Employees complete mandatory phishing training each year, yet many still struggle to apply what they’ve learned when faced with realistic or ambiguous messages.
Traditional training often focuses on information rather than decision-making. While learners may recognize common phishing indicators, they are less prepared to evaluate context, identify subtle inconsistencies, and respond appropriately in real-world situations.
This project redesigns traditional compliance training into an interactive decision-making experience. Learners analyze realistic phishing scenarios before receiving instruction, mirroring the real-world moment when users must decided weather to trust a message before knowing the answer.
This experience was designed using a combination of scenario-based learning, reverse Bloom's taxonomy and progressive scaffolding.
Challenge → Scenario → Decision → Feedback → Reflection → Skill Transfer
Threat Check Framework
A simple repeatable process was introduced to support decision-making:
Recognize the threat, Assess the details and, Respond safely
Scenario-Based Design
Each activity presents a realistic situation that requires learners to analyze details, identify potential risks, and make a decision before receiving feedback.
Progressive Scaffolding
Early scenarios include guided support including prompts and interactive elements. This support is gradually removed, requiring learners to apply the Threat Check framework independently.
Reverse Blooms Taxonomy
Learners analyze realistic phishing scenarios before receiving instruction. By reversing the traditional learning sequence, learners are asked to evaluate situations and make independent decisions using prior knowledge. As the sequence progresses, learners can apply feedback from earlier scenarios, refining their ability to recognize potential threats.
Metacognitive Reflection
Learners reflect on this confidence and decision-making throughout the experience, reinforcing awareness of how and why they make decisions.
This experience shifts phishing training from a passive compliance exercise to an active decision-making process. Instead of relying on memorization, learners build the habit of pausing, assessing risk, and verifying information before engaging with a message.
By the end of the experience, learners are better prepared to apply the Threat Check framework in real-world situations
Articulate Rise 360, Canva