You Got Phished!

Phishing is a type of cyber-attack where an attacker gains access to a victim's
information by tricking them into thinking that fraudulent content is sincere.
This can be done by way of fake emails and spoofed websites.
(Kamaraguru et al., 2010).

This website will inform you about phishing, and how to protect yourself against an attack
Just like to the one in the email that got you here

Next
Next

Common Phishing Techniques

  • One way that phishers catch their victims is called Spear Phishing. In spear phishing the attacker writes a custom email for their target, puting in extra care to make it undetectable.
  • Another form of phishing, we've dubbed Net Phishing. Net phishing is where attackers use form emails and scripts to send massive amounts of emails to many people in an effort for quantity over quality. As such, these are the easiest to detect.
  • More technically capable phishers may use spoofed webpages in order to skim data off of victims. These web pages look almost identical to their original owners.
  • Another payload for phishing attacks is simple panhandling. This is by far the easiest to detect and the most time consuming for attackers, so it is not commonly seen anymore.

Next

How to Recognize the Bait

  • If an email or text message seems off, don't ignore that instinct, take the time to look into it.
  • Hover over links. In most browsers, you will be able to see the destination of the link in the bottom left corner.
  • If your browser does not have this feature, or if you are browsing on your phone, you can copy and paste link destinations into the hotbar to get a better look
  • Look at the email address. Compare it to other emails from the same person if you have to
  • The email itself may be overly general in order to apply to as many victims as possible. It could also have spelling and grammar errors.
    • However, this is not the case in Spear Phishing, where the email text will be specific to you
  • Topic lines will commonly be urgent in order to lure you into clicking on the email
  • If a link seems suspicious, check to see if it says HTTPS:// in the hotbar.
    • HTTPS means that the connection between you and the website is secure and verified. If it is simply HTTP, a hacker could be redirecting you to a clone site where they steal your information.
  • Never ever send your Social Security Number, passwords or other private information over email.
  • Similarly, when doing transactions with money, make sure to use multiple means of communication to coordinate.
Next

GoPhish

Send a slightly phishy email to a couple of your friends and try to get them to click on a link to this webpage.
By doing this, you are helping to educate people about phishing!