Here is a standalone lead magnet outline designed to build trust and deliver immediate value, while leaving the reader wanting the full course.
**Lead Magnet Title:** **The 9-Step Phishing Firewall: Spot the Trap Before You Click**
**Format:** PDF Checklist / Quick-Start Guide (1 page front & back)
**Tone:** Urgent, clear, actionable (no jargon, just “do this”).
—
### Lead Magnet Outline
**Header:** You are the last line of defense. This checklist takes 5 minutes to read and could save your business from a $100,000+ data breach.
**Section: Quick-Start Checklist (8 Items)**
**1. The “Hover & Look” Rule (The #1 Weapon)**
– [ ] **Hover** your mouse over every link in the email (do NOT click).
– [ ] **Look** at the actual URL that pops up. Does it match the company name? (e.g., *Google.com* vs. *Google-security-login.xyz*)
– *Why this works:* 95% of phishing links look real until you hover.
**2. The “Greeting Gap” Check**
– [ ] Does the email use your name? (e.g., “Dear [Your Name]”)
– [ ] Or does it use a generic greeting? (e.g., “Dear Customer,” “Dear User,” “Dear Sir”)
– *Red Flag:* Real companies know your name. Generic greetings are the #1 sign of a mass phishing blast.
**3. The “Panic Pause” Trigger**
– [ ] Does the message demand immediate action? (e.g., “Your account will be closed in 24 hours,” “Urgent payment required.”)
– [ ] Does it threaten a consequence? (e.g., “You owe $500,” “Suspicious login detected.”)
– *Action:* If you feel a rush of adrenaline or fear, **stop**. Phishers rely on panic to bypass your logic.
**4. The “Spelling & Grammar” Scan**
– [ ] Are there typos, awkward phrasing, or strange capital letters? (e.g., “Re: Your InvoiCe”)
– [ ] Is the logo pixelated or slightly off-color?
– *Note:* Real companies have proofreaders. Scammers often use poor translation software.
**5. The “Sender Address” Deep Dive**
– [ ] Look at the email address *after* the display name.
– [ ] Does the domain match the company? (e.g., *@amazon.com* is safe; *@amazon-support.net* is not.)
– *Pro Tip:* If the domain ends in `.xyz`, `.top`, or `.click`, it is almost certainly a scam.
**6. The “Attachment Suspicion” Test**
– [ ] Are you expecting a file from this person?
– [ ] Is the file type unusual? (e.g., `.exe`, `.zip`, `.docm` – macro-enabled files are dangerous.)
– *Rule:* Never open attachments that ask you to “enable editing” or “enable macros.” That is how ransomware gets in.
**7. The “Gift Card / Wire Transfer” Trap**
– [ ] Is the email asking you to buy gift cards, send crypto, or wire money?
– [ ] Does it claim to be from a CEO or vendor who “can't talk right now”?
– *Rule:* 100% of gift card requests via email are scams. Verify by phone (a real call, not a text).
**8. The “Off-Piste Request” Check**
– [ ] Does the email ask you to log into a system you don't normally use?
– [ ] Does it ask for a password, PIN, or security code?
– *Golden Rule:* **No legitimate company will ever ask for your password via email.**
—
**Section: If You Clicked (Emergency Protocol)**
**9. [ ] The “0-60” Damage Control**
– [ ] **Step 1: Disconnect.** Unplug your computer from the network (Wi-Fi and Ethernet) immediately.
– [ ] **Step 2: Change Passwords.** Use a *different* device (your phone) to change your critical passwords (email, bank, CRM).
– [ ] **Step 3: Notify IT / Manager.** Do not be embarrassed. Speed matters more than pride.
– [ ] **Step 4: Run a Scan.** Run a full antivirus/malware scan on your machine.
—
**Section: The 30-Minute Team Protocol (Quick Win)**
– **10 Min:** Share this checklist with your team in a stand-up meeting.
– **10 Min:** Run a free “Phishing Simulation” test (e.g., using GoPhish or KnowBe4 free trial).
– **10 Min
Get the AI Edge, Weekly
The tools, tutorials, and trends that actually pay — no hype.



