Threat Awareness Training

See the trap
before you're caught

Free, interactive phishing training. No signup required. Progress stays in your browser. Build the instincts that keep attackers out.

Start Training Try a Simulator

From

PayPaI Security <[email protected]>

Homoglyph: "paypa1" uses '1' not 'l'

Non-official domain

Subject

Urgent: Your account has been compromised

Urgency tactics & fear language

Message

Dear Valued Customer,

We have detected unusual activity on your account. You must verify your identity immediately to avoid permanent suspension.

Click here to secure your account → http://paypa1-secure.net/verify/confirm?token=8f3k2

Suspicious link — mismatched domain

Training Modules

Choose your training

Six interactive scenarios covering every attack vector. Start with one, master them all.

Beginner Desktop

Quick Check

Test your ability to spot phishing red flags in rapid-fire email scenarios. Build your baseline threat awareness score.

~5 min

Intermediate Desktop

Phish or Treat

A timed challenge where you classify emails as phishing or legitimate. Score points, avoid traps, beat the clock.

~8 min

Advanced Desktop

MFA Fatigue Drill

Experience a simulated MFA push-bombing attack. Learn when to approve, when to deny, and how attackers exploit fatigue.

~10 min

Advanced Desktop

Targeted Phishing

Spear phishing and whaling scenarios. Personalized attacks using OSINT-style data — the most dangerous category.

~12 min

Intermediate Desktop

Email Phishing Lab

Deep-dive header analysis. Inspect raw email headers, trace spoofed senders, and identify malicious infrastructure.

~15 min

Beginner Desktop

SMS Smishing

Identify fraudulent text messages. Package delivery scams, bank alerts, and government impersonation via SMS.

~6 min

Process

How it works

Three steps from zero to threat-aware.

Analyze

Examine real-world phishing attempts in a fully safe, sandboxed environment. No credentials at risk. Ever.

Identify

Spot the red flags — suspicious senders, urgency tactics, homoglyphs, domain spoofing — that separate phishing from legitimate messages.

Protect

Build instincts through repetition. The muscle memory you develop here protects you and your entire organization from real attacks.

justforphishing.com — Email Phishing Lab

[email protected]

Urgent: Your account has been compromised

PHISH

[email protected]

Your pull request has been merged

LEGIT

[email protected]

Your order has shipped — verify now

REVIEW

[email protected]

Password reset required immediately

PHISH

Platform

Train on any device

Desktop, tablet, or phone — just open the site and start training. No install, no signup, no data collected.

Training Scenarios

Interactive Modules

Free & Private

Data Tracking

Organizations

Bring phishing training
to your team

Share free, realistic phishing modules with your staff or students
Keep learner progress local on the public site
Use aggregate analytics signals without employee-level surveillance
Fork and self-host when you need custom scenarios or private reporting
Pair training with your real reporting and escalation process

Explore organization rollout

20+

Scenarios

Modules

Aggregate

Analytics

Suggested rollout path

Quick Check

5 min

MFA + SMS Drills

16 min

Email + Targeted Labs

27 min

Outcome

Practical training path
without a paywall

See the trapbefore you're caught

Choose your training

How it works

Analyze

Identify

Protect

Train on any device

Bring phishing trainingto your team

Stay ahead of emerging threats

See the trap
before you're caught

Bring phishing training
to your team