DOC
HRPolicy.docx
Shared by "Head of HR" · View only · 16/02/2026, 07:28
Awareness simulation.
This page safely demonstrates a click-fix pattern. It does not change your clipboard or run commands.
To access HRPolicy.docx, please follow these steps:
-
Copy the file path below
C:\Users\%USERNAME%\My Drive\HRPolicy.docx
What you think you copied: file path
· What a real click-fix could place instead: hidden content
- Open Run (Win + R) or File Explorer address bar (Ctrl + L)
- Paste and press Enter
In-browser preview
Idle
Paste here to simulate what would happen...
Tip: click "Copy", then "Simulate Paste". In a real attack, the paste target is an operating system field, not the browser.
Simulated paste outside the browser (Run / Terminal)
Simulated incident timeline
- T+00s: user pastes hidden content into OS input.
- T+15s: sign-in session tokens are captured.
- T+45s: account access attempted from attacker infrastructure.
- T+90s: internal phishing sent from trusted mailbox.
Simulated hidden swap detected
[SAFE_PLACEHOLDER_TEXT] In a real incident, pasted content could differ from the visible file path.
- Simulation outcome: your sign-in details may now be exposed.
- Your account session could be reused from another device.
- Email, files and contacts may be used for follow-on phishing.
What should you do next?
Potential impact in a real incident
- Account session could be exposed
- Email and shared files may be accessed
- Follow-on phishing could come from a trusted account
Correct response: pause first, then report and verify through a trusted internal channel.