Pause Before You Click

Overview

Pause Before You Click is a short scenario-based eLearning experience built in Articulate Rise 360. Rather than presenting phishing as a checklist of warning signs, the module focuses on how learners evaluate risk signals in context, choose the safest next step, and understand why early reporting matters to the wider team.

The scenario centers on a realistic business email requesting updated vendor payment information. Learners inspect the message, identify subtle inconsistencies, consider different response options, and complete a short review to confirm understanding.

Challenge

Many phishing-awareness modules focus heavily on recognition but spend less time reinforcing the operational behavior security teams need most: reporting suspicious messages quickly and consistently.

This project was designed to address that gap. It teaches not only how to spot likely phishing indicators, but also why reporting matters, what happens after a report is submitted, and how early action helps protect coworkers from the same attack.

Another challenge was realism. The audience was general corporate employees, not security specialists, so the experience had to feel practical, credible, and useful under normal workplace pressure rather than technical for its own sake.

Approach

I designed the module as a short decision-based experience rather than a content-heavy awareness lesson. The learning flow intentionally moves through four stages:

Observation — learners inspect the email before being told what is suspicious
Analysis — interactive hotspots reveal specific indicators, such as a subtly altered sender domain and a mismatched destination URL
Reinforcement — a low-stakes decision point connects individual action to broader team protection
Verification — a short required review confirms that learners can recognize the strongest indicators and choose the safest response

This structure was meant to mirror how phishing is actually encountered at work: see the message, inspect details, decide what to do, and ideally report before others are affected.

Key Design Decisions

Use realistic technical indicators. The scenario avoids older, more obvious phishing tropes like poor grammar or generic greetings. Instead, it uses more current indicators such as a subtle sender-domain misspelling and a destination URL that does not match the organization’s domain.
Center reporting as the target behavior. Reporting is not treated as an afterthought. The experience reinforces why it matters operationally: it helps security teams investigate active threats, block similar messages, and reduce the chance that others on the team will be affected.
Keep assessment calm and professional. The final review is required for completion, but it is framed as confirmation of a safe response rather than as a quiz competition.

Platform Choice

The module was built in Articulate Rise 360 to create a clean, modern, quickly deployable learning experience that could be easily updated and reused. Rise was a strong fit here because the goal was behavioral reinforcement, not deep branching or simulation-heavy complexity.

It supported the project well through structured lesson flow, labeled graphic interactions, accordion content for process explanation, and lightweight scenario review and completion tracking. It provided enough interactivity without unnecessary production overhead.

Outcome

This piece demonstrates how I approach technical and security-related learning design: translating risk concepts into realistic workplace decisions, building around behavior rather than awareness alone, and using short-form scenarios to reinforce operationally meaningful actions.

It also shows how I balance realism, clarity, and platform constraints without overdesigning the experience.

Selected Screens

Interactive phishing-analysis screen showing a suspicious vendor payment email with a hotspot callout explaining a sender domain discrepancy and why the subtle mismatch matters — **Inspecting the Details** — This interaction is the core of the module. Learners examine a realistic business email and use guided callouts to identify subtle phishing indicators, including a look-alike sender domain designed to appear legitimate at first glance.

Decision screen showing the suspicious email and a follow-up question asking the learner to choose the safest next action, reinforcing reporting behavior rather than risky interaction — **Deciding What to Do Next** — After identifying the warning signs, learners move into response behavior: not just noticing that something is wrong, but choosing the safest and most useful next step.

Reflection screen prompting learners to think about how they would report a suspicious message in their own environment, reinforcing real-world transfer beyond the scenario itself — **Reflection** — The experience ends by pushing beyond recognition alone. Learners are prompted to connect the scenario to their own reporting tools and habits, reinforcing transfer to real-world behavior.