Phishing

Slide 1

This security awareness training covers phishing, or how hackers fish for victims.

It is often easier to trick people who already have access to a computer than it is to hack into the computer itself. For example, to steal money from a bank, a criminal might trick a dozen of the bank’s customers into making withdrawals, rather than attacking the bank’s computers themselves.

Since the cost of sending electronic messages like email is basically free, hackers use them to find new victims. Hackers’ messages will often make outrageous claims or tell you something is wrong to catch your attention. For example, hackers often use fake “account closed,” “friend request” or “free money” messages to lure people. In fact, this approach is where the term “phishing” comes from. When hackers “fish” for their victims using enticing messages as bait, security experts call it “phishing” with a “PH”.

This training will teach you how to identify and avoid phishing messages. It will also teach you when and how to report or verify suspicious messages.

Slide 2

Hackers will do anything they can to grab your attention. They may send alarming messages such as “your account has been canceled” or “money withdrawn, please confirm.” They may send outrageous messages such as “see who lost 50 pounds in 6 weeks.” Or they may send tempting offers such “free rentals,” “80% off,” or “you won the international lottery – please contact me to collect $10 million.”

Slide 3

In our first exercise, your task is to identify suspicious messages from their subjects. Please drag-and-drop the three most suspicious messages into the trash.

That’s right!

Alarming, outrageous, or tempting messages are often phishing attempts.

Try again!

Remember that alarming, outrageous or tempting messages are often phishing attempts.

Phishing attacks try to get you to reveal private information, lower your defenses, or to help attack other targets.

Phishing attacks usually ask you to: Click links that go to hackers’ websites, download dangerous files, fill out personal forms, Or reply to the message with private information.

Phishing attacks usually ask you to: Click links that go to hackers’ websites, download dangerous files, fill out personal forms, Or reply to the message with private information.

Slide 4

In our second exercise, you will identify suspicious messages by the actions they demand you take. Please review the two messages, and then drag-and-drop the more suspicious message to the trash.

That’s right!

Phishing messages often ask you to click a link or download a file.

Try again!

Remember that phishing messages often ask you to click a link or download a file.

Slide 5

Please drag-and-drop the more suspicious message to the trash.

That’s right!

Phishing messages often ask you to click a link or download a file.

Try again!

Remember that phishing messages often ask you to click a link or download a file.

Slide 6

Again, please drag-and-drop the more suspicious message to the trash.

That’s right!

Phishing messages often ask you to provide personal information.

Try again!

Remember that phishing messages often ask you to provide personal information.

Slide 7

And finally, please drag-and-drop the more suspicious message to the trash.

That’s right!

Phishing messages often ask you to share login information via email.

Try again!

Remember that phishing messages often ask you to share login information via email.

Slide 8

Like phishing messages, many legitimate messages contain links or URLs. Fortunately, you can often tell phishing links from safe links by learning how the two are different.

Before we cover the difference between safe and phishing links, an explanation of the two parts of a link is needed. First, there is the part of the link you see. This part tells you where the link is supposed to go. Then there is the part of the link you don’t see. This is the actual address or URL, that controls where the link will actually go.

Hackers often exploit the difference between what you see and what you don’t see in the links they send in their phishing attacks. Fortunately, you can inspect the URLs be Hannah most links by moving your mouse over a link and waiting for its URL to appear. In this example, Grandma’s Cookie Recipe links to an odd URL. Always be wary of URLs that contain numbers, misspellings, and odd endings.

Phishing links are often suspicious in additional ways. To understand these, you need to be able to identify the most important part of a URL: the hostname, which is found right after the http or https. Hostnames control which web server you connect to. Having the right hostname means the difference between accessing a legitimate server or one under the control of a hacker.

The most obvious type of suspicious hostnames are those filled with numbers. For example, Hostnames containing IP or other network addresses, hostnames that seem to add “extra” numbers, and hostnames that replace letters with numbers.

Other suspicious hostnames contain subtle spelling mistakes. For example, Hostnames that are just one letter away from legitimate hostnames, and hostnames that end in unusual names such as “.cn” or “.to”.

Slide 9

Let’s test your ability to identify phishing using messages you might actually see in your inbox. Review the message, and then select the option that best describes the message.

Correct!

This is phishing because it attaches a suspicious file.

Try again!

Slide 10

Here is another possible phishing message. Please select the best option.

Correct!

This is phishing because it demands private information.

Try again!

Slide 11

And here is a final message that could be phishing. Please select the best option.

Correct!

This is phishing because it contains a suspicious link.

Try again!

Slide 12

You should delete all phishing messages on sight. If you see a coworker or friend receive a phishing message you should also encourage them to delete it immediately.

If you receive a tailored phishing message that makes it seem like it the sender knows specific information about you, your family or your employer, you may be a target of a sophisticated “spearphishing” attack.

Spearphishing occurs when a hacker personalizes a phishing message to appeal to specific people.

Spearphishing’s personalized messages often include information that their targets would think only another employee, friend, or family member would know. Examples include projects, teams, co-workers and their titles, and names of family members. However, the Internet and especially social media has made it easy for hackers to look up personal details like these. In many cases, just looking at someone’s LinkedIn and Facebook profiles would give a hacker enough information to craft a spearphishing message.

Slide 13

Let’s look at an example of a spearphishing attack. This attack, like most spearphishing attacks, is well-targeted and quite effective. This spearphishing email was sent to Hannah from someone claiming to be her manager, and it asks her to upload a sensitive document regarding a government contract to a website.

If you cannot determine whether a message is phishing or not, you may try to contact the sender to verify it. However, you should never use any of the communications methods suggested by a suspicious message to verify its contents.

Instead, use a preexisting channel such as the company’s main website, an email address from a previous thread, or the phone number printed on the back of your credit card to contact the possible sender.

Slide 14

Over the past few minutes, you learned how to identify and avoid phishing messages, and when to report or verify suspicious messages. Please review or print these takeaways, and then click continue to complete the module.