Simulated Phish - Credentials Submitted Communication

Only you know the best voice and messaging to share with your employees, but this email template can act as a starting point. Additionally, consider checking out our phishing infographics for editable templates that can be shared with your employees.

Dear [Employee Name],

In our ongoing effort to enhance our organization's cybersecurity posture, we would like to emphasize the critical importance of maintaining strong credential hygiene and recognizing the signs of phishing emails. A recent simulations indicates that you were one of several individuals that inadvertently opened a phishing link and submitted credentials to a fake website. While this was a controlled exercise and your credentials remain secure, we want to send you some resources that will help increase your awareness and vigilance.

Credential hygiene is a fundamental aspect of maintaining a robust cybersecurity posture. By adhering to good practices, such as regularly updating and using unique, strong passwords, enabling multi-factor authentication, and refraining from reusing passwords across different platforms, we can significantly reduce the risk of unauthorized access to our sensitive data and systems.

To effectively identify phishing emails, it's crucial to pay attention to the following red flags:

1. Sender's Address: Scrutinize the email address closely, as cybercriminals often use deceptive addresses that may resemble legitimate ones but have slight variations or misspellings.

2. Suspicious Attachments or Links: Exercise caution when encountering unexpected attachments or links, particularly from unfamiliar or unexpected sources. Hover over links to reveal their true destinations before clicking on them.

3. Urgency or Threats: Be wary of emails that demand immediate action or threaten dire consequences if you fail to comply. Phishing attempts often exploit a sense of urgency to bypass critical thinking.

4. Poor Grammar and Spelling: Many phishing emails exhibit noticeable errors in grammar, spelling, or formatting. Paying attention to these details can help you identify suspicious emails.

Furthermore, it's crucial to recognize potentially spoofed webpages used for credential harvesting. Keep the following pointers in mind:

1. Verify the URL: Double-check the web address in the browser's address bar, as cybercriminals may create deceptive websites with URLs similar to legitimate ones.

2. Examine the Website's Security: Ensure that the webpage is secure by looking for the padlock symbol and "https://" at the beginning of the URL. If these are missing, it may indicate a potentially spoofed webpage.

3. Check for a Password Manager: If you use a password manager to store credentials for the webpage in question and you are not seeing the password manager pop up offering to autofill credentials, you may be on a spoofed webpage. 

To support your cybersecurity awareness journey, we have created an internal resource page that offers comprehensive information, examples, and practical tips on safeguarding against phishing attempts and securing your credentials. You can access this page at [insert internal resource page link].

We strongly encourage you to report any suspected phishing emails, whether real or simulated, to our dedicated cybersecurity team. Your reports assist us in fine-tuning our defenses and raising awareness among the entire organization.

Remember, each one of us plays a vital role in maintaining the security of our organization. By remaining vigilant, following best practices, and promptly reporting suspicious activities, we can collectively protect ourselves and our valuable assets.

Thank you for your commitment to cybersecurity and for being an essential part of our defense against cyber threats.

Stay secure!