Cyber Awareness – Phishing

Phishing – what is it?

It is the practice of sending emails or other messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.

How do phishing scams trick users?

The phishing attack relies on communication that looks legitimate and appears to come from a trusted source. Attackers use emails or text messages to trick you into taking an action such as downloading malware¹, visiting an infected site, or divulging login credentials in order to steal your money, data or personal information.

• Phishers use fear, curiosity, a sense of urgency and greed to compel you to open attachments or click on links.
• They are designed to come from legitimate companies and individuals.
• Cybercriminals are continuously using increasingly sophisticated techniques to trick you into clicking or tapping.
• It only takes one successful phishing attach to steal your data and personal information. Always – Think Before You Click²

Why are phishing attacks so effective?

They exploit the vulnerabilities of human nature, including a tendency to trust others, act out of curiosity, or respond emotionally to urgent messages.

What can happen when you are phished?

☐    Money stolen from your bank account.              ☐         Fraudulent charges on credit cards.

☐    Lost access to photos, videos and files.             ☐         Fake social media posts made in your accounts.

☐    Cybercriminals impersonating you, putting friends or family members at risk.     

PHISHING QUIZ (answers are below):

1. What are the most common signs of a phishing scam?

1. Nice graphics and layout
2. Contains personal information
3. Proper spelling and grammar
4. Unknown sender, sense of urgency, unexpected attachment, or too good to be true

2. How many phishing emails are sent each day worldwide?

1. 100 million
2. 250 million
3. 5 billion
4. 4 billion

3. What can happen if you click on a phishing email link or attachment?

1. The email sender could gain access to company systems.
2. The email sender could steal your personal information or company information.
3. The email sender could distribute malware into the company network.
4. All of the above

4. How can a person executing a phishing attack steal someone's identity?

1. They pretend they are someone else when emailing phishing messages, so that's like stealing an identity.
2. They ask for personal information on a webpage or pop-up window linked from the phishing email, and they use the information entered to make illegal purchases or commit fraud.
3. They send a request for the recipient's driver's license and credit cards.
4. They ask for money to purchase your ID on the black market.

5. Why would people who send phishing emails be excited about a natural disaster or health scare?

1. If people are distracted by a hurricane or a flu pandemic, they might be less likely to read emails carefully.
2. Phishers often take advantage of current events, such as natural disasters, health scares, or political elections, and send messages with those themes to play on people's fears.
3. Phishing emails reach more people if they are worried about the weather.
4. If people go without power due to a storm or other natural disaster, they will be excited about communication being restored and they will respond to the emails they receive once power is back.

6. Unsure whether an email is real or phishing? Which of the following should you do?

1. An unknown email sender, where the email is vague or generic, and is threatening something about one of your online accounts? Report it as phishing.
2. An alert email comes from PayPal or your bank. Open a new browser window and go to your account to see if anything is happening with your account.
3. An offer appears to be from Amazon, but upon closer inspection it's actually from Amzon.co. You should report and delete the email.
4. All of the above

QUIZ ANSWERS:

Question 1 What are the most common signs of a phishing scam?

     Answer = 4 Unknown sender, sense of urgency, unexpected attachment, or too good to be true

     Phishing emails often use a sense of urgency to make you click on a link or open an attachment without thinking.

     Often these emails come from someone you don't know and contain attachments or links that you don't recognize.

     Remember: If it's too good to be true, it probably is.

Question 2 How many phishing emails are sent each day worldwide?

     Answer = 4 4 billion

     Phishing is an extremely lucrative criminal business and can be devastating to an organization if successful.

     Worldwide web fraud detection organizations estimate that over 3.4 billion phishing emails are sent each day.

Question 3 What can happen if you click on a phishing email link or attachment?

     Answer 4 All of the above

     If you click on a link in a phishing email or open an attachment, the email sender could gain access to company systems, steal information, or distribute malware into the company network or your personal       computer. Don't give them this kind of power!

     Avoid clicking on links or opening attachments unless you know the sender and are sure the email is valid.

Question 4 How can a person executing a phishing attack steal someone’s identity?

     Answer 2 They ask for personal information on a webpage or pop-up window linked from the phishing email, and they use the information entered to make illegal purchases or commit fraud.

     A person who sends phishing emails typically asks for personal or financial information on a webpage or pop-up window linked from the phishing email.

     He or she uses that information to purchase things online or gain unauthorized access to data.

     Phishers may use fake names, but they do not steal an identity to send the emails, nor do they request photos.

Question 5 Why would people who send phishing emails be excited about a natural disaster or health

scare?

     Answer 2 Phishers often take advantage of current events, such as natural disasters, health scares, or political elections, and send messages with those themes to play on people's fears.

     Phishers capitalize on trends and current events.

     They might ask for contributions to charities, talk about economic uncertainty, or appeal to people's emotions concerning politics or things in the news.

     Phishers don't have any interest in the weather as a distraction tool.

Question 6 Unsure whether an email is real or phishing? Which of the following should you do?

     Answer 4 All of the above

     The email is vague and generic, and it's threatening something about one of your accounts.

     It talks about an urgent threat and sounds suspicious.

     The offer is too good to be true. Don't click on the link.

     Never give out financial or personal information in response to an email that seems questionable.

Click the link below to read an article from the credit bureau, Experian. It is a 9-minute read.

The Latest Scams You Need to Be Aware of in 2024:³

(your system may require you to right click on the link and then left click on open hyperlink)

**************************************************************************************

Sources:

Article Info / Quiz : https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html

1 – malware link: https://www.mcafee.com/en-us/antivirus/malware.html

2 – Think Before You Click link: https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/phishing-program-infographic.pdf

3 – The Latest Scams You Need to Be Aware of in 2024: https://www.experian.com/blogs/ask-experian/the-latest-scams-you-need-to-aware-of/