Finance employee scanned 'Free Parking Validation' QR poster in lobby — entered M365 credentials on look-alike page
A easy Cybersecurity scenario on QR Code Phishing.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 5 templates in this Track + Difficulty pool.
catalog id · qr-code-phishing-parking-poster
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- Non-email phishing recognition
- Awareness-driven physical-vector triage
- Phishing · Initial AccessT1566 · TA0001MappedHigh confidence
Trains recognition of QR-coded phishing pivoted through physical signage.
- Network Traffic AnalysisD3-NTAMappedMedium confidence
Trains DNS and TLS-SNI visibility for follow-on traffic.
- Multi-factor AuthenticationD3-MFAMappedMedium confidence
Trains MFA-backed containment when a phishing landing is opened.
- Continuous Monitoring · DetectDE.CM · DEMappedHigh confidence
Trains detection reasoning when the email channel is bypassed.
- IR lifecycle phaseDetection & AnalysisMappedHigh confidence
Trains triage when phishing arrives via non-email vectors.
- Basic Cybersecurity Training2.FMappedHigh confidence
Trains the awareness baseline for non-email phishing vectors.
- Phishing-Resistant MFA2.EMappedMedium confidence
Trains the MFA baseline that limits follow-on impact.
- Security Awareness and Skills TrainingControl 14MappedHigh confidence
Trains the awareness control the scenario exercises.
- Access Control ManagementControl 6MappedMedium confidence
Trains access-control discipline for redirected logins.