How to do it: Phishing

Code-first awareness cards showing how phishing messages look, which tools help inspect them, and which checks block them.

Awareness tools Rendered preview Defense first
Back to demo
Safe learning mode: I did not include harmful phishing commands. This page focuses on spotting lures, inspecting domains, and verifying email trust signals.

Card 1 — recognize the lure

Teach the emotional triggers first: urgency, impersonation, fake rewards, and login pressure.

Preview + Code
inbox preview
Subject: Urgent account action required From: support@secure-paypa1.example Link text says one thing, URL says another lesson: pause before clicking

Simple red-flag checklist

Use this code pane to show what users should inspect before trusting a message.

# Basic phishing checks
red_flags = [
  "urgent tone",
  "misspelled sender domain",
  "unexpected attachment",
  "login request from email link"
]

# If several appear together, stop and verify separately.

Card 2 — inspect the domain and link safely

Show the commands defenders use to check where a suspicious link really points.

Preview + Code
analyst shell
$ nslookup suspicious-example.com Name: suspicious-example.com $ curl -I https://suspicious-example.com check headers and redirects before visiting manually

Safe investigation commands

These are for inspection and verification, not misuse.

# Resolve the domain
nslookup suspicious-example.com

# Check the response headers
curl -I https://suspicious-example.com

# Optional reputation checks
# urlscan.io
# VirusTotal
# browser safe browsing warnings

Card 3 — verify sender trust signals

SPF, DKIM, and DMARC help separate real business mail from fake impersonation attempts.

Preview + Code
SPF says which servers may send mail for the domain.
DKIM signs the message so tampering is easier to spot.
DMARC tells receivers how to handle failures.
verify before trust

Mail-auth commands

Use these to teach how defenders inspect email trust records.

# Check DMARC record
nslookup -type=txt _dmarc.example.com

# Check SPF text record
nslookup -type=txt example.com

# Key lesson:
If the sender fails SPF or DKIM and looks urgent, treat it as suspicious.

Card 4 — the tools that stop phishing

Finish with the tools and habits that reduce click-through and credential loss.

Preview + Code
Password manager
Won't autofill on the wrong domain.
MFA or passkeys
Reduces the damage if a password is exposed.
Email security gateway
Filters obvious lures and malicious attachments.
User training
Still matters because social pressure is the real trick.

Defense checklist

End the lesson with the protective stack teams should actually deploy.

# Recommended anti-phishing settings
mfa = "required"
password_manager = "enabled"
dmarc_policy = "quarantine or reject"
email_banner_external = "enabled"
user_report_button = "enabled"

# Best practice: verify requests using a trusted channel, not the email link.