You've been phished.

This was a simulated attack — no real data was captured or systems affected.

You clicked a link in a simulated phishing email and attempted to open a fake confidential document. In a real attack, this action could have compromised your credentials or installed malware on your device.

Red flags you may have missed

The email created urgency and pressure to act immediately without thinking.
The sender address didn't exactly match the company's official domain.
Legitimate internal documents don't require clicking an external link to verify your identity.
You weren't expecting this document — always be suspicious of unsolicited files.

✓ The good news: This was only a test. No data was collected, no systems were affected, and you are not in trouble. This exercise exists to help everyone stay sharp.

If you receive a suspicious email in the future, report it to security team immediately. When in doubt, don't click — verify directly with the sender.

ZPA IT Security Team Internal use only