the red flags an attacker hopes you will miss.
03.A
Reference Pages
03.01
Live
03.02
Live
03.03
Live
Phishing Foundations
What phishing is, the psychology of pretexting and urgency, and the families of attack: spear phishing, whaling, vishing, and SMiShing.
Email Anatomy & Forensics
Reading the headers attackers hope you ignore. Envelope vs header addresses, Received chains, Return-Path, and tracing a message back to its true origin.
SPF, DKIM, DMARC
The three email-authentication standards. How SPF authorizes senders, DKIM signs messages, and DMARC ties them together to fight domain spoofing.
03.B
Hands-On Simulations
SIM
Sim
SIM
Sim
SIM
Sim
SIM
Sim
LAB
Lab
Teams Phishing Demo
A simulated Microsoft Teams voicemail lure leading to a credential-capture portal. Interactive red flags reveal exactly how the attack is built.
SMiShing Demo
A simulated iPhone SMS attack you step through one message at a time, with six red flags revealed as the conversation unfolds.
Vortex Collective Portal
The simulated partner-account login page behind the Teams phishing demo. A close look at how convincing a fake credential portal can be.
ChatGPhish — AI Phishing
When the AI assistant becomes the phishing surface. A simulated Open WebUI session walks through the four-step ChatGPhish attack disclosed by Permiso Security in May 2026 — phishing without an email, an attachment, or an obvious click.
Phishing Email Forensics
A suspicious email lands in your SOC queue. Inspect the rendered message, the raw headers, the real URL, and the attachment metadata. Find the seven indicators that prove it's malicious, then deliver a verdict and a response plan.