THE DHS PHISHING IQ TEST PART 2
LEGITIMATE V PHISHING How do you know if an is legitimate, or is a phony, phishing ? Take the DHS Phishing IQ Test, and we’ll show you what to look for in a phishing . The best way to avoid getting “phished” is to NEVER CLICK ON LINKS IN THAT ASK FOR YOUR IDENTIFYING INFORMATION DHS IT Security & Privacy Training 2
LEGITIMATE OR PHISHING? 2014 DHS IT Security & Privacy Training 3 Which answer? Legitimate Phishing This is supposedly from PC Magazine inviting the recipient to participate in a survey by clicking the supplied link.
Putting the cursor over any of the links will show the full link, and these all go back to the sender’s website. Remember: don't use the links in an , instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender DHS IT Security & Privacy Training 4
LEGITIMATE OR PHISHING? 2014 DHS IT Security & Privacy Training 5 Which answer? Legitimate Phishing This is supposedly an invitation from a friend to view a youtube video by clicking on a link to the video.
The receiver knew the sender, but was wary of clicking on the link. Clicking on the link brings a request for your cell phone number. If you provide it, phishers will have access to your cell phone account, and they can send spam and malware to your cell phone. (The receiver also received multiple copies of this .) Don't use the links in an , instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender DHS IT Security & Privacy Training 6
LEGITIMATE OR PHISHING? 2014 DHS IT Security & Privacy Training 7 Which answer? Legitimate Phishing This is supposedly from Southwest Airlines advertising a sale. The recipient is instructed to click on the link to go to the website.
Southwest Airlines frequently sends these savings s, but only if the recipient has gone to the site and requested to receive the s. Don't use the links in an to get to any web page if you suspect the message might not be authentic, if you don't know the sender, or if you did not request the information DHS IT Security & Privacy Training 8
LEGITIMATE OR PHISHING? 2014 DHS IT Security & Privacy Training 9 Which answer? Legitimate Phishing This is supposedly from CapitalOne bank and states the recipient’s online account has expired. It gives a link to click to renew the account.
If you’re not a customer, the should be suspect from the beginning. If you are a customer, don’t be taken in. This is a scam. Remember, don't use the links in an to get to any web page if you suspect the message might not be authentic or you don't know the sender DHS IT Security & Privacy Training 10
LEGITIMATE OR PHISHING? 2014 DHS IT Security & Privacy Training 11 Which answer? Legitimate Phishing This is supposedly from Who’s Who and informs the recipient he/she has been selected for inclusion. It asks the recipient to click on a link to verify information and accept the invitation.
If you had clicked on the link on the previous screen, you would have been taken to this screen. If you complete this information and click “Confirm”, you have just given a scammer enough information to impersonate you. Remember: don’t give out personal information in an unless you have manually logged onto a website and you are sure it is authentic DHS IT Security & Privacy Training 12