Why Phishing Works

20 minutes

Welcome to Module 1

Before we can protect ourselves from phishing, we need to understand why these attacks work in the first place. Spoiler: it’s not because victims are stupid or careless.

What You’ll Learn

In this module, you’ll discover:

  1. Why phishing is about psychology, not technology — Attackers exploit how our brains work
  2. Why smart people fall for scams — Intelligence doesn’t protect you (and why that’s actually good news)
  3. Why traditional training no longer works — The “spot the typo” approach is obsolete
  4. What modern attacks look like — AI has changed the game completely

The Core Insight

Every phishing attack has one critical weakness: It needs you to act before you think. By simply pausing to verify, you defeat most attacks.

This module sets the foundation for everything else. Once you understand why phishing works, the PUSHED+VERIFY framework you’ll learn next will make perfect sense.

Time Investment

This module takes about 20 minutes to complete:

  • Lesson 1.1: The Psychology of Phishing (8 min)
  • Lesson 1.2: Why Traditional Training Fails (7 min)
  • Module 1 Quiz (5 min)