Just-In-Time Training

Why JIT

The window between clicking a phishing link and shrugging it off is measured in seconds. Just-in-time (JIT) training intercepts that moment: instead of dropping the user on a credential-capture page, HailBytes SAT shows a short, branded lesson that explains what tipped the email off as suspicious and asks one or two reinforcement questions. Completion is recorded automatically and counts toward the user's training history.

How It Works

Step 1: Pick a Training Module

Open Training Modules. SAT ships starter modules for the common pretexts:

• Microsoft 365 / Google Workspace credential resets
• Shipping notifications & package status
• Invoice / vendor payment requests
• HR & payroll changes
• Executive impersonation / wire transfer

Edit any module's HTML and questions, or duplicate one as a starting point. Each module has a public URL like /training/m365-password-reset.

Step 2: Wire It to a Landing Page

On the landing page, set the Training Redirect URL to the module path. If credential capture is on, the redirect happens after submission; otherwise it happens on click.

POST /api/pages/
{
  "name": "M365 Login Mirror",
  "html": "<...>",
  "capture_credentials": true,
  "capture_passwords":   false,
  "redirect_url":        "/training/m365-password-reset"
}

Step 3: Track Completion

Completions and quiz responses are stored against the campaign and the user:

GET /api/training/completions/
GET /api/training/completions/{id}/responses
GET /api/training_modules/{id}/question_stats

Best Practices

• Keep it short. Under 90 seconds. Long modules get abandoned.
• Use the actual email. Show the message they just clicked, with the suspicious indicators highlighted.
• Avoid shame. The goal is recognition next time, not punishment.
• Repeat for repeats. If the same user clicks twice in a quarter, escalate to a longer track via auto-enroll.

Next Steps