This document provides information about phishing attacks and how to identify and avoid them. It defines phishing as fake emails sent to trick users into clicking links or downloading attachments. Many phishing emails are opened and clicked within an hour, showing they can be effective. However, human detection of phishing attacks is more effective than technology. The document outlines common traits of phishing emails like generic greetings and requests for urgent action. It advises users to be suspicious of unsolicited attachments and links, and to contact senders through verified methods rather than responding directly. Users should report any suspected phishing to IT and not click, respond or download anything from suspicious emails.

1. The following is for your education, so please continue
through this exercise. You will learn about the risks of
phishing and some common traits to help identify phishing
attacks. Please read each slide carefully and completely.
The link you clicked on was part of
a phishing awareness campaign.

2. What is Phishing?
( hint: it’s tricking an end user via a fake email! )

3. “Phishing” refers to fake emails sent by
attackers. If they can get one person to click
on a link or download an attachment, they
can gain access.

4. Phishing Emails Work
50%
open emails and
click on phishing
links within the
first hour
11%
click on
attachments

5. Source: 2016 Verizon Data Breach Investigations Report
89%
Most phishing is
done by
organized crime
syndicates.

6. 85%
of targeted
attacks use
spear-phishing
emails.

7. What can be done?
Improved
e-mail filtering
(technology)
Human sensor
network
(YOU!)
A NETWORK OF HUMAN SENSORS ARE MORE EFFECTIVE AT
DETECTING PHISHING ATTACKS THAN ALMOST ANY TECHNOLOGY
Source: 2015 Verizon Data Breach Investigations Report

8. Phishing in the News

9. Phishing in
the
News
A single victim
of a phishing
attack can
impact on
millions.

10. Phishing
Attacks
Look Real

11. Phishing
Attacks
Look Real

12. Phishing
Attacks
Look Real

13. What can you do?
Know the signs
of a phishing
attack
Report phishing
attacks to the IT
Department

14. How to
detect a
Phishing
email

15. Common Phishing Traits
1
2
3
4
5
6
1. Generic greeting
2. Invokes fear
3. Requires action
4. Threatening language
5. Grammar issues
6. Generic closing

16.  DO NOT click on
unknown links
 DO NOT reply to
suspicious requests
 DO hover over links
verify its location
 DO report the
suspected attack
What to do?

17. What to do?
DO Be suspicious of unsolicited attachments.
DO Confirm information through other channels of
communication. That is, contact the sender on a known line,
email, website, or other method.
DO NOT give information in the email.
DO NOT download any files.
DO NOT rely on the “from” and “reply to” email addresses,
which can be faked.

18. When in doubt, contact the
I.T. department or Your Supervisor
DO NOT CLICK, RESPOND OR DOWNLOAD!
Courtesy: Action Fraud and the National Fraud Intelligence Bureau