5 Things Employee Phishing Training Must Teach


An organization’s security relies on every employee’s constant vigilance, which is why employee phishing training is crucial. In their 2020 Data Breach Investigation Report, Verizon found that about 25% of all data breaches result from phishing.

Phishing attacks are getting trickier to recognize, with a whopping 97% of people unable to identify certain phishing scams. Long gone are the days of the absurd scam (e.g. Nigerian prince in need of your help) which has been replaced with much more sophisticated and subtle traps. 

As an example, scammers recently have taken to social media sites like Instagram to create very tricky giveaway phishing schemes. An account will message you about a giveaway. It will congratulate you on winning and asks you to fill out a form to accept your prize. They capitalize on your excitement and expect you to move quickly without thoroughly reviewing the validity of the message. 

Example of phishing attempt that employee phishing training should teach

To avoid being tricked, you need to deliberately pause and go through a mental checklist:

  • Have you entered the giveaway? 
  • Does the Username look legitimate?
  • Does the link look safe?

Without a thorough knowledge of ever evolving phishing tactics, one can easily fall prey to this type of phishing attack. Which leads to the all-important question: What do you need to be teaching your employees to keep their personal data and company data safe?

5 key lessons for employee phishing training:

1. Slow down and look 

Many of us go on autopilot when checking emails, answering texts, or picking up a phone call. This is why any course must train employees how to pause and look for warning signs. It’s all too easy to click a bad link if you aren’t paying attention.

2. Common phishing tells

 What do common attacks look like? What should you be looking for to know if something is a real email or a phishing scam? Good employee phishing training will walk your employees through the common warning signs and give them real-world examples so they can learn to spot this in the wild.

3. What data are scammers after 

It can be hard to properly defend yourself against phishing if you don’t know what data the scammers are after. Your training course must highlight what types of information scammers are typically after and what they do with that information.

4. Why employee phishing training is important

Until you understand the weight of phishing you probably won’t be too concerned about it. It can be tricky to get people to take the time to complete training unless they buy in, and understand why it’s worth their time. That means your employee phishing training needs to drive home the reason phishing is such a problem for your organization and for their own personal data.

5. What to do with phishing attempts

It may seem obvious what to do with phishing attempts, but there is a good chance some people at your organization have no clue. So don’t miss this crucial piece! Any phishing awareness training must include advice on next steps to take when you receive different types of phishing attempts. 

An Employee Phishing Training Course Via a Chatbot

Interested in purchasing a phishing course that has all 5 steps and more? Check out our Phishing Awareness Course. Use coupon code PHISH10 to get 10 free accounts (a $147 value!)

For just $20 a learner, this course, delivered by a chatbot, will teach your employees how to avoid phishing attempts using real-world scenarios. The training is delivered assessment style with 25 phishing quiz questions. If a learner gets a question wrong, the chatbot gives them pointers, so they learn as they go. After the training, the chatbot sends them phishing attempts over the next month to make sure the training sticks!

Screenshot of employee phishing course, one of the training essential courses

More to Explore