ECSM Logo

Cyber Security Awareness Compaign

University of Luxembourg and the Fondation RESTENA

Phishing

What is phishing?

Phishing involves sending fake emails to a broad group of users trying to convince them to give away private information such as logins, passwords, credit card numbers, social security information and so on. The gained information will be abused by criminals to e.g. purchase items to transfer money.
You might also be send to a malicious website, which will try to get access or infect your computer.

ENISA PDF Poster

Example 1:

Phishing Example 1

Note the sender of the email. There is not receiver visible. There no personal salutation. Why should Google run a lottery? Did you even play Lotto in the UK?

Example 2:

Phishing Example 2

Again, no salutation. Why should EVERYONE do a survey on an incident (by the way, did you ever hear if this incident)? Do you know Brenda? If this is official business, why isn’t it coming from a known sender address?

Example 3:

Phishing Example 3

This is using the email address as greeting and not mentioning the name of the bank it claims to come from. You should not open the attachment. It might contain malicious content or even not be a word document but an executable file.

What is spear phishing?

In comparison to phishing where the same email might be send to millions of people Spear phishing is a selective attack. It will be more effective as it uses social engineering to send deceptive, personalized messagesi.

Example 1:

Spear Phishing Example 1

This is a strange formatting. What does Seng Assoziatioun have to do with us? There seems to be no link to the email address No salutation at all. The URL looks strange, some free service hosted somewhere on the internet?

Why should I care?

According to reports phishing attacks were responsible for as much as 73% of malware being delivered to organizations (source: NTT Global Threat Intelligence Report ). Phishing targeting your private accounts (e.g. you Ebay account or Apple ID) might force you to invest a lot of time and efforts into clearing your name again.

How do protect myself

Don’t get hooked. Think before you act.

Don’t submit your email address on every website you find just to win a cool prize. If you provide your email to a third party read the general terms and conditions. Opt out to advertisements.

If you receive an email

Oh no…. I think I got phished! What to do now?

If you think that you might have phished please stay calm. Which kind of information has been compromised?

Additional information

Do you want to test your skills? Check out these 18 mails on the “The Telegraph” website in the UK:
http://www.telegraph.co.uk/money/consumer-affairs/18-texts-emails-hmrc-banks-leading-shops-scams/

If you are interested in statistics, check out the ones provided by Barkly:
https://blog.barkly.com/phishing-statistics-2017


RESTENA Logo uni.lu Logo
Copyright - Data protection