A focused one-day training designed to equip all employees with the practical skills to recognise, avoid, and correctly respond to phishing attacks and social engineering threats. Unlike broad cybersecurity awareness programmes, this training goes deep on the most common and costly attack vector facing organisations today, training participants to slow down, think critically, and make the right call under realistic pressure.
Participants will develop sharp, applicable instincts for spotting phishing attempts including AI-crafted messages, business email compromise, spear phishing, smishing, vishing, and social engineering manipulation. They will leave knowing exactly what to do, and what not to do, when a suspicious message lands in their inbox or on their phone.
HRD Corp SBL-Khas Claimable
9:00 AM – 9:45 AM
Why Phishing Works: The Human Factor
How attackers exploit urgency, authority, fear, and trust to bypass rational thinking, with real Malaysian incident examples.
9:45 AM – 10:45 AM
Types of Attacks and How They Are Built
Phishing, spear phishing, whaling, clone phishing, smishing, vishing, quishing, pretexting, and BEC. How AI is now used to craft convincing attacks at scale.
11:00 AM – 12:00 PM
Spotting the Attack: Practical Detection Skills
Hands-on exercise identifying red flags in real and simulated phishing messages, including spoofed senders, fake links, and malicious attachments.
1:00 PM – 2:00 PM
Business Email Compromise and Impersonation Attacks
How attackers impersonate executives, vendors, HR, and IT, including deepfake voice and video. Group discussion using the Arup USD25 million deepfake case (2024).
2:00 PM – 3:00 PM
Safe Behaviour in Practice
Clear decision-making process for suspicious messages, links, attachments, and QR codes, with three realistic workplace scenario exercises.
3:15 PM – 4:15 PM
Reporting, Responding, and Limiting Damage
How to report correctly, what to do immediately after a click, and a group simulated incident response exercise.
4:15 PM – 5:00 PM
Building a Phishing-Resistant Mindset
Key habits, the role of every employee in reducing human risk, and how phishing simulation campaigns measure behaviour change over time.
Level Beginner — no prior technical knowledge required
Duration 1 Day (8 Hours) | 9:00 AM – 5:00 PM
Training Mode Physical / Online / Hybrid
Venue Online session or in-house training at client's premises
Price RM1,500 per participant (inclusive of training materials and Certificate of Completion)
Certificate Certificate of Completion awarded upon full attendance
