recognize phishing scams
DESCRIPTION
This is a quick tutorial I made for my staff. Users have been getting a large amount of spam and phishing emails lately. This small presentation will hopefully serve as a quick visual tutorial for recognizing the good from the bad.TRANSCRIPT
Updated by Chris. Casal, 4/2014
SNIFF OUT SPAM: IT’S PHISHYA quick tutorial on differentiating between legitimate emails and
emails designed to steal your credentials & identity
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
PREFACEMost email scams aren’t technical “hacking” in that they don’t gain illegal access to your
account. Rather, they are “phishing” scams, designed to get you to enter your username & password on their site, essentially granting them access to your account
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
EMAIL #1Friend of Foe?
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
EMAIL #2Friend or Foe?
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
SIDE BY SIDENotice the similarities?Notice the differences?
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
THE FOE - THE PHISHERScares you by threatening to restrict email access
Asks for name, email AND password - that’s a huge red flag!
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
THE FRIENDAn official email regarding your storage capacity
Does not ask for user informationInforms you of steps you should take
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
SIDE BY SIDELeft = bad
Right = good
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
THE FOE - THE CLUESThe sender’s email is very odd & suspicious
They are asking for account security informationNo legitimate email will ever ask you to “reply” or “click here” and provide your security information
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
THE FRIENDInforms you of the issue
Gives you steps for corrective actionNever asks for personal information nor security access such as passwords
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
KEEP IN MIND
• Remember:
• no harm in getting the email
• no reputable email will ever say “click here and enter your password” or “reply to with your password included”
• never enter your password on an untrusted site
• verify the site by looking at the address bar
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
IF YOU DO GET COMPROMISED
• It happens, no one is completely immune
• Log in to your service at the main address (schools.nyc.gov, gmail.com, yahoo.com, etc)
• Change your password immediately
• Send an email to your contacts letting them know you were compromised, to ignore the spammy email from your account, and suggest they change their passwords too
Tuesday, April 29, 14
Updated by Chris Casal, 4/2014
CREDITSCreated by Chris Casal
Computer Teacher,Technology Coordinator, and PS10.org Google Apps AdministratorPS10 - 15K010
[email protected] / [email protected]@mr_casal
Tuesday, April 29, 14