Resources • Basic Phishing

Basic Phishing: Learn

What is Phishing?

Phishing is a fraudulent attempt to obtain sensitive information by pretending to be a trustworthy entity. These attacks often come in the form of emails, text messages, or social media messages that appear to be from legitimate sources such as banks, online services, or even friends and colleagues.

Characteristics of Phishing Emails

  • Urgent or Threatening Language: Phishing emails often create a sense of urgency or fear to prompt quick action.
  • Generic Greetings: Messages may use generic greetings like "Dear Customer" instead of your name.
  • Suspicious Links or Attachments: Phishing emails usually contain links or attachments that lead to fake websites or download malware.
  • Spelling and Grammar Errors: Many phishing emails have noticeable spelling and grammar mistakes.

Recognize Phishing Attempts

  • Check the Sender's Email Address: Look closely at the sender’s email address. Phishing emails often use addresses that look similar to, but are not the same as, legitimate addresses.
  • Hover Over Links: Hover your mouse over links (without clicking) to see the actual URL. If it looks suspicious or doesn't match the expected website, don’t click it.
  • Verify the Source: If you receive an unexpected email from a known organization, contact them directly using official contact information to verify its authenticity.
  • Look for Signs of a Fake Website: Be wary of websites with odd URLs, poor design, or requests for sensitive information without proper security measures (like HTTPS).

What to Do if You Suspect a Phishing Attempt

  • Do Not Click Links or Download Attachments: If you suspect an email is a phishing attempt, do not click on any links or download any attachments.
  • Report the Email: Most email services have an option to report phishing. Use this to help prevent others from falling victim.
  • Delete the Email: After reporting, delete the email from your inbox.
  • Update Your Security Software: Ensure your antivirus and other security software are up to date to protect against potential threats.

Preventing Phishing Attacks

  • Use Strong, Unique Passwords: Create strong passwords for different accounts and change them regularly.
  • Enable Two-Factor Authentication (2FA): Use 2FA where available for an extra layer of security.
  • Stay Informed: Keep yourself updated on the latest phishing tactics and security practices.
  • Educate Others: Share your knowledge about phishing with friends, family, and colleagues to help them stay safe.

Interactive Phishing Example

Below is an example phishing emial. Hover over the red text to learn why each is a red flag.



Basic Phishing: Practice