Phishing Awareness
Learn to spot fake emails and protect yourself from social engineering attacks
What is Phishing?
Phishing is when cybercriminals pretend to be trustworthy organizations (banks, schools, companies) to trick you into revealing passwords, credit card numbers, or personal information. They use fake emails, texts, or websites that look legitimate!
How Phishing Works:
- The Bait: You receive an email that looks official (from "your bank", "tech support", etc.)
- The Hook: The message creates urgency ("Your account will be closed!", "You won a prize!")
- The Trap: You're asked to click a link or download an attachment
- The Catch: The fake site steals your login credentials or installs malware
🎮 Spot the Phishing Email Game
Test your skills! Look at each email and decide if it's legitimate or a phishing attempt. Click on any part of the email to reveal clues!
Red Flags to Watch For
Suspicious Sender
Check the email address carefully. "support@amaz0n.com" is not Amazon!
Urgent Language
"ACT NOW!" or "Your account will be closed!" creates panic to bypass your judgment.
Suspicious Links
Hover over links (don't click!) to see where they really go. Look for misspellings.
Unexpected Attachments
Don't open attachments from unknown senders. They could contain malware.
Generic Greetings
"Dear Customer" instead of your name means it's a mass phishing attempt.
Poor Grammar
Legitimate companies proofread! Lots of typos = red flag.
Link Safety Checker
Hover over links to see where they really go! Try it with these examples:
🔍 URL Safety Tips:
- Check for HTTPS: Secure sites start with "https://" (note the 's')
- Watch for typos: amaz0n.com, g00gle.com, micros0ft.com
- Look at the domain: paypal.com ✓ | paypal.com.verify.tk ✗
- Unusual extensions: .tk, .ml, .ru are often used for phishing
Types of Social Engineering
Phishing is just one type of social engineering - manipulating people into giving up information. Here are others:
- Spear Phishing: Targeted attacks using personal information (harder to detect!)
- Vishing: Phone calls from fake "tech support" or "IRS agents"
- Smishing: Phishing via text message ("Your package is waiting - click here")
- Pretexting: Creating fake scenarios to gain trust ("I'm from IT, need your password")
- Baiting: Leaving infected USB drives in public places hoping someone plugs them in
What to Do If You Click
Accidentally clicked a phishing link? Don't panic! Here's what to do:
- Don't enter any information - Close the window immediately
- Change your passwords - Especially if you entered any credentials
- Run antivirus scan - Check for malware that may have been downloaded
- Monitor your accounts - Watch for suspicious activity
- Report it - Tell your IT department or report to the FTC (ftc.gov/complaint)
- Enable 2FA - If you haven't already, add two-factor authentication
Protect Yourself
- ✅ Always verify sender email addresses carefully
- ✅ Hover over links before clicking to see real URLs
- ✅ Type URLs directly instead of clicking email links
- ✅ Use spam filters and keep them updated
- ✅ Never share passwords or personal info via email
- ✅ When in doubt, contact the company directly using official channels
- ✅ Keep software and browsers updated for security patches
Remember: Think Before You Click!
Legitimate companies will NEVER:
- ❌ Ask for your password via email
- ❌ Threaten to close your account immediately
- ❌ Request sensitive information through email or text
- ❌ Send unsolicited attachments
- ❌ Ask you to verify your account through an emailed link
When suspicious, trust your gut and verify through official channels!