Why Phishing Works on Smart People

25 minutes

Welcome to Module 2

Phishing doesn’t succeed because people are careless. It succeeds because attackers understand human psychology better than most of us do — and they’ve built a systematic process to exploit it.

In this module, you’ll learn how phishing actually works from the attacker’s perspective, why your brain’s built-in shortcuts make you vulnerable, and why the hardest attacks to catch come from accounts you already trust.

What You’ll Learn

  1. The Attacker’s Playbook — The five-step process attackers follow, from researching targets to cashing in
  2. The Tricks Your Brain Plays — Five cognitive shortcuts attackers exploit and how to defend against each one
  3. Compromised Accounts — Why phishing from a real, hacked account is the most dangerous attack vector

Why This Matters

Understanding the attacker's method is your best defense. Once you see how phishing campaigns are built, you'll recognize the patterns — even when the execution is flawless.

Most security training tells you what to look for. This module shows you why those tricks work, so you can defend against attacks you’ve never seen before.

Time Investment

This module takes about 25 minutes to complete:

  • Lesson 2.1: The Attacker’s Playbook (8 min)
  • Lesson 2.2: The Tricks Your Brain Plays (10 min)
  • Lesson 2.3: Compromised Accounts (7 min)
  • Module 2 Quiz (5 min)