Phishing & Social Engineering Awareness Training

A focused one-day training designed to equip all employees with the practical skills to recognise, avoid, and correctly respond to phishing attacks and social engineering threats. This programme goes deep on the most common and costly attack vector facing organisations today, training participants to slow down, think critically, and make the right call under realistic pressure.

Programme Agenda

Why Phishing Works: The Human Factor
How attackers exploit urgency, authority, fear, and trust to bypass rational thinking. Real Malaysian incident examples are used to show how these attacks play out in practice.

Types of Attacks and How They Are Built
Phishing, spear phishing, whaling, clone phishing, smishing, vishing, quishing, pretexting, and business email compromise (BEC). How AI is now used to craft convincing, personalised attacks at scale.

Spotting the Attack: Practical Detection Skills
Hands-on exercise identifying red flags in real and simulated phishing messages, including spoofed senders, fake links, lookalike domains, and malicious attachments.

Business Email Compromise and Impersonation Attacks
How attackers impersonate executives, vendors, HR, and IT departments. Includes deepfake voice and video scenarios, with group discussion using the Arup USD25 million deepfake case (2024).

Safe Behaviour in Practice
A clear decision-making process for suspicious messages, links, attachments, and QR codes. Three realistic workplace scenario exercises to build consistent safe habits.

Reporting, Responding, and Limiting Damage
How to report correctly, what to do immediately after clicking a suspicious link, and a group simulated incident response exercise to practice the response workflow.

Building a Phishing-Resistant Mindset
Key habits every employee should build, the role of individuals in reducing organisational human risk, and how phishing simulation campaigns measure behaviour change over time.

Key Outcomes:
Identify phishing, spear phishing, BEC, smishing, vishing, and quishing attacks in real workplace contexts
Recognise the psychological manipulation tactics attackers use to bypass rational thinking
Understand how AI is making phishing attacks more convincing and harder to detect
Apply a clear decision-making process when faced with a suspicious message, link, or attachment
Report suspected phishing correctly and take immediate action if a link has been clicked
Contribute actively to reducing their organisation's human risk exposure

Fee: RM 1,500 per participant
Duration: 1 Day (8 Hours)
Training Hours: 9:00 AM to 5:00 PM
Level: Beginner
Training Mode: Physical, Online, or Hybrid
HRD Corp SBL-KHAS Claimable
Certificate of Completion included

Frequently Asked Questions

RM 1,500 per participant. The fee includes training materials and a Certificate of Completion.

No. The programme is designed for all staff with no prior technical or cybersecurity background required.

This training focuses entirely on phishing and social engineering — the single most common cause of data breaches. Rather than covering a broad range of topics at surface level, it builds deep, practical skills for recognising and responding to the exact attacks employees face every day.

Yes. This programme is HRD Corp SBL-KHAS claimable.

Yes. In-house sessions are customised with phishing examples and scenarios relevant to your industry, role types, and the tools your team uses.

Yes, a Certificate of Completion is awarded upon full attendance.

Yes. Training is available as an online session, in-house at your premises, or in a hybrid format.