Oops — this was a phishing test
You’re not alone. This happens to people every day. That’s why we practice.
Please don’t share this with colleagues for the next 24 hours. This helps us measure awareness fairly.
No passwords were changed, sent, or stored. This page is part of a simulation your organization uses to help people recognize phishing faster.
Phishing often looks almost real. These checks help you spot the difference faster.
The display name can look familiar, but attackers can use any name. Check whether it matches the email address.
Watch for subtle domain or spelling differences. One extra character can be a fake address.
Phishing often pushes you to “verify details”, “restore access”, or “log in now”. That’s a classic signal.
Urgency, threats, shame, or curiosity are used to make you click fast. Take a 10‑second pause.
Hover (without clicking) to preview the real URL. If the domain isn’t exactly right, don’t open it.
Always check the web address before the first slash (/). A fake site can look perfect, but the domain gives it away.
Always report suspicious emails to the right place in your organization (IT/Service desk/SOC). That helps them respond faster and warn others.
If you think you downloaded something or entered data, report it immediately. Early reporting is always better than late.