David's Blog

Mastercard Cybersecurity Virtual Experience

I recently completed Mastercard’s Cybersecurity Virtual Experience program, which provided hands-on practice with security awareness training and phishing simulation exercises.

Task 1: Creating a Realistic Phishing Email

The first task involved designing a realistic phishing email for employee awareness training. I was provided with an example email that had poor grammar, plaintext links, and other obvious red flags that made it not very convincing.

To make the phishing attempt more believable, I implemented several improvements:

  • Legitimate sender address: Changed the email address to appear more authentic
  • Establishing trust: Added context by positioning myself as a member of the company’s IT team
  • Plausible scenario: Created a pretext about experiencing issues with user account management following a recent service provider outage
  • Call to action: Requested users reset their passwords as part of a comprehensive account reset procedure
  • Hidden malicious link: Concealed the suspicious URL within hypertext rather than displaying it as plaintext
  • Professional sign-off: Included a proper email signature

The example solution took a different route. Their email claimed top performers would receive gift cards as part of company reward policy, with a link to claim the reward. I do think this approach is more enticing, but I believe my attempt would also be effective.

Task 2: Security Awareness Presentation

The second task was creating a presentation to improve security awareness across teams. The phishing simulation results showed that HR and Marketing departments had the poorest performance rates, indicating a need for targeted training. The following is the contents of my presentation for those departments.

Slide 1: What is Phishing?

Phishing is the use of social engineering techniques to obtain sensitive information from individuals. These attacks can occur through various methods including phone calls, emails, text messages, or even face-to-face interactions.

Slide 2: How to Identify a Phishing Email

  • Suspicious email addresses
  • Offers that seem too good to be true
  • Typos or poor grammar
  • Suspicious links
  • Sense of urgency
  • Unsigned or unprofessionally formatted messages

Slide 3: Best Practices to Avoid Phishing

  • Be extremely careful when clicking links
  • When in doubt, contact the security team
  • Watch for grammatical errors or unprofessional communication
  • Never share sensitive information unless absolutely certain of the recipient’s identity
  • Always be alert

My presentation aligned with the provided example solution, covering most of the essential security awareness points.

This simulation served as an excellent refresher on phishing tactics and defense strategies. Taking on the role of educator reinforced my understanding of these concepts, as teaching anything often does.

Through this Mastercard Cybersecurity Virtual Experience (November 2025), I:

  • Served as an analyst on Mastercard’s Security Awareness Team in a simulated environment
  • Identified and documented security threats, specifically phishing attacks
  • Analyzed departmental vulnerability data to identify areas requiring enhanced security training
  • Developed and proposed training courses and procedures for high-risk teams

Completed through Forage’s virtual experience platform.