Storyline Design: Phishing Simulation Demo

Jul 23, 2020

I just launched a phishing simulation that's getting some great feedback and I wanted to share it out here.

Instead of using imagery that focus on the level of potential risk (hackers, broken computers, etc.), I designed the course's graphics and interactions to be a more positive experience than other IT security courses I've seen. It's the difference between designing around a scarcity mindset versus an abundance mindset. The training adopts a coaching tone to highlight common strategies to look for in phishing attempts.

Here's the link: Phishing Simulation Sample

Is anyone else out there building compliance courses with delight and engaging visuals at the forefront? I'd love any feedback you may have!

34 Replies

Allison LaMotte
Staff

over 3 years ago07/24/20 at 1:27 pm (UTC)

This is super cool! I love the realistic examples and that you can actually hover over the different elements like you would in real life. Thanks for sharing, Marcus!

Judy Nollet
Hero

over 3 years ago07/24/20 at 1:59 pm (UTC)

Nice work, Marcus! I like the positive tone, including the lighthearted messages (e.g., dental reminder).

over 3 years ago08/04/20 at 3:52 pm (UTC)

Thanks, Allison!

over 3 years ago08/04/20 at 3:52 pm (UTC)

Thanks, Judy!

Matt Peers

over 3 years ago08/19/20 at 4:46 pm (UTC)

Brilliantly simple but effective simulation

over 3 years ago08/21/20 at 12:29 pm (UTC)

Thanks, Matt!

Maureen Wilson

over 3 years ago08/25/20 at 8:12 pm (UTC)

THis is super cool. can you sahre the story file?

Anselm Geske

over 3 years ago08/26/20 at 2:27 pm (UTC)

Great to see, that not everyone goes the same way to tell the always same story.

Now that I read a lot about better design, I feel a bit confused. An outstanding idea (regarding mindset to address) can go with quite conventional design methods, which are just unusual in that context.

There are so many things we're just used to interpret conventionally, that a mix may be a risk, but a chance as well. And yet any other mix in a totally different context could go awfully wrong.

"Doing it different with decency" may be the golden rule. Or which formula would you derive from this awesome experiment?

Susi Victor

over 3 years ago08/27/20 at 6:32 am (UTC)

The background and the scenarios are really good, besides the fish hovering on the side! Nice touch!

Margaret Lawrence

over 3 years ago08/29/20 at 4:04 am (UTC)

Real nice...very engaging. Thanks.

over 3 years ago08/31/20 at 1:49 pm (UTC)

Anselm, that's a great thought. Using thoughtful design, in both graphics and curriculum development, should hopefully lead to novel experiences for our learners.

It's a tricky balance choosing tone and aesthetic when it comes to training. Certain topics can't be treated with levity, but that doesn't mean all topics require a semi-punitive backdrop.

One framework I've been using to help in the design process is the SCARF model, developed by Dr. David Rock. It has helped identify potential areas that put learners in a heightened emotional state, leading to reduced cognitive engagement with the content. The SCARF model has influenced both what goes into the course and how it's ultimately presented.

over 3 years ago08/31/20 at 1:50 pm (UTC)

Hi Maureen, I'll reach out to you in a direct message!

Jesus Escribano

over 3 years ago10/13/20 at 11:42 am (UTC)

Greatings from Spain. Real nice. Can I have the story? Thanks

Jesus Escribano

Greg Williams

over 3 years ago11/04/20 at 3:57 pm (UTC)

Beautiful experience, thanks for sharing!

I'm looking at doing something similar, and something our team has identified as a reason employees don't do well identifying phishing attempts is because they are in a hurry. This got me thinking, have you considered adding a timer or sorts that either counts down or counts up? That may add a sense of urgency that is more common when looking at emails, and then they can try and beat their best score if you have additional questions to pull from for multiple attempts.

Hoping to create something like that myself, but would love any tips or suggestions if you can share (including the files!). If not, I totally get it.

Thank you!

Greg Williams

over 3 years ago11/04/20 at 4:15 pm (UTC)

Also I found this as a free resource for anyone interested: https://phishingquiz.withgoogle.com/

over 3 years ago11/11/20 at 4:22 pm (UTC)

Thanks!

The thought of doing a timer is great. I've built timers in the past, and that seems like it would take things to the next level because of how it nods to the reality of people quickly jumping through their emails.

I'll send the files along, Greg.

over 3 years ago11/11/20 at 4:24 pm (UTC)

This was one of the big pieces of inspiration for the end product! We needed a way to add it to our LMS. We're also encouraging our employees to stop using Gmail instead of their Microsoft accounts for security reasons, so it was an intentional move to step away from all the Gmail branding.

over 3 years ago11/11/20 at 4:25 pm (UTC)

Wonderful, thank you Marcus!

Tarsha McLellan

over 3 years ago11/18/20 at 4:35 am (UTC)

This is great Marcus! I would love the story file if you can share?

Sheetal Pal

over 3 years ago01/07/21 at 11:41 am (UTC)

That's wonderful Marcus!! Really loved it.

I did try my hand at creating one with google images. It was a pretty basic one. But your's seem way out of the league. It's neat, attractive, simple yet engaging.

Would love to hear how you went about it. I mean the different elements used including the hovering to check the details.

3 years ago02/03/21 at 3:18 pm (UTC)

Hi Marcus! Are you willing to share the storyline file with me as well? We're in the midst of revamping our security compliance learning and I'd love to see how you created this awesome quiz!!

Chris Gehrig

3 years ago02/23/21 at 6:30 pm (UTC)

Hi Marcus, would I be piling on if I asked you if you would mind sharing the project with me. I am looking for a different look and feel for the same old phishing corporate training and your is so fresh and clean and...well-presented.