What changes after this module
Treat phishing and manipulation as predictable failures of trust design, workload, and judgement rather than just user stupidity.
Outcome promise
- Explain why phishing succeeds even in competent teams.
- Choose one design or process change that reduces human-factor risk.
Core model
Use the diagram and terms below as the minimum model you should be able to explain after this module. If you cannot explain the model in plain language, pause here before you move on.
Key terms
- Phishing
- A deceptive attempt to make someone reveal information, run code, or trust a malicious action.
- Social engineering
- Manipulating human trust, urgency, or habit to gain an advantage.
Check yourself
Answer the prompt before you reveal the check. If you cannot answer it in your own words, revisit the model and the terms once more.
Quick check
What is the safer lesson after a phishing failure: ‘be more careful’ or something else?
Reveal the answer check
Use the event to improve cues, reporting, approval paths, and workload design so the next judgement call is easier to make well.
Reflection and evidence
Keep the evidence small. One honest reflection and one small artefact is enough to show that the learning changed how you describe, check, or design something.
Reflection prompt
Think of one message or workflow that creates avoidable urgency. How could it be redesigned to reduce manipulation risk?
Artefact
A short anti-phishing improvement note for one workflow, message type, or approval path.
Optional deeper practice
Open the workspace and compare a trustworthy message with a manipulative one. Note which cues matter most.
Move through the course
Keep the flow predictable. Stay with the stage sequence unless you have a clear reason to jump around.