PROFESSOR PHISH
"The email looks like Tuesday. That's the point. By the time you read it twice, the wire is already out."
CLASSIFIED EXERCISE
Wire Request Anatomy
You are Sarah Patel, Executive Assistant at Caldwell Manufacturing. You have just received the following email. You have 90 seconds to find every red flag before you send a $3 million wire.
MISSION PARAMETERS
90 seconds on the clock — the same pressure Sarah feels
Click every suspicious element in the email you can find
8 red flags hidden in the email — find them all
s
/8
Click on every suspicious element you can find in this email
URGENT: Wire transfer - Meridian acquisition (CONFIDENTIAL)
RED FLAG #2 — Urgency + Secrecy Combo
URGENT + CONFIDENTIAL in the same subject line is the dual manipulation signature of every BEC attack. Urgency prevents careful thought. Secrecy removes human verification. Every FBI BEC case file contains both words in the subject line.
Sarah,
I'm in a board meeting and can't talk
RED FLAG #3 — Unavailability Fabrication
Classic isolation technique. The attacker cannot risk a callback — so they pre-empt it. "Can't talk" removes the most basic verification: calling your CEO. Every BEC playbook begins by making the supposed sender unreachable.
. We need to close the Meridian acquisition TODAY before their deadline. Please wire $3,000,000
RED FLAG #7 — Over Policy Limit
A $3M single wire request from a CEO by email alone should trigger automatic escalation to dual authorization. Most corporate wire fraud policies require verbal CEO confirmation for any wire above $50K–$250K. If your company lacks this policy, you are unprotected.
to the following account immediately:
Bank: Citibank Singapore
RED FLAG #4 — Foreign Beneficiary Bank
Caldwell is a domestic US manufacturer. A legitimate acquisition escrow would use a US law firm escrow account, not a foreign bank wire to Singapore. International wires to new accounts require 48-hour mandatory verification under best-practice treasury policy.
Account: 7823-4491-0023
Routing: 021000089
Ref: MERIDIAN-ACQ-2025
This must clear before market close (4pm EST)
RED FLAG #6 — Artificial Deadline
"Market close" is a fabricated pressure mechanism. Private company acquisitions do not work on 4pm EST wire deadlines — they use settlement periods measured in days, not hours. Urgency is the attacker's most reliable tool: it prevents deliberate thought.
. Do NOT loop in legal or AP yet
RED FLAG #5 — Remove All Verification
This single sentence is the entire attack. It removes: Legal (who would check wire instructions), Accounts Payable (who would verify the new beneficiary), and dual authorization. If you follow this instruction, you have disabled every safety checkpoint yourself. On the attacker's behalf.
— the deal is under NDA until tomorrow's announcement.
I'll call you once I'm out of the meeting
RED FLAG #8 — The Phantom Callback
He won't call. This line exists to stop Sarah from calling him first. If she waits for the callback, she'll receive either silence — or a deepfake voice call using a cloned version of James Whitmore's voice synthesized from his conference videos. The callback is the final layer of the trap.
.
--
James Whitmore
Chief Executive Officer, Caldwell Manufacturing
+1 (513) 892-4401 | caldwellmanufacturing.com
YOUR TIME
s
FASTER THAN
%
of all students
Distribution of student completion times — log-normal, avg 40s
/8
ALL 8 RED FLAGS — REVIEWED
PHASE 3
Build the Policy Stack
Toggle every policy ON. These 8 controls would have stopped the Caldwell wire.
FULL POLICY STACK ACTIVE
These 8 policies would have stopped 94% of BEC attacks. Caldwell Manufacturing had none of them. The $2.97M wire went out at 3:47 PM. Patricia Dunmore retired early. The orchestrators were never identified.
