v0 App

Please complete this training and acknowledge your understanding at the end of the page.

This is a Phishing Simulation

Hi Amit, this was a safe phishing simulation designed to reflect real-world tactics targeting roles like yours at Abnormal Security. As a Senior Product Manager, you often engage with contracts and documents, which makes DocuSign-themed lures highly relevant. This simulation tested your attention to sender details, link behavior, and brand authenticity. Identifying these subtle signs is critical to reducing organizational risk. Reviewing the signals and advice below will strengthen your awareness and help you respond securely in similar real situations.

Simulation Email Preview

TRAINING SIMULATION

From:

Jeffrey Divine <Jeffrey.Divine@secureworkspace-apps.com>

Subject:

DocuSign - Document Ready Notification

Date:

May 12, 2025 at 10:15 AM

Your document is ready

View Document

Confidential information intended only for the use of the individual or entity named above. If you have received this in error, please notify the sender immediately and delete from your email. Any unauthorized disclosure, copying, distribution, or use of the information contained in this email is strictly prohibited.

Jeffrey Divine

Representative- Inside Sales

Wesco | Anixter

o. (480) 497-1900 | Jeffrey.Divine@wescodist.com

115 W Baseline Rd, Gilbert, AZ 85233-1026

Key Security Signals

UNFAMILIAR SENDER DOMAIN LOOKED AUTHENTIC

Email appeared from DocuSign but used 'secureworkspace-apps.com,' a domain not affiliated with the legitimate DocuSign service.

MISMATCH BETWEEN NAME AND EMAIL ADDRESS

The visible name showed 'Jeffrey Divine' but the email address didn't match the stated company, creating a credibility gap.

GENERIC URGENCY IN DOCUMENT NOTIFICATION

Language pushed you to 'VIEW COMPLETED DOCUMENT' quickly without details on the document type or source, creating unnecessary urgency.

Advice for You

Always check the sender's domain carefully, especially in document-related emails, even if the name looks familiar or trustworthy.

Avoid clicking links in unexpected document notifications. Use direct logins to services like DocuSign to verify activity independently.

Watch for vague document references with high urgency. Real senders typically mention project names, teams, or reasons for signing.

By clicking below, you confirm that you have understood the key security signals and advices that would help you identify similar attacks in the future.