Cybernut
Description and How-To
Embedded Files
CyberNut is our tool that helps staff learn how to spot bad or suspicious emails.
It sends practice phishing emails, and when someone clicks the “feed the squirrel” button to report something, it tells them right away if they made the right call.
How Deer Park uses it:
We send test emails to teach everyone what scams look like.
Staff report anything suspicious using the squirrel button.
CyberNut gives instant feedback so people learn what to avoid.
Our IT team sees the reports and can act fast on real threats.
We celebrate the people who are doing a great job keeping us safe.
It keeps our district safer by helping everyone stay alert, report problems quickly, and avoid getting tricked by dangerous emails.
Cybernut District Leaders
Fall
2025
How do I report a suspicious email while in Chrome?
How do I report a suspicious email while in Chrome?
What kinds of phishing attacks does CyberNut train against?
What kinds of phishing attacks does CyberNut train against?
CyberNut exposes users to eight major phishing attack categories, each targeting a different social-engineering tactic or deception technique. Over time, users receive simulations from every category to strengthen overall awareness.
Attack Type
What It Teaches
Business Email Compromise (BEC)
Recognize emails pretending to be from executives or colleagues asking for sensitive actions or payments.
Deceptive URL Links
Spot misleading or shortened URLs that redirect to malicious websites.
Malicious Attachments
Identify suspicious file attachments that could contain malware.
Credential Harvesting
Detect fake sign-in pages designed to steal login information.
Tech Support Scams
Recognize fraudulent IT or tech-help emails claiming account issues or security alerts.
Reward Scams
Avoid offers of prizes, gift cards, or bonuses used to bait clicks.
Brand Impersonation Scams
Distinguish between real and fake communications from trusted brands or vendors.
Social Engineering Traps
Learn to question emotionally manipulative messages exploiting urgency, fear, or curiosity.
How many levels of difficulty are there for the phishing emails?
How many levels of difficulty are there for the phishing emails?
CyberNut currently uses five levels of difficulty, each designed to mirror real-world phishing sophistication and evolve with user skill.
Each level introduces new forms of realism, complexity, and attack psychology, ensuring that staff and students build lasting phishing-detection instincts.
Level
Description
Level 1
Non-personalized emails with obvious typos, poor grammar, and fake branding — very easy to spot.
Level 2
Lightly personalized emails that still contain visual or linguistic errors and suspicious links.
Level 3
Well-written, professionally branded phishing emails that appear legitimate and are trickier to identify.
Level 4
Highly realistic spoofed login-page simulations that imitate trusted services and request user credentials. (Coming Q1 2026)
Level 5
Sophisticated spear-phishing simulations using context-aware, AI-generated messages tailored to individuals or departments. (Coming Q2 2026)
Each user’s difficulty level adjusts automatically based on performance:
Reporting correctly → levels them up
Clicking a phishing link → moves them down
Every individual follows a personalized learning path that continuously adapts to their progress.
Page updated
Google Sites
Report abuse