Threat Awareness Training

See the trap
before you're caught

Free, interactive phishing training. No signup required. No data collected. Build the instincts that keep attackers out.

Start Training Try a Simulator

From

PayPaI Security <[email protected]>

Homoglyph: "paypa1" uses '1' not 'l'

Non-official domain

Subject

Urgent: Your account has been compromised

Urgency tactics & fear language

Message

Dear Valued Customer,

We have detected unusual activity on your account. You must verify your identity immediately to avoid permanent suspension.

Click here to secure your account → http://paypa1-secure.net/verify/confirm?token=8f3k2

Suspicious link — mismatched domain

Training Modules

Choose your training

Six interactive scenarios covering every attack vector. Start with one, master them all.

Beginner Desktop Mobile

Quick Check

Test your ability to spot phishing red flags in rapid-fire email scenarios. Build your baseline threat awareness score.

~5 min

Intermediate Desktop Mobile

Phish or Treat

A timed challenge where you classify emails as phishing or legitimate. Score points, avoid traps, beat the clock.

~8 min

Advanced Desktop Mobile

MFA Fatigue Drill

Experience a simulated MFA push-bombing attack. Learn when to approve, when to deny, and how attackers exploit fatigue.

~10 min

Advanced Desktop Mobile

Targeted Phishing

Spear phishing and whaling scenarios. Personalized attacks using OSINT-style data — the most dangerous category.

~12 min

Intermediate Desktop Mobile

Email Phishing Lab

Deep-dive header analysis. Inspect raw email headers, trace spoofed senders, and identify malicious infrastructure.

~15 min

Beginner Desktop Mobile

SMS Smishing

Identify fraudulent text messages. Package delivery scams, bank alerts, and government impersonation via SMS.

~6 min

Process

How it works

Three steps from zero to threat-aware.

Analyze

Examine real-world phishing attempts in a fully safe, sandboxed environment. No credentials at risk. Ever.

Identify

Spot the red flags — suspicious senders, urgency tactics, homoglyphs, domain spoofing — that separate phishing from legitimate messages.

Protect

Build instincts through repetition. The muscle memory you develop here protects you and your entire organization from real attacks.

justforphishing.com — Email Phishing Lab

[email protected]

Urgent: Your account has been compromised

PHISH

[email protected]

Your pull request has been merged

LEGIT

[email protected]

Your order has shipped — verify now

REVIEW

[email protected]

Password reset required immediately

PHISH

Platform

Train anywhere

Desktop simulator for deep header analysis. Mobile app for daily practice and streak building.

Download on the App Store

Get it on Google Play

Sync your progress across devices

Just For Phishing

🔥

Day streak

Daily Challenge

Spot the Spear Phish

84%

Accuracy

4/6

Modules

Home

Train

Progress

Settings

Training Scenarios

Interactive Modules

Free & Private

Data Tracking

For Organizations

Bring phishing training
to your team

Deploy realistic phishing simulations across your organization
Track employee progress with real-time dashboards
Export compliance-ready training reports
Run team leaderboards to drive engagement
Customize scenarios to match your threat landscape

20+

Scenarios

Modules

Real-time

Analytics

Admin Dashboard

Team Click-Through Rates

Before Training

68%

After 2 Weeks

31%

After 1 Month

Result

90% reduction in
click-through rate

Cross-Device

Sync Your Web Progress to the App

Completed modules on desktop? Carry your progress to the mobile app in one tap.

See the trapbefore you're caught

Choose your training

How it works

Analyze

Identify

Protect

Train anywhere

Bring phishing trainingto your team

Stay ahead of emerging threats

Sync Your Web Progress to the App

See the trap
before you're caught

Bring phishing training
to your team