Employee reported a suspicious 'CEO' email and entered credentials
A easy Cybersecurity scenario on Phishing.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 5 templates in this Track + Difficulty pool.
catalog id · phishing-credential-harvest
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- Phishing triage discipline
- Credential-exposure containment under time pressure
- Phishing · Initial AccessT1566 · TA0001MappedHigh confidence
Trains triage of a credential-harvest phishing email report.
- Multi-factor AuthenticationD3-MFAMappedHigh confidence
Trains MFA-backed containment when a password may have been disclosed.
- User Account PermissionsD3-UAPMappedMedium confidence
Trains permission scoping for the user whose credentials may be exposed.
- Continuous Monitoring · DetectDE.CM · DEMappedHigh confidence
Trains detection from mail-flow and authentication telemetry.
- IR lifecycle phaseDetection & AnalysisMappedHigh confidence
Trains initial triage and scoping of a reported phishing event.
- IR lifecycle phaseContainment, Eradication & RecoveryMappedHigh confidence
Trains session revocation and password-reset workflow.
- Phishing-Resistant MFA2.EMappedHigh confidence
Trains the MFA baseline that limits credential-theft impact.
- Email Security2.JMappedHigh confidence
Trains the email-security baseline for resilient phishing handling.
- Email and Web Browser ProtectionsControl 9MappedHigh confidence
Trains the email-protection control the scenario exercises.
- Security Awareness and Skills TrainingControl 14MappedMedium confidence
Trains the awareness baseline that complements technical controls.