Our first phishing course, Spot the Scam, taught you to recognize attacks. It gave you a framework – PUSHED+VERIFY – for pausing, reading the emotional manipulation, and verifying before acting. That course was designed for anyone, regardless of technical background.

This one goes further.

Security Champion is our new intermediate course. It’s free, self-paced, and runs entirely in your browser. Five modules. About four hours. No account required.

Where Spot the Scam taught you to identify phishing, Security Champion teaches you to understand it – how attacks are built, why they work on intelligent people, and what makes some of them nearly impossible to catch with technology alone.

What the Course Covers

Module 1: Reading Links Like a Pro. You learn how web addresses actually work – the structure, the parts that matter, and the one rule that reveals where a link really goes. Then you see the four most common ways attackers disguise URLs to look legitimate. By the end, you have a step-by-step process for evaluating any link you encounter.

Module 2: Why Phishing Works on Smart People. This is the module that changes how you think about phishing. You learn the attacker’s five-step playbook, from target research to cash-out. You learn the five cognitive shortcuts your brain uses that attackers exploit. And you learn why phishing sent from a real, compromised account is the hardest kind to catch – and why it’s becoming the most common.

Module 3: Phishing Is Bigger Than Email. Phishing has expanded well beyond your inbox. This module covers text message scams, AI-generated voice calls, attacks through workplace chat platforms like Slack and Teams, social media manipulation, QR code tricks, and calendar invite exploits. The same psychological tactics work on every channel. Most people have defenses for email and nothing else.

Module 4: Business Email Compromise. BEC is the most expensive form of cybercrime in the world – $2.77 billion in reported losses in 2024 alone, according to the FBI. There are no malicious links. No malware. Just one person convincing another to send money or share sensitive data. This module covers the five types of BEC, explains why no email security tool can reliably stop them, and teaches the verification processes that actually work.

Module 5: Becoming a Security Champion. Everything comes together here. You get a four-question checklist you can apply to any message or request. Then you work through five realistic scenarios that are deliberately ambiguous – because real life is ambiguous. The goal isn’t to make you suspicious of everything. It’s to give you a reliable process that activates when something deserves a second look.

There’s a quiz after each module and a final assessment at the end. Pass and you receive a certificate.

Who It’s For

If you completed Spot the Scam and want to understand the mechanics behind what you learned, this is your next step.

If you’re comfortable with technology and want to know how attacks actually work – not just what they look like – this course was built for you.

If you manage a team and need people to understand threats like Business Email Compromise, vendor payment fraud, and compromised account attacks, you can share this course today. No setup. No cost.

If you skipped Spot the Scam because you already know the basics, start here. The material assumes familiarity with phishing concepts and moves quickly into infrastructure, psychology, and process.

Why It’s Free

Empowerment over dependence. That’s the principle this site is built on.

The goal is to make you capable, not to make you reliant on us. Open tools. Clear frameworks. Skills you own.

Everything runs locally in your browser. No data is collected. No account is needed. Your progress saves automatically so you can leave and come back without losing your place.

Start the Course

Understanding how attacks are built is the best defense against them. This course gives you that understanding.