​A cybercrime which uses fraudulent emails, text messages or calls to solicit personal information with the intention of malicious gain.

​What is Phishing?

• Spear Phishing

• Vishing

• Smishing

• Whaling

​

Types of Phishing

Spear Phishing

A highly targeted cyberattack which is extremely effective and difficult to prevent. Spear phishing is often done with the intent of stealing sensitive data like financial details via accessing the target's personal information through social media.

Spear phishing requires alot of thought and meticulous planning which aid in the attack's success. Spear phishing targets a specific individual.

A phishing tactic using a SMS text messages to ascertain personal information.

​SMS Phishing

A phishing tactic using a phone call or voice message to ascertain personal information.

​Voice Phishing

Vishing Smishing

Masquerading as a senior player at an organization and directly targeting other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to computer systems for criminal purposes.

​

Whaling

​Think of phishing as casting a wide net in the ocean and waiting to see how many fish you can catch.

What are the Differences?

In the case of spear phishing, think of studying a very specific fish in the ocean and becoming an expert to ensure that when you cast your net in a specific place at a specific time, based on your knowledge, you are more likely to catch that specific fish.

Phishing uses a blanket approach whereas spear phishing and whaling use an individual approach.

​With whaling, think of studying the queen bee of the hive's movements and setting a trap specifically geared at capturing her.

• Too good to be true

• Sense of urgency

• Hyperlinks

• Attachments

• Unusual sender

​​Features of Phishing

• "Congrats, you've won a huge prize. Please send me your info so I may send the prize."

​​Example of Phishing

​Common Phishing Techniques

• Using legitimate links

• Altering brand logos

• Mixing legitimate and poisoned code together

• Abusing redirections and URL shorteners

• Puzzling the filters with too much noise or too little content

• Keep software up to date

• ​Check URL addresses

• Install anti-phishing toolbars

• Never download suspicious attachments

• Be cautious when reacting to emails

​

​How to Avoid being Phished

When you click on a phishing link, you may be redirected to a page that asks you to enter your personal information and/or download an attachment

​

​What Happens

So you think you're being phished?

• Report attack to the IT Department

• Do NOT click on the links or downloadable attachments

• If via email, report the email as spam

• Do NOT give out your personal information such as name, address, contact and banking details

• If credit card information was entered, cancel your card

• Change all passwords of compromised accounts

Test Your Knowledge!

On the next slide is a direct link to the Quizizz Quiz associated with this lesson. Click "Start Quiz" to test your knowledge.

Don't worry, if you get a question wrong you can always go back later and review the question and its correct answer. You also have unlimited attempts so you can always retake it after.

*Each employee is required to successfully pass a phishing quiz in addition to attending an informational workshop once a year.

Good luck anti-phishers!