Search Header Logo
Phishing Attacks

Phishing Attacks

Assessment

Presentation

Computers

9th - 12th Grade

Practice Problem

Easy

Created by

Maria Cruz Farooqi

Used 8+ times

FREE Resource

2 Slides • 13 Questions

1

media

​Phishing Attacks

Learning Target: I can describe the risks to privacy from collecting and storing personal data on a computer system

2

Dropdown

Question image
The Internet is a network of computers filled with valuable data, so there are many security ​
in place to protect that data.

But there's a weakest link: the ​
. If the user freely gives away their personal data or access to their computer, it's much harder for security mechanisms to ​
their data and devices.

A phishing attack is an attempt to ​
a user into divulging their ​
information.

3

4

Dropdown

Question image
An example attack

A phishing attack typically ​
with an ​
that claims to be from a ​
website, like a banking website or online store:

5

Dropdown

Question image
The goal of the email is to obtain ​
from the user, so it either asks the recipient to ​
with personal ​
or it links to a ​
that looks remarkably like the original site:

6

Dropdown

If the user is convinced and ​
private details on the site, that ​
is now in the hands of the ​
If the user filled in login details, they can then use those credentials to log in to the ​
, or if the user provided credit card details, they can use the ​
to make purchases anywhere.

7

Dropdown

Question image
Signs of a phishing attack

Fortunately, there are some ​
signs of phishing ​
.

Suspicious email address

Phishing emails will often come from addresses at ​
that don't belong to the ​
.

Conversely, a legitimate email address is not a ​
that an email is 100% safe. Attackers might have figured out a way to spoof the legitimate email address or hacked their way into control over the actual email.

8

Dropdown

Question image
Suspicious URL

Phishing emails will often link to a website with a URL that looks ​
but is actually a website ​
by the ​
.

9

Dropdown

Attackers use a variety of strategies to make tempting URLs:

of the original URL or company name. For example, "goggle.com" instead of "google.com".

A spelling that uses similar looking characters from other alphabets. For example, "wikipediа.org" versus "wikipedia.org". The "e" and the "a" are actually different ​
in those two domains.

Subdomains that look like the domain name. For example, "paypal.accounts.com" instead of "accounts.paypal.com". PayPal owns the second domain, but they have no ​
over the first.

A different top level domain (TLD). For example, "paypal.io" versus "paypal.com". Popular companies try to buy their domain with the most common TLDs, such as ".net", ".com", and ".org", but there are ​
of TLDs out there.

10

Dropdown

Question image
Non-secured HTTP connections

Any ​
that is asking you for sensitive information should be using ​
to ​
the data sent over the Internet.Phishing websites don't always go through the extra effort to use HTTPS.



11

Dropdown

Question image
Requests for sensitive information

emails will often ask you to either reply with ​
information or fill out a form on a website. Most legitimate companies do not need you to ​
personal information after the original account creation.

12

Dropdown

Question image
Urgency and scare tactics

Phishing emails use ​
manipulation to lower our ​
and get us to respond quickly without ​
through the ​
.

13

Multiple Choice

Question image

Nisa receives this security alert about her Google account:

She suspects that it's a phishing email, so she decides not to click the buttons at the bottom.

Which aspect of the email is least indicative of a phishing attack?

1

The email includes a company logo.

2

The email recommends clicking buttons to take further action.

3

The sending email address is not from a google.com domain.

4

The subject line uses warning signs and an exclamation mark.

5

The email uses non-standard spacing and capitalization.

14

Multiple Choice

Evelyn receives an email that claims to be from the IRS, the United States Internal Revenue Service. The email states that their tax refund is ready and includes an attachment labeled "taxrefund.doc".

Evelyn is eager for their refund but worried the email is a phishing scam.

What is the safest next step?

1

Evelyn can download the attachment, send it through their antivirus software, and confirm that it has no malware inside it. Then they can safely open it.

2

Evelyn can open the attachment from their mobile phone instead of from their personal computer, since the mobile phone is more malware-proof.

3

Evelyn can find the official IRS website by searching the Web and contact IRS through a listed email address to inquire about the email.

4

Evelyn can search the Web to see if the ".doc" file type can ever contain malware. If it is always safe, then they can open it.

15

Multiple Select

Question image

Agatha received an email from her bank that asked for verification of her account details. She clicked the link in the email and entered her username and password into a form.

At that point, she realized the email was a phishing scam, and she had just revealed her password to the cyber criminals behind the scam.

What are the effects of revealing her bank account password to cyber criminals?

👁️Note that there are 2 answers to this question.

1

They can try the password on other websites where she has a login.

2

They can log into her computer and look at the files on her hard drive.

3

They can now more easily figure out other people's passwords for the banking site.

4

They can use the password to login to the real bank website.

5

They can use the password to access the entire database of the banking website.

media

​Phishing Attacks

Learning Target: I can describe the risks to privacy from collecting and storing personal data on a computer system

Show answer

Auto Play

Slide 1 / 15

SLIDE