LEARN TO UNCOVER RISKY EMAILS
THE INSTRUMENT
A scenario-driven training engine that puts real phishing attacks in front of your people, then makes them prove they can spot one.
LURE does one job. It serves realistic phishing emails, smishing texts, and QR lures as structured training sessions — verdict calls, red-flag spotting, scoring so the recognition instinct gets built before an attacker tests it for real.
FORM FACTOR
Browser-based training engine. Runs on any modern browser — no install, no client software. Players trainindividually at their own pace; progress and weak spots are tracked automatically across sessions.
SESSION MODEL
Self-paced sessions of eight scenarios drawn from a randomized deck. Each session mixes phishing and legitimate messages across difficulty tiers — so players can't pattern-match their way through.
INPUTS
A scenario from the library — or one generated on demand by the AI engine. Optional difficulty bias (easy / medium / hard) and theme targeting across thirteen attack domains: Financial, IT, HR, Executive, Vendor, and eight more.
OUTPUTS
Per-session score, verdict accuracy, and flag catch rate broken down by category. Weak-spot identification surfaces the flag types a player consistently misses, and subsequent sessions target those gaps directly.
INTEGRATIONS
Claude API for on-demand scenario generation. Session data exportable for use with your existing security awareness platform or LMS.
THREE PILLARS OF PLAY
Scenarios, verdict, red flags. The same three beats a phishing email has always counted on you to rush — drilled until they are reflex
A LURE session has three moving parts. The scenario puts a realistic email, text message, or QR lure in front of you — drawn from the same themes attackers actually use. The verdict forces a binary call: phishing or legitimate. The flags make you prove it, clicking every suspicious indicator you can find before the answer is revealed.
PIL. 01
The Scenario
Every session starts from a realistic lure — a phishing email, a smishing text, or a QR code crafted to harvest credentials. Each scenario ships with a theme, a difficulty rating, and a debrief that explains exactly how the attack was constructed.
PIL. 02
The Verdict
Before you see any highlights, you make a call. Phishing or legitimate — no hedging, no partial credit. The verdict forces you to commit to a read before the evidence is revealed. Getting it wrong on a well-crafted legitimate email is just as costly as missing a real phish.
PIL. 03
The Flags
After the verdict, you prove your read. Click every part of the scenario that raised the alarm — sender addresses, urgency language, suspicious links, credential requests. Every flag you catch earns points. Every miss and every false positive feeds your weak-spot record for the next session
THE SCORING ENGINE
Ten red flag types. Every trick a phishing email has ever used, encoded as a catch your team can actually miss.
The scoring engine breaks phishing down into the ten surface indicators that separate a real threat from a clean message — spoofed domains, urgency pressure, credential grabs, reward bait. Real attacks hide their tells. LURE makes the tells gradable so missing them is a training rep, not a breach.
Verdict call
10 pts · commit before the reveal → phishing or legitimate
Sender mismatch
15 pts → display name ≠ actual sending domain
Spoofed domain
15 pts → typosquat or lookalike domain caught
Suspicious link
15 pts → hover destination doesn't match display text
Urgency / pressure
15 pts → artificial deadline or threat identified
Credential request
15 pts → direct password or login ask flagged
Reward bait
15 pts → too-good offer recognized as lure
Unexpected attachment
15 pts → file type or context mismatch caught
Generic greeting
15 pts → mass-send indicator recognized
Threat / scare tactic
15 pts → account threat pressure called out
False positive
−5 pts → flagging clean content costs you
THE RED FLAG TAXONOMY
Ten tells. Every phishing email hides at least one. Most hide three. The taxonomy is fixed so your improvement is measurable.
Every scenario in LURE is tagged with the specific techniques it contains — the same ten flags, applied across every theme and channel. That fixed vocabulary is what makes progress trackable: not "better at phishing" in aggregate, but spoofed domain catch rate up 31% across your last eight sessions.
| // FLAG | DESCRIPTION | LEVER |
|---|---|---|
| sender_mismatch | Display name is crafted to look familiar; the actual sending domain tells a different story | Authority |
| spoofed_domain | One transposed letter, one added hyphen — designed to survive a two-second glance | Deception |
| suspicious link | Anchor text says one thing; the href goes somewhere else entirely | Concealment |
| urgency_pressure | Artificial deadline inserted to suppress deliberate thinking before the click | Scarcity |
| generic_greeting | "Dear Customer" is a mass-send signal — a real sender knows your name | Recognition |
| grammar_spelling | Polished organizations don't ship typos; attackers often don't bother to either | Familiarity |
| unexpected_attachment | An unsolicited file in a context that doesn't call for one | Curiosity |
| credential_request | Direct ask for a password or token — legitimate systems never send thisr | Compliance |
| reward_bait | A prize, refund, or bonus that didn't exist before this email arrived | Greed |
| threat_scare | Account suspension or legal penalty demanding action before you can think | Fear |
END TO END
Configure, train, review, track. One loop, no manual scoring, no gap between the session and the data.
Most phishing awareness training ends with a completion checkbox and no signal about what the learner actually got wrong. LURE closes the loop — every verdict scored, every gap surfaced, every subsequent session steered toward the tells you haven't locked in yet.
