The Phishing Inspector
The highlight of ValidLearn. Instead of "Question 7: Is this email phishing? Yes/No", learners get a realistic mock mail client and practise spotting warning signs themselves.
How it works
The email is rendered like a real mail program — sender, subject, date and body. Learners click the parts they consider suspicious. Pressing "Evaluate" shows immediately which signals were spotted and which were missed — with explanatory feedback for every decision.
- Link hover, just like a real client: hovering a link reveals the actual target URL — often quite different from the displayed text.
- Instant, instructive feedback: spotted, missed or wrongly flagged — each with a short explanation.
- Score: "X out of 5 warning signs spotted".
Typical warning signs
Using a mock "PayPal" email, participants learn to recognise five recurring patterns:
| Element | Why it's suspicious |
|---|---|
| Sender | The domain paypa1-sicherheit.com is spoofed (digit 1 instead of l, foreign domain). |
| Greeting | Impersonal "Dear customer" — real providers usually use your name. |
| Urgency | Artificial time pressure with a threat ("within 24 hours, or suspension") is a classic phishing pattern. |
| Link | The displayed link shows paypal.com, but the real target on hover is a completely different address. |
| Attachment | Double file extension statement.pdf.exe — an executable, not a PDF. |
Not everything that stands out is an attack: a professional signature alone, for instance, is not a warning sign. The inspector therefore also trains learners to avoid false alarms.
Safe by design
The Phishing Inspector processes no real emails and needs no mail server. The mock email is pure display material — so it adds no extra attack or compliance risk.