| | Back |
LAB Phishing the Crowd 107
/ flags
Skip
Professor Phish — Lab Briefing

"Three messages. Three lures. Fourteen red flags hidden in plain sight. Click every highlighted span to reveal what makes each phish tick — and what should have stopped you from clicking."

PHASE 1 — SPOT THE RED FLAGS

The Inbox Trap

Click every highlighted span in each message to reveal the red flag hidden inside.

Red Flags Found
9:47 AM ●●●●● WiFi 🔋
DMV
DMV-Notice
Text Message

DMV-Notice: FINAL NOTICE — Your driver's license has been suspended due to unpaid tolls. Pay $49.00 within 24 hours to restore driving privileges. Click: dmv-renewal-portal.gov.com/pay

Today 9:47 AM · Delivered
Mail — Inbox
⚠️ URGENT: Your FedEx package requires immediate action
FX
FedEx Delivery Today 11:23 AM
[email protected]
to you
FedEx
Express

Dear Valued Customer,

We attempted delivery of your package (Tracking #: 7489-2341-9823-XX) but were unable to complete the delivery.

A redelivery fee of $3.99 is required to reschedule your delivery. Please update your delivery preferences before your package is returned to sender.

Reschedule Delivery — Pay $3.99
→ fedex-delivery-notify.com/reschedule?id=74892341

FedEx Customer Service | 1-800-463-3339

LinkedIn InMail
From your network
JW
Jennifer Walsh • Senior Technical Recruiter at Google
San Francisco Bay Area · 347 connections
Sent 2 hours ago

Hi [First Name],

I came across your profile and was impressed by your background. We have an urgent opening for a remote Senior Engineer role at Google — $145,000 base, full benefits, immediate start.

We're moving very quickly — I need to confirm your interest today. If you're open, please complete our brief screening form so I can submit your profile to the hiring team immediately.

Complete Screening Form →
google-hiring-portal.careers-apply.net/screen

Best,
Jennifer Walsh
Senior Technical Recruiter, Google

Tip: Visit google.com/about/careers directly to verify this role exists.

red flags remaining — click the highlighted spans above to find them all.

All 14 red flags found!
You can now see what makes each phish tick. Continue to the Defender Protocol.

PHASE 2 — DEFENDER PROTOCOL

14 Red Flags. 3 Simple Rules.

Every phish in The Inbox Trap is stopped by one of three habits. Here's the full breakdown.

4
DMV red flags
5
FedEx red flags
5
Job InMail red flags
1
Navigate directly — never click links in unexpected messages

DMV texts, FedEx emails, LinkedIn InMail — none of them should have clickable links that take you to forms. Navigate directly: type dmv.ca.gov, fedex.com, or google.com/careers in a new browser tab.

Stops: DMV scam Stops: FedEx clone Stops: Job form harvest
2
Hover every link before clicking — the URL tells the truth

The button says "Reschedule Delivery" — the URL says fedex-delivery-notify.com. The InMail says "Complete Screening Form" — the URL says careers-apply.net. The button text and the real URL are never the same in a phish.

Stops: All URL spoofing Stops: Subdomain tricks
3
Urgency is the weapon — slow down when they're rushing you

"24 hours or your license is suspended." "Need your answer today." "Moving very quickly." Every phish uses urgency to bypass deliberation. The slower you go, the safer you are. Real government agencies and employers do not require decisions in hours.

Stops: DMV suspension threat Stops: URGENT email subject Stops: "Today only" recruiter
By the Numbers — 2023
$19M
DMV impersonation losses (FTC 2023)
26M/day
Peak USPS smishing texts (USPS OIG 2024)
$367M
Job scam losses, up 76% (FTC 2023)
Return to Course & Continue

Change Alias

Choose your villain name, or roll the dice.

Share Feedback

Help us improve ScamAI University

Feedback received!

Thank you for helping us improve.