Scenario Briefing
The IT Security Alert
Jasmine Torres, an Accounts Payable clerk at ZZZ Corporation, receives an unexpected text claiming to be from ZZZ IT Security. The message warns of suspicious login activity and pressures her to verify her credentials through a link — or risk account lockout within the hour.
Target: Jasmine Torres, Accounts Payable
Attacker: Unknown — spoofing ZZZ IT Security
Vector: SMS / Text Message (SMiShing)
Red Flags in This Attack
Flag 01
Unknown number, not company channels
Legitimate IT departments do not send security alerts via random phone numbers. Official communications come through company email, the corporate messaging platform, or a known short code.
Flag 02
Urgency and fear tactics
"Suspicious login detected" and "account will be locked within 1 hour" are classic social engineering pressure levers. They bypass critical thinking by making the target feel they must act immediately.
Flag 03
Suspicious link domain
The link goes to "zzz-itsecure.net" instead of the real company domain. Attackers register look-alike domains that pass a quick glance. Always check that the domain exactly matches the organization.
Flag 04
Asking for credentials via link
No legitimate IT team asks you to "verify your identity" by clicking a link in a text message. If your account were truly compromised, IT would contact you through verified internal channels or ask you to come in person.
Flag 05
Personalization from public data
Using the target's name and department makes the message feel official, but this information is often available on LinkedIn, the company directory, or prior breaches. Personalization is not proof of authenticity.
Flag 06
Threat of consequences for non-compliance
"If we don't hear back, we will have to escalate to your manager" is a coercion tactic. Real IT support does not threaten employees via text for not clicking links fast enough.