This is a training program which simulates an attack, not a real attack (as it says “The webpage that opens reports that it was safe”) so we believed it should be called a “user awareness” program.

Therefore the best answer here should be “user awareness”. This is the definition of

“User awareness” from CCNA 200- 301 Offical Cert Guide Book:

“User awareness: All users should be made aware of the need for data confidentiality to protect corporate information, as well as their own credentials and personal information. They should also be made aware of potential threats, schemes to mislead, and proper procedures to report security incidents. ” Note: Physical access control means infrastructure locations, such as network closets and data centers, should remain securely locked.