Please read carefully before you begin
Dear Students,
Phishing is taking place in every space of a modern work environment. The traditional methods are still being utilized — just replaced with newer technologies. That’s the purpose of this page.
It is designed to simulate the ZZZ corporate office that has gone from a traditional in-person office to a virtual office. Voicemail still works — it is just using Teams to access the phone calls. Teams messaging is used to represent real conversations. This page will simulate the same social engineering attack, just done over Teams.
On this page, you are Ahmed Alahbab, the Benefits Coordinator of ZZZ. He has worked here for several years. A few things about him matter for what’s about to happen:
Helpful to a fault. Prides himself on being the team’s quick responder. He clears his ticket queue at end of day — tired, but motivated to wrap up before tomorrow.
Cybersecurity-aware, not cybersecurity-trained. Passes ZZZ’s annual phishing module every year and treats it as a compliance checkbox. His mental model of phishing is “weird emails and obvious typos.” A polite, well-spoken voicemail from a named person doesn’t immediately register as an attack vector.
Comfortable with outside vendors. HR routinely deals with insurance carriers, retirement administrators, and benefits-tech providers. New vendor names don’t immediately raise red flags — he assumes someone above him did the vetting.
Conflict-averse with outside callers. With coworkers internally he verifies before sharing anything. With outside callers asking for cooperation, his default is to comply quietly and follow up later if something feels off.
Doesn’t want to let anyone down. When Daniel says “I’ve already gotten the engineering folks squared away — you’re the last one,” that lands harder than it should.
Reasonable people will disagree about what Ahmed would do next. Be ready to defend your choice in discussion.
At this stage, ZZZ has heard of a potential adversary. They don’t know much about their adversary just yet, but through this interaction there will be some information disclosed to our team at ZZZ. Follow along in this scenario for phishing.
Remember: this is not you in this scenario — you are assuming the role of Ahmed. You must use this as if Ahmed were using the site. You decide if Ahmed clicks, or does not click. There may be benefits or penalties either way you choose.
This machine is now property of Vortex Collective. Every file on this device has been encrypted with military-grade AES-256. Every keystroke is being logged. Local backups have been wiped.
To restore access, you must send 2.0 BTC to the following wallet within 60 minutes. Failure to comply will result in permanent deletion of all encrypted files and public release of your data dump.
DO NOT contact authorities. DO NOT attempt recovery. DO NOT power off this machine. We are watching.