Key Features

Short Courses

Courses are short & sharp, designed for the time poor employee. Most courses are approximately 2-3 minutes long.

mortarboard hat icon

Completion Certificates

Employees can celebrate their accomplishments with personalised course completion certificates.

lightbulb

Quizzes & Assessment

Training courses include interactive games, quizzes and assessments to test employee knowledge.

globa icon

Real World Examples

Developed by certified Australian professionals for the Australian context. Courses include real-life examples of scams & social engineering.

Microlessons

Clicks on Phriendly Phishing emails are used as a learning experience, showing employees what they should be looking for with regards to phishing emails.

link icon

Post-Course Surveys

We love feedback. Post-course surveys provide our team feedback to continuously improve our course offerings and deliver best-in-class training that learners actually like!

Keep Secure Mini Series

Keep Secure 5 modules

Centred on our signature Keep Secure 5 framework, staff will progress through 6 modules that help them master a security mindset across your entire enterprise

Download

Information Security

Whether a dam wall is poorly maintained or maliciously damaged, it can result in a loss of precious water. Information is your water. Have staff secure it well.

Download

Device Security

Cyber crims love that employees use their own devices for work because crims gain a less secure doorway to your data. Help workers slam that door shut.

Download

Workplace Security

Cultivate a cyber-savvy workforce that recognises information as an asset and knows their role in protecting it.

Download

Remote Working

Outside your office, workers may miss or become desensitised to security. They’re often less clear about protocols and more likely to troubleshoot for themselves. Rein in ‘cowboy’ tendencies.

Download

Good information handling and security policies are only useful if people are aware of them and understand their roles in executing them effectively. If you’re looking for training that helps your people understand their accountability, you’ll find it here, with Phriendly Phishing.

Inside out or outside in: exposed data is still exposed data

Information security goes beyond just the measures you take to prevent malicious cyberattacks from outside your organisation. It’s also about the steps you take to ensure your organisation doesn’t leave data unprotected or exposed.

You can probably guess the legal and reputational fallout if your organisation’s internal memos, performance statistics, proprietary technology or other sensitive documents were published online for the world to see. You’re similarly obliged to safeguard your clients’, employees’ and suppliers’ identifying details and personal info from being publicly exposed.

Equip your staff to secure the asset most at risk—information

It is critical that your people understand their responsibilities for implementing information security and are trained in good security practices. With Phriendly Phishing’s information security awareness training, staff learn the importance of:

  • classifying, handling and disposing of information

  • not sharing their user identification or passwords

  • backing up their computers

  • only having authorised programs installed on their work computers and work phones

  • physically securing their work computers and work phones

  • not releasing confidential information unless authorised

  • securing data when working remotely

  • scanning incoming files and links

  • reporting anything that looks suspicious.

New Courses

CyberGov: Fraud Controls AU

This course explores fraud controls to reduce and prevent the risks of fraud. Government funds lost to fraud can result in detrimental impacts to public services.

CyberGov: Fraud Controls NZ

This course explores fraud controls to reduce and prevent the risks of fraud. Government funds lost to fraud can result in detrimental impacts to public services.

CyberSecureIT: Cloud Computing​ (Intermediate)

An adaptive course exploring essential topics for technical staff involved in cloud adoption and management.

CyberSecureIT: OWASP Vulnerable & Outdated Components

Get the practical skills necessary to identify, manage, and update software components to prevent vulnerabilities when developing web applications, as outlined in the OWASP Top 10:2021.

CyberSecureIT: Security Logging & Monitoring Failures

Gain the knowledge and practical skills necessary to effectively implement security logging and monitoring mechanisms, and address related failures when developing web applications.

Misinformation and Disinformation

False information, in the form of misinformation and disinformation, spreads through online communities to have negative impacts on societies around the world.

Safeguarding Australian Research against Foreign Interference

Drawing from ASIO guidelines and government resources, this course aims to equip researchers with knowledge and practical skills to identify, mitigate, and report foreign interference risks.

Scan for S.C.A.M: Adaptive

This is an adaptive course which means you don't need to complete every lesson as the learning experience will be tailored to your knowledge. Learn how to explain the basic concepts of phishing, and apply the "Scan for S.C.A.M" technique.

Phishing Awareness Training

Angler Phishing

Angler phising is a cyber attack targeting individuals on social media platforms, online forums or other online communities. This course helps you identify and protect yourself against an angler phishing attack.

New Zealand: Scan for SCAM Emails

S.C.A.M. 1 Fundamentals introduces learners to basic S.C.A.M. (Sender, Content, Action, Manage) phishing concepts. Employees will understand basic terminology and explore the different approaches scammers use to trick people.

S.C.A.M. 1 Fundamentals

S.C.A.M. 1 Fundamentals introduces learners to basic S.C.A.M. (Sender, Content, Action, Manage) phishing concepts. Employees will understand basic terminology and explore the different approaches scammers use to trick people.

S.C.A.M. 2 Identification

S.C.A.M. 2 Identification aims to increase employee’s phishing knowledge and enhance their skill in actively analysing and identify phishing emails.

S.C.A.M. 3 Application

S.C.A.M 3 Application accelerates the experience by allowing employees to put their phishing knowledge to practice! Harness the power of peer teaching to drive phishing knowledge deeper.

S.C.A.M. Family

Phishing doesn’t stop at your organisation’s front door. Give employees the tools to help their friends and family scout for phishing locations and markers whenever they’re online.

Scan for S.C.A.M: Adaptive

This is an adaptive course which means you don't need to complete every lesson as the learning experience will be tailored to your knowledge. Learn how to explain the basic concepts of phishing, and apply the "Scan for S.C.A.M" technique.

Keep Secure Series

Module 1: Security Foundations

Learners will discover how hackers and security personnel think, highlighting the importance of everyone taking responsibility for an organisation's security.

Module 2: Cyber Attack Evolution

Learners will better understand the changes in cyber crime from it's humble beginnings to the present day.

Module 3: Social Engineering

Learners will understand the different types of social engineering attacks and how their identity can be profiled and used against them easy by an attacker.

Module 4: Online & Remote Threats

Learners will gain a solid understanding of the depth and breadth of the internet, as well as the types of attacks that can occur from online and remote locations.

Module 5: Internal Threats

This module highlights the types of risks to watch out for from within the organisation.

Module 6: Keep Secure Framework

This cybersecurity training course provides a clear framework for learners to make intelligent ongoing security decisions.

Keep Secure Mini

Module 1: Security Foundations

Learners will discover what motivates hackers, the different techniques they use to hack their victims, popular types of cyberattacks and how to protect themselves against these attacks.

Module 2: Social Engineering

Learners will discover where they might encounter cyber-attacks, the different types of social engineering attacks and how their online footprint and physical encounters could make them an easy target for attacks.

Module 3: 5 Rules to Keep Secure

Learners will discover the 5 rules to keep secure, which is designed to provide a clear framework for making intelligent ongoing security decisions.

General Security Awareness

An Introduction to Information Security

Ensure your staff understand the rules that define information security and the role that they play in protecting the organisation's information.

Anatomy of a BEC Attack

This course will outline the different levels of risk associated with BEC attacks, focusing on the different types of tactics used by cybercriminals to compromise accounts.

Bring Your Own Device (BYOD)

Bring your own device (BYOD) provides familiarity and ease for users but having diverse technologies can cause significant disruptions to organisation security. Ensure your staff understand the security.

Business Email Compromise

Employees will discover the simple, and highly effective scams using malware or social engineering in this short course.

Catfishing

Catfishing is when a scammer creates a fake online identity to trick or control someone. This course provides practical tips for identifying and avoiding a Catfish.

Cloud Security

Employees will understand risks associated with cloud computing and offers some tips on securing your information when using the cloud.

Email Security

Give your staff clarity on how they can protect the organisation and themselves by understanding email security.

Fraud Awareness

Uncover the behaviours of fraudsters to learn how to reduce the risks of fraud to you, your family and your organisation.

Handling Sensitive Information

This short course offers some tips on how to handle and protect sensitive information.

Information Classification

Introduce your staff to the concept of information classification and labelling.

Investment Scams

This course aims to empower you with the knowledge and skills needed to protect yourself and others from falling victim to fraudulent investment schemes.

Misinformation and Disinformation

False information, in the form of misinformation and disinformation, spreads through online communities to have negative impacts on societies around the world.

Mobile Phones & Tablets

Ensure your staff understand how to best protect their mobile devices at work and home.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) provides an additional layer of security for your accounts, to prevent unauthorised access. Understanding MFA will equip you with the knowledge and skills to secure your digital assets effectively.

NZ: Passwords and Passphrases

Passwords are the primary means to authenticating and accessing systems within organisations and at home. Ensure you understand the important role of passwords in keeping information safe and secure.

Online Gaming

As the popularity of online gaming continues to rise, so do the opportunities for scammers to take advantage of unsuspecting players. This course equips gamers with the knowledge to stay safe online.

Passwords & Passphrases

Ensure your staff understand the important role of passwords in keeping information safe and secure.

Personal Information

This course will help your staff understand how to keep their own and other people’s sensitive information protected.

Protecting Credit Card Information

If your staff accept or manage credit cards details at work, ensure they know how to protect those details.

Protecting Your Digital Identity

Safeguard your organisation and staff by educating them about safe cyber practices when accessing the internet.

QR Code Scams

QR Codes are meant to be convenient and efficient at directing users to the app or website required for it's purpose, and this is precisely what cyber scammers are relying on. Learn how to spot the clickbait tactics used in QR code scams.

Ransomware

This course aims to educate learners in identifying, managing, reporting, and preventing Ransomware attacks.

Remote Working

In today's digital age, more and more people are working remotely or travelling for work While this can be convenient, it also poses a risk to the security of sensitive information.

Safe Use of GenAI

Explore how to use Generative AI in the workplace responsibly. Discover ethical guidelines and practical tips for using AI-generated content.

Safety Online

This course provides employees tips on how to stay safe online and avoid any security breaches.

Scams and Social Engineering (NZ)

This course identifies some common signs of scams via social engineering. You will learn how to protect your organisation, yourself and your family from social engineering.​

Security Incidents

This course aims to highlight the dangers of security incidents and provide your staff with tips on how to protect themselves and the organisation.

Security in the Workplace

Most security breaches usually happen by human error. Empower your staff with best practices on how to keep information secure in the workplace.

Situational Awareness

This short course looks at the importance of implementing situational awareness effectively.

Smishing

Scammers developed Smishing tactics to tap into the trusting nature of text messaging. Empower your staff to spot a Smishing attack.

Supply Chain Risks

This course teachers learners where supply chain risks can occur, how to explain the human behaviour risks of supply chains and understand how to strengthen the supply chain.

Understanding GenAI

In this course you'll explore the basics of AI, and dive deeper into the world of GenAI. It will ensure you are aware of the security risks of using these tools, and stay cyber safe by using them responsibly.

Understanding Malware

This course introduces you to the main categories of malware, the most common signs and symptoms of malware infection, and how to respond to malware.​

Vendor Email Compromise (VEC)

This course focuses on Vendor Email Compromise (VEC) and the risk associated with vendors becoming compromised within the supply chain. ​ VEC is a type of Business Email Compromise (BEC)

Vishing

Your staff need to be aware of the savvy social engineering tactics and trends to protect themselves, their families and the organisation from becoming a victim of voice scams.

Workplace Security

Cultivate a cyber-savvy workforce that recognises information as an asset and knows their role in protecting it.

Remote Working

Wi-Fi

Educate your staff about the risks of Wi Fi and how to utilise this option safely.

Information Security at Home

Ensure your staff understand how to implement information security practices at home.

Device Security

Cultivate a cyber-savvy workforce that recognises information as an asset and knows their role in protecting it.

Government Guidelines

Safeguarding Australian Research against Foreign Interference

Drawing from ASIO guidelines and government resources, this course aims to equip researchers with knowledge and practical skills to identify, mitigate, and report foreign interference risks.

CyberGov: Fraud Controls NZ

This course explores fraud controls to reduce and prevent the risks of fraud. Government funds lost to fraud can result in detrimental impacts to public services.

CyberGov: Fraud Controls AU

This course explores fraud controls to reduce and prevent the risks of fraud. Government funds lost to fraud can result in detrimental impacts to public services.

PSPF: Physical Security

The PSPF is a guide to strengthen resilience across the outcomes of security governance, information security, personnel security and physical security. This course focuses on the outcome of physical security.​

Understanding the PSPF

Understand how the PSPF outcomes enable the delivery of government services. The Protective Security Policy Framework (PSPF) helps businesses and organisations safeguard their personnel, data, and property.

PSPF: Information Security

The Protective Security Policy Framework (PSPF) helps businesses and organisations safeguard their personnel, data, and property. This course focuses on the outcome of information security.

PSPF: Personnel Safety

The Protective Security Policy Framework (PSPF) helps businesses and organisations safeguard their personnel, data, and property. This course focuses on the outcome of personnel security.

PSPF: Security Governance

The Protective Security Policy Framework (PSPF) helps businesses and organisations safeguard their personnel, data, and property. This course focuses on the outcome of security governance.

Understanding UK GDPR

This course will explain what GDPR is and why it is important for all companies based in the UK, or those that process the personal data of UK citizens. All organisations must ensure they fully understand and comply.

Countering foreign interference for the New Zealand Government

Aotearoa New Zealand’s strength lies in its open economy and democratic society, but this can be exploited. Countering foreign interference requires a nationwide effort to raise the cost and reduce the benefit to foreign actors interfering in New Zealand's society.

Countering foreign interference for the Australian Government

This course aims to ensure that government employees are protected from any potential or evolving threats by foreign interference.​

CyberEducation: Foreign Interference for New Zealand Universities

This course aims to ensure that the students, staff and their research within Aotearoa New Zealand Universities are protected from evolving foreign threats.

CyberEducation: Foreign Interference for Australian Universities

This course aims to ensure that the students, staff and their research within Australian Universities are protected from evolving foreign threats.

NZ Data Management

This course has been designed against the New Zealand Information Security Manual (NZISM) as mandated by the Government Communications Security Bureau. The course aims to highlight best practices on transferring data between systems, via gateways and when using removable media.

Anti Money Laundering & Counter Terrorism Financing​

This course is based on the AML/CTF Act. It aims educate learners in identifying their customers, reporting suspicious matters, preventing and identifying money laundering activities, and the financing of terrorism.

Payment Card Industry Data Security Standard (PCI DSS)

Hackers want credit card data to be able to use the card, impersonate the cardholder, or even steal the cardholder's identity to commit other crimes in their name. This course highlights the importance of PCI DSS and provide guidelines on how to protect cardholder information.

New Zealand Privacy Act

As technology advances, and more people access information online, it is necessary that the laws around Privacy also evolve, to protect the people of New Zealand and their information. This short course highlights the key additions to the New Zealand Privacy Act.

Information Privacy & Security

This course explores the Australian Privacy Principals that provide guidelines on handling personal information throughout the information lifecycle and provides tips on how to prevent loss of information.

Security Incident Response

By understanding how to respond to security incidents, staff will be protecting the organisation, computer network, systems, people, information, assets and themselves from any malicious attempts.

Secure by Design

As systems advance, it becomes increasingly difficult to add effective security layers. Secure by Design embeds security from the start to minimise risk and vulnerabilities. Staff will gain an understanding of the Secure by Design process and be empowered to incorporate cyber resilience into new and existing systems.

Privileged Access Management (PAM)

Ensure staff with PAM understand their security obligations.

Removable Media

Ensure your staff understand and are aware of their responsibility of having access to removable media devices, ultimately protecting the organisation and themselves.

Role-Based Learning

CyberExec: Building A Positive Security Culture

This course aims to help you shift employees viewing compliance as a tick-box exercise, and rather to help build a positive security culture.

CyberSecureIT: Cloud Computing​ (Intermediate)

An adaptive course exploring essential topics for technical staff involved in cloud adoption and management.

CyberSecureIT: OWASP Broken Access Control

Gain the knowledge and practical skills necessary to effectively identify and address Broken Access Control vulnerabilities when developing web applications, as outlined in the OWASP Top 10 2021.

CyberSecureIT: OWASP Cryptographic Failures

In this course, you will gain the knowledge and practical skills necessary to effectively identify and address Cryptographic Failure vulnerabilities when developing web applications, as outlined in the OWASP Top 10:2021.

CyberSecureIT: OWASP Injection

In this course, you will gain the knowledge and practical skills necessary to effectively identify and address Injection vulnerabilities when developing web applications, as outlined in the OWASP Top 10:2021.

CyberSecureIT: OWASP Insecure Design

Gain the knowledge and practical skills necessary to implement secure design practices and address common Insecure Design vulnerabilities when developing web applications, as outlined in the OWASP Top 10:2021.​

CyberSecureIT: OWASP Overview

Open Worldwide Application Security Project (OWASP) is a non-profit organisation that works to improve security of software globally. During this learning, you will explore OWASP, it's value and the Top 10 vulnerabilities.

CyberSecureIT: OWASP Security Misconfiguration

Implement secure design practices and address common Insecure Design vulnerabilities when developing web applications, as outlined in the OWASP Top 10:2021.​

CyberSecureIT: OWASP Vulnerable & Outdated Components

Get the practical skills necessary to identify, manage, and update software components to prevent vulnerabilities when developing web applications, as outlined in the OWASP Top 10:2021.

CyberSecureIT: Secure Coding

Secure coding is the practice of building software in a way that ensures it's protected against vulnerabilities and cyber attacks. This course will cover common vulnerabilities and provide recommended approaches to improve software security.

CyberSecureIT: Security Logging & Monitoring Failures

Gain the knowledge and practical skills necessary to effectively implement security logging and monitoring mechanisms, and address related failures when developing web applications.

Executive Security Awareness

In this course, learners will explore the most common types of security threats including Business Email Compromise (BEC), risks associated with using their own device and Shadow IT.

General Security Awareness

In this course, learners will discover what motivates scammers and the different techniques and psychological tactics they use to trick their victims. They will also explore the common threats and learn how to protect themselves and the organisation they represent.

Information Security for HR & Finance

In this course, learners will explore the different techniques cyber criminals use to hack their victims. Learners will also discover the risks associated with security breaches when dealing with personal and sensitive information.

Intro to Cloud Computing

Cloud computing has allowed for greater collaboration and mobility, enabling teams to work together from anywhere in the world. It is important to carefully consider the security and compliance risks associated with implementing cloud services.​

Operational Technology (OT) Awareness

In this course, learners will explore the different threats to Operational Technology (OT) and ways to secure the OT environment. Learners will also discover the importance of implementing situational awareness to maintain cyber hygiene when working remotely and using their own device.

Industry Based

CyberEdu Social Media - For Kids

It's important for kids and teens to learn how to stay safe online, so they can enjoy social media without fear.

CyberHealth Business Email Compromise

Health sector employees will discover the simple, and highly effective email scams using malware or social engineering.

CyberHealth: OT Fundamentals

Learn about what Operational Technology (OT) is, why it is important, explore the different threats and ways to secure the OT environment.

CyberHealth: Ransomware

This course aims to educate health sector learners in identifying, managing, reporting, and preventing Ransomware attacks.

CyberRetail: Risks of Removable Media

Ensure your retail staff understand and are aware of their responsibility of having access to removable media devices and their impact on the organisation.

CyberRetail: Scan for S.C.A.M

The retail industry has been one of the top five most targeted industries in recent years. Phishing attacks can act as a point of entry from which scammers can initiate more sophisticated forms of attacks.

CyberSecureIT: Incident Management

Explain the importance of developing an incident management plan and identify the different roles and responsibilities related to incident management.

CyberSecureIT: The Essential 8

Learn how to accelerate your Essential 8 maturity level target and reduce the time spent managing security controls and safeguarding your organisation.​

CyberUtilities: Critical Infrastructure

This course will teach you about the importance of critical infrastructure and how Operational Technology (OT) helps keep it working properly. You'll also learn about the Security of Critical Infrastructure Act (The SOCI Act) and the Australian Energy Sector Cyber Security Framework (AESCSF).

CyberUtilities: IT/OT Fundamentals

This course explores the intersection between Information Technology (IT) and Operational Technology (OT) and focuses on securing both environments. Discover ways to secure the IT/OT environment and the importance of implementing operational technology hygiene practices.

Phishing: Teen Edition

Learn what Phishing is, and how to avoid the clickbait tactics that scammers will use to get you to trust them.

Smishing: Teen Edition

Learning to spot the tricks in a smishing attack can help prevent you and your favourite people from being scammed.

Vishing: Teen Edition

More and more scammers are calling people and trying to trick them by pretending to be someone they are not. Learn how to avoid the tactics that scammers use.

See Phriendly Phishing in action

Your staff need cyber street-smarts. Contact us today to see our phishing and cyber security awareness training in action.

Request Demo