About Phish Flash

Phish Flash is a flashcard game for spotting phishing and social engineering. The idea comes from how security analysts actually learn to triage: by getting reps — seeing hundreds of real messages, legit and malicious, and making the call over and over until the tells jump out at you.

Each card shows a real-world artifact — an email, a text, a fake login page. You decide whether it's safe before flipping to see the verdict and a breakdown of exactly what to look for. No accounts, no scores, no pressure. Just look, decide, flip, learn.

Every dangerous-looking link is defanged for safety, and nothing on the site is clickable to a live destination. You get the realism of real attacker tradecraft with none of the risk.

Want to help?

Phish Flash is open and grows by contribution. If you've got a good (sanitized) example, head to the Contact page.

Who made this

Phish Flash was created by a Security Engineer with the goal of helping people and businesses stay safer online. The volume and quality of training material here would not have been feasible without AI — a massive thanks to Anthropic and Claude, as well as OpenAI and ChatGPT, for making tools that can work at this scale. If you're not already using AI in your own security practice, we'd encourage you to start — and in the meantime, get your reps in here.