pia-phishing-pruefer/www/curricula.json

{
  "version": "2026-04-25",
  "updated": "2026-04-25",
  "curricula": [
    {
      "id": "pattern",
      "title": "1 · Phishing-Pattern erkennen",
      "short": "Sender-Tricks, Domain-Spoofing, Urgency, Authority",
      "icon": "shield",
      "color": "#dc2626",
      "description": "Die klassischen Pattern: gefälschte Absender, ähnliche Domains, künstliche Dringlichkeit, gefakte Autorität. Wie man sie technisch und sozial erkennt.",
      "source_md": "00-pattern.md",
      "modules": [
        {
          "id": "absender-tricks",
          "title": "Absender-Tricks (Spoofing, Display-Name)",
          "objectives": ["From-Header von Reply-To unterscheiden","Display-Name vs. echte Adresse","SPF/DKIM/DMARC-Status lesen"],
          "topics": ["From","Reply-To","Display-Name","SPF","DKIM","DMARC"],
          "difficulty": "mittel",
          "source_heading": "Absender-Tricks"
        },
        {
          "id": "domain-spoofing",
          "title": "Domain-Spoofing & Look-Alikes",
          "objectives": ["Homoglyph-Attacks erkennen (rn vs. m, 0 vs. O)","Subdomain-Spoofing (paypal.security-update.tld)","Punycode (xn--)"],
          "topics": ["Homoglyph","Punycode","Subdomain"],
          "difficulty": "schwer",
          "source_heading": "Domain-Spoofing"
        },
        {
          "id": "urgency-authority",
          "title": "Urgency & Authority — Social Engineering",
          "objectives": ["Urgency-Marker erkennen (heute, sofort, letzte Mahnung)","Authority-Marker (CEO, Anwalt, Behörde)","Cognitive-Bias-Trigger"],
          "topics": ["Urgency","Authority","Reciprocity","Scarcity"],
          "difficulty": "einfach",
          "source_heading": "Social Engineering"
        }
      ]
    },
    {
      "id": "ceo-fraud",
      "title": "2 · CEO-Fraud & Authority-Attacks",
      "short": "Wie der vermeintliche CEO Geld überweisen lässt",
      "icon": "alert",
      "color": "#dc2626",
      "description": "Eine der teuersten Phishing-Varianten: gefälschte Mails vom Geschäftsführer an die Buchhaltung, oft mit Druck und Geheimhaltungs-Bitte.",
      "source_md": "01-ceo-fraud.md",
      "modules": [
        {
          "id": "ceo-grundlagen",
          "title": "CEO-Fraud — wie es läuft",
          "objectives": ["Typischer Ablauf (Recherche → Mail → Druck → Überweisung)","Pre-Texting via LinkedIn","Targeting der Buchhaltung"],
          "topics": ["Recherche","Pre-Texting","LinkedIn-OSINT"],
          "difficulty": "mittel",
          "source_heading": "CEO-Fraud-Ablauf"
        },
        {
          "id": "ceo-erkennung",
          "title": "Erkennungs-Marker",
          "objectives": ["Geheimhaltungs-Bitte als Red-Flag","Domain-Mikroskopie (CEO@firma-de.com vs. .de)","Erste-Mail-Pattern (kein Vor-Mail-Verlauf)"],
          "topics": ["Geheimhaltung","Domain-Check","Vor-Mail-Verlauf"],
          "difficulty": "mittel",
          "source_heading": "Erkennung"
        },
        {
          "id": "ceo-prozess",
          "title": "Prozess-Schutz: 4-Augen + Voice-Callback",
          "objectives": ["Voice-Callback per bekannter Nummer","4-Augen-Prinzip ab Schwellen-Betrag","Abweichungs-Doku & Eskalation"],
          "topics": ["4-Augen","Voice-Callback","Schwellen-Betrag"],
          "difficulty": "schwer",
          "source_heading": "Prozess-Schutz"
        }
      ]
    },
    {
      "id": "bec",
      "title": "3 · Business Email Compromise (BEC)",
      "short": "Wenn der Account selbst übernommen wurde",
      "icon": "alert",
      "color": "#dc2626",
      "description": "BEC = der Angreifer hat Zugriff auf einen echten Account und schreibt FROM diesem Account. Schwerste Variante, da SPF/DKIM grün sind.",
      "source_md": "02-bec.md",
      "modules": [
        {
          "id": "bec-grundlagen",
          "title": "BEC — was es ist, warum so gefährlich",
          "objectives": ["BEC vs. Phishing abgrenzen","Conversation-Hijacking erkennen","Vendor-Email-Compromise (VEC)"],
          "topics": ["BEC","VEC","Conversation-Hijacking"],
          "difficulty": "schwer",
          "source_heading": "BEC-Grundlagen"
        },
        {
          "id": "bec-bankdaten",
          "title": "Bankdaten-Änderungs-Trick",
          "objectives": ["Last-Minute-IBAN-Änderung als Red-Flag","Verifikation via 2. Kanal","Vertragliche Klauseln gegen IBAN-Änderung"],
          "topics": ["IBAN-Änderung","2. Kanal","Vertragsklausel"],
          "difficulty": "mittel",
          "source_heading": "Bankdaten-Trick"
        },
        {
          "id": "bec-mfa",
          "title": "MFA-Bypass & Token-Diebstahl",
          "objectives": ["AiTM-Angriffe (EvilProxy, Modlishka)","Session-Cookie-Diebstahl","Phishing-resistente MFA (FIDO2)"],
          "topics": ["AiTM","Session-Cookie","FIDO2"],
          "difficulty": "schwer",
          "source_heading": "MFA-Bypass"
        }
      ]
    },
    {
      "id": "qr-deepfake",
      "title": "4 · QR-Phishing & Deepfake-Voice",
      "short": "Die neuen Vektoren — Bilder-QR und KI-Stimmen",
      "icon": "eye",
      "color": "#dc2626",
      "description": "Quishing (QR-Phishing in Mails/Postern) und Vishing (Voice-Phishing) inkl. Deepfake-Stimmen — die wachsenden Angriffsflächen 2025/2026.",
      "source_md": "03-qr-deepfake.md",
      "modules": [
        {
          "id": "quishing",
          "title": "Quishing — QR-Phishing",
          "objectives": ["QR-Codes vor Scan auf Ziel-URL prüfen","Mobile-Filter umgehen","Awareness in Konferenzräumen/Büro-Aushängen"],
          "topics": ["QR","Mobile-Filter","Office-Awareness"],
          "difficulty": "mittel",
          "source_heading": "Quishing"
        },
        {
          "id": "voice-vishing",
          "title": "Vishing — Voice-Phishing",
          "objectives": ["Helpdesk-Impersonation","Identifikations-Verfahren am Telefon","Code-Words / Safe-Phrases"],
          "topics": ["Helpdesk","Identifikation","Safe-Phrase"],
          "difficulty": "mittel",
          "source_heading": "Vishing"
        },
        {
          "id": "deepfake",
          "title": "Deepfake-Voice (CEO-Anruf)",
          "objectives": ["Wie KI-Stimm-Klone heute klingen","Verifikations-Frage-Pattern","Eskalations-Workflow bei Verdacht"],
          "topics": ["Voice-Cloning","Verifikations-Frage","Eskalation"],
          "difficulty": "schwer",
          "source_heading": "Deepfake-Voice"
        }
      ]
    },
    {
      "id": "incident-response",
      "title": "5 · Incident-Response (Wenn's passiert ist)",
      "short": "Erste 60 Minuten, NIS2-Meldepflicht, Kommunikation",
      "icon": "search",
      "color": "#dc2626",
      "description": "Wenn jemand geklickt hat: Sofort-Maßnahmen, Forensik-Schutz, NIS2-Meldepflicht, Kommunikation an Betroffene und Behörden.",
      "source_md": "04-incident-response.md",
      "modules": [
        {
          "id": "ersten-60-min",
          "title": "Die ersten 60 Minuten",
          "objectives": ["Account isolieren (nicht löschen)","Passwörter zentral resetten","Audit-Logs sichern"],
          "topics": ["Isolation","Reset","Audit-Logs"],
          "difficulty": "mittel",
          "source_heading": "Erste 60 Min"
        },
        {
          "id": "meldepflichten",
          "title": "Meldepflichten (NIS2 / DSGVO)",
          "objectives": ["NIS2 24h-Frühwarnung, 72h-Meldung, 30-Tage-Bericht","DSGVO 72h Datenpannen-Meldung","Wer ist zuständige Behörde"],
          "topics": ["NIS2","Art. 33 DSGVO","BSI"],
          "difficulty": "schwer",
          "source_heading": "Meldepflichten"
        },
        {
          "id": "kommunikation",
          "title": "Kommunikation an Team & Kund:innen",
          "objectives": ["Holistic Communication-Plan","Was darf öffentlich gesagt werden","Reputations-Schutz vs. Transparenz"],
          "topics": ["Communication-Plan","Public-Statement","Reputation"],
          "difficulty": "mittel",
          "source_heading": "Kommunikation"
        }
      ]
    }
  ]
}
init: extract pia-phishing-pruefer from qognio-bot-widget-template@d2c816f Source files (src/) and rendered bundle (www/) extracted on 2026-04-29T01:35:48+02:00. Adds nginx:alpine Dockerfile + docker-compose.yml (Caddy-labels) so the bot runs stand-alone or as a per-customer template clone. Parent monorepo commit: d2c816f3edbc9760802a11b29ff4151c7aad4b46 Bot version: 2026-04-25 2026-04-28 23:35:49 +00:00			`{`
			`"version": "2026-04-25",`
			`"updated": "2026-04-25",`
			`"curricula": [`
			`{`
			`"id": "pattern",`
			`"title": "1 · Phishing-Pattern erkennen",`
			`"short": "Sender-Tricks, Domain-Spoofing, Urgency, Authority",`
			`"icon": "shield",`
			`"color": "#dc2626",`
			`"description": "Die klassischen Pattern: gefälschte Absender, ähnliche Domains, künstliche Dringlichkeit, gefakte Autorität. Wie man sie technisch und sozial erkennt.",`
			`"source_md": "00-pattern.md",`
			`"modules": [`
			`{`
			`"id": "absender-tricks",`
			`"title": "Absender-Tricks (Spoofing, Display-Name)",`
			`"objectives": ["From-Header von Reply-To unterscheiden","Display-Name vs. echte Adresse","SPF/DKIM/DMARC-Status lesen"],`
			`"topics": ["From","Reply-To","Display-Name","SPF","DKIM","DMARC"],`
			`"difficulty": "mittel",`
			`"source_heading": "Absender-Tricks"`
			`},`
			`{`
			`"id": "domain-spoofing",`
			`"title": "Domain-Spoofing & Look-Alikes",`
			`"objectives": ["Homoglyph-Attacks erkennen (rn vs. m, 0 vs. O)","Subdomain-Spoofing (paypal.security-update.tld)","Punycode (xn--)"],`
			`"topics": ["Homoglyph","Punycode","Subdomain"],`
			`"difficulty": "schwer",`
			`"source_heading": "Domain-Spoofing"`
			`},`
			`{`
			`"id": "urgency-authority",`
			`"title": "Urgency & Authority — Social Engineering",`
			`"objectives": ["Urgency-Marker erkennen (heute, sofort, letzte Mahnung)","Authority-Marker (CEO, Anwalt, Behörde)","Cognitive-Bias-Trigger"],`
			`"topics": ["Urgency","Authority","Reciprocity","Scarcity"],`
			`"difficulty": "einfach",`
			`"source_heading": "Social Engineering"`
			`}`
			`]`
			`},`
			`{`
			`"id": "ceo-fraud",`
			`"title": "2 · CEO-Fraud & Authority-Attacks",`
			`"short": "Wie der vermeintliche CEO Geld überweisen lässt",`
			`"icon": "alert",`
			`"color": "#dc2626",`
			`"description": "Eine der teuersten Phishing-Varianten: gefälschte Mails vom Geschäftsführer an die Buchhaltung, oft mit Druck und Geheimhaltungs-Bitte.",`
			`"source_md": "01-ceo-fraud.md",`
			`"modules": [`
			`{`
			`"id": "ceo-grundlagen",`
			`"title": "CEO-Fraud — wie es läuft",`
			`"objectives": ["Typischer Ablauf (Recherche → Mail → Druck → Überweisung)","Pre-Texting via LinkedIn","Targeting der Buchhaltung"],`
			`"topics": ["Recherche","Pre-Texting","LinkedIn-OSINT"],`
			`"difficulty": "mittel",`
			`"source_heading": "CEO-Fraud-Ablauf"`
			`},`
			`{`
			`"id": "ceo-erkennung",`
			`"title": "Erkennungs-Marker",`
			`"objectives": ["Geheimhaltungs-Bitte als Red-Flag","Domain-Mikroskopie (CEO@firma-de.com vs. .de)","Erste-Mail-Pattern (kein Vor-Mail-Verlauf)"],`
			`"topics": ["Geheimhaltung","Domain-Check","Vor-Mail-Verlauf"],`
			`"difficulty": "mittel",`
			`"source_heading": "Erkennung"`
			`},`
			`{`
			`"id": "ceo-prozess",`
			`"title": "Prozess-Schutz: 4-Augen + Voice-Callback",`
			`"objectives": ["Voice-Callback per bekannter Nummer","4-Augen-Prinzip ab Schwellen-Betrag","Abweichungs-Doku & Eskalation"],`
			`"topics": ["4-Augen","Voice-Callback","Schwellen-Betrag"],`
			`"difficulty": "schwer",`
			`"source_heading": "Prozess-Schutz"`
			`}`
			`]`
			`},`
			`{`
			`"id": "bec",`
			`"title": "3 · Business Email Compromise (BEC)",`
			`"short": "Wenn der Account selbst übernommen wurde",`
			`"icon": "alert",`
			`"color": "#dc2626",`
			`"description": "BEC = der Angreifer hat Zugriff auf einen echten Account und schreibt FROM diesem Account. Schwerste Variante, da SPF/DKIM grün sind.",`
			`"source_md": "02-bec.md",`
			`"modules": [`
			`{`
			`"id": "bec-grundlagen",`
			`"title": "BEC — was es ist, warum so gefährlich",`
			`"objectives": ["BEC vs. Phishing abgrenzen","Conversation-Hijacking erkennen","Vendor-Email-Compromise (VEC)"],`
			`"topics": ["BEC","VEC","Conversation-Hijacking"],`
			`"difficulty": "schwer",`
			`"source_heading": "BEC-Grundlagen"`
			`},`
			`{`
			`"id": "bec-bankdaten",`
			`"title": "Bankdaten-Änderungs-Trick",`
			`"objectives": ["Last-Minute-IBAN-Änderung als Red-Flag","Verifikation via 2. Kanal","Vertragliche Klauseln gegen IBAN-Änderung"],`
			`"topics": ["IBAN-Änderung","2. Kanal","Vertragsklausel"],`
			`"difficulty": "mittel",`
			`"source_heading": "Bankdaten-Trick"`
			`},`
			`{`
			`"id": "bec-mfa",`
			`"title": "MFA-Bypass & Token-Diebstahl",`
			`"objectives": ["AiTM-Angriffe (EvilProxy, Modlishka)","Session-Cookie-Diebstahl","Phishing-resistente MFA (FIDO2)"],`
			`"topics": ["AiTM","Session-Cookie","FIDO2"],`
			`"difficulty": "schwer",`
			`"source_heading": "MFA-Bypass"`
			`}`
			`]`
			`},`
			`{`
			`"id": "qr-deepfake",`
			`"title": "4 · QR-Phishing & Deepfake-Voice",`
			`"short": "Die neuen Vektoren — Bilder-QR und KI-Stimmen",`
			`"icon": "eye",`
			`"color": "#dc2626",`
			`"description": "Quishing (QR-Phishing in Mails/Postern) und Vishing (Voice-Phishing) inkl. Deepfake-Stimmen — die wachsenden Angriffsflächen 2025/2026.",`
			`"source_md": "03-qr-deepfake.md",`
			`"modules": [`
			`{`
			`"id": "quishing",`
			`"title": "Quishing — QR-Phishing",`
			`"objectives": ["QR-Codes vor Scan auf Ziel-URL prüfen","Mobile-Filter umgehen","Awareness in Konferenzräumen/Büro-Aushängen"],`
			`"topics": ["QR","Mobile-Filter","Office-Awareness"],`
			`"difficulty": "mittel",`
			`"source_heading": "Quishing"`
			`},`
			`{`
			`"id": "voice-vishing",`
			`"title": "Vishing — Voice-Phishing",`
			`"objectives": ["Helpdesk-Impersonation","Identifikations-Verfahren am Telefon","Code-Words / Safe-Phrases"],`
			`"topics": ["Helpdesk","Identifikation","Safe-Phrase"],`
			`"difficulty": "mittel",`
			`"source_heading": "Vishing"`
			`},`
			`{`
			`"id": "deepfake",`
			`"title": "Deepfake-Voice (CEO-Anruf)",`
			`"objectives": ["Wie KI-Stimm-Klone heute klingen","Verifikations-Frage-Pattern","Eskalations-Workflow bei Verdacht"],`
			`"topics": ["Voice-Cloning","Verifikations-Frage","Eskalation"],`
			`"difficulty": "schwer",`
			`"source_heading": "Deepfake-Voice"`
			`}`
			`]`
			`},`
			`{`
			`"id": "incident-response",`
			`"title": "5 · Incident-Response (Wenn's passiert ist)",`
			`"short": "Erste 60 Minuten, NIS2-Meldepflicht, Kommunikation",`
			`"icon": "search",`
			`"color": "#dc2626",`
			`"description": "Wenn jemand geklickt hat: Sofort-Maßnahmen, Forensik-Schutz, NIS2-Meldepflicht, Kommunikation an Betroffene und Behörden.",`
			`"source_md": "04-incident-response.md",`
			`"modules": [`
			`{`
			`"id": "ersten-60-min",`
			`"title": "Die ersten 60 Minuten",`
			`"objectives": ["Account isolieren (nicht löschen)","Passwörter zentral resetten","Audit-Logs sichern"],`
			`"topics": ["Isolation","Reset","Audit-Logs"],`
			`"difficulty": "mittel",`
			`"source_heading": "Erste 60 Min"`
			`},`
			`{`
			`"id": "meldepflichten",`
			`"title": "Meldepflichten (NIS2 / DSGVO)",`
			`"objectives": ["NIS2 24h-Frühwarnung, 72h-Meldung, 30-Tage-Bericht","DSGVO 72h Datenpannen-Meldung","Wer ist zuständige Behörde"],`
			`"topics": ["NIS2","Art. 33 DSGVO","BSI"],`
			`"difficulty": "schwer",`
			`"source_heading": "Meldepflichten"`
			`},`
			`{`
			`"id": "kommunikation",`
			`"title": "Kommunikation an Team & Kund:innen",`
			`"objectives": ["Holistic Communication-Plan","Was darf öffentlich gesagt werden","Reputations-Schutz vs. Transparenz"],`
			`"topics": ["Communication-Plan","Public-Statement","Reputation"],`
			`"difficulty": "mittel",`
			`"source_heading": "Kommunikation"`
			`}`
			`]`
			`}`
			`]`
			`}`