You clicked on a JS phishing simulation.

Report it!

You can't unclick a malicious email, but a timely report helps us keep small fires small. Use this opportunity to develop the right muscle memory; when you come across a real one, you'll already know what to do.

Report the email to Shady within 60 minutes of interacting with it.
Go back and take a look at the email you clicked. All of our simulations have at least one warning sign you missed, and recognizing them will hopefully help you avoid interacting with real malicious emails in the future. If you don't see it, ask us!

Email is the largest attack surface the company has, and malicious email attacks are one of Cybersecurity's biggest concerns. Let's make the most of this and learn from this experience.

Here are some things you can look out for:

Link matching: Hover your mouse over the link and check the bottom left of your browser window to see where it goes. Does it look like it's taking you somewhere you're not expecting?
Sender: Do you recognize the domain the email is coming from?
Formatting: Does this email look properly formatted, based on what it represents? Are there broken image links, missing logos or branding, or is text formatted oddly?
Relevancy: Is this a relevant email? Does it use the right tools that we use at the firm? Is the email a response to an action you didn't do (e.g. a password reset)?
Emotional manipulation: Does it invoke one or more of the 5 emotions of social engineering? Does this feel urgent for something that shouldn't feel urgent, or is someone asking you to be overly helpful?

And remember, if it looks shady, tell Shady!