Phishing Simulation

Process and results for creating an immersive simulation.

Project Brief

A religious non-profit organization was experiencing a high volume of cyber attacks targeted at its national headquarters. In response, the IT leadership team enlisted the communications and training departments' help to identify solutions for reducing incidents.

Approach

A login screen.

Logistically, the training had to account for a wide range of variables. The target audience was a multigenerational office of professionals comprised of varying levels of computer literacy. Additionally, a handful of the individuals who were repeat targets worked in distributed offices across the U.S.

The team implemented a multifaceted training approach to address these challenges, including gamified social media posts on an internal Facebook group, email campaigns, and in-person training.

I led the project's e-Learning component, where I worked closely with IT security representatives to recreate realistic scenarios. After synthesizing the scenarios, I developed a branded experience that fit with the marketing's tone of "the cool professor," bypassing the common fear-based imagery that a majority of phishing simulations adopt.

I developed custom graphics and animated gifs using Adobe Illustrator, Photoshop, and After Effects to create a lighthearted and playful aesthetic. I also developed all the interactions and custom variables for the simulation using Articulate Storyline 360 and JavaScript.

I had the opportunity to lead all of the design, development, and UX/UI considerations for the project.

See the Project

Outcomes

A sample phishing email.

At the end of the training campaign, the organization saw impressive results:

Next
Connect