Phishing Awareness

Stay Safe from Phishing Attacks

Learn how to identify phishing emails, protect your information, and test your awareness with interactive quizzes.

What is Phishing?

Phishing is a type of cyber attack where attackers pretend to be someone you trust—like a bank, government agency, or popular company—in order to trick you into giving away sensitive information such as passwords, credit card numbers, bank account details, or OTPs.

Phishing Example

The goal of phishing is to steal money, gain access to accounts, or install malware on your device without your knowledge.

How Does Phishing Work?

Phishers usually send a fake message (email, SMS, social media, or phone call) that looks real and creates a sense of urgency, fear, or excitement. They ask you to click a link, download an attachment, or enter your credentials. Once you do this, they can steal your identity, hijack your accounts, or infect your device.

Types of Phishing Attacks

1. Email Phishing: Fake emails that look like they're from known companies (e.g., your bank, Amazon).

2. Spear Phishing: Targeted phishing aimed at a specific person or organization using personal info.

3. Smishing: Phishing through SMS messages that contain malicious links or requests.

4. Vishing: Voice phishing—attackers call you pretending to be from a trusted organization.

5. Pharming: Redirects you to a fake website even if you typed the correct address.

6. Clone Phishing: An exact copy of a previous email you received, but with a dangerous attachment or link.

Common Warning Signs

• Urgent or threatening language (e.g., "Act now!", "Your account will be locked")

• Suspicious links – always hover to check the real URL

• Poor grammar or spelling errors

• Unknown sender email addresses

• Requests for sensitive information

How to Recognize Phishing Attempts

Recognizing Phishing

Phishing attempts are often disguised as legitimate messages, but there are several warning signs that can help you recognize them. Being able to spot these signs early can protect you from identity theft, financial loss, and account compromise.

⚠️ Common Signs of a Phishing Attempt

1. Urgent or Threatening Language: Messages that try to create panic or urgency such as “Your account will be closed!” or “Immediate action required!”

2. Suspicious Links: Hover over links to see the actual URL. If the link doesn’t match the sender’s claimed website or looks odd (e.g., contains misspelled words or strange domains), it's likely a phishing link.

3. Unexpected Attachments: Emails with random attachments or unfamiliar file formats may contain malware. Do not download or open them unless you're sure they're safe.

4. Generic Greetings: Phishing emails often use phrases like “Dear User” or “Dear Customer” instead of your actual name, because the sender doesn’t know who you really are.

5. Poor Spelling and Grammar: Many phishing messages contain noticeable grammatical errors, awkward phrasing, or odd sentence structures.

6. Requests for Personal Information: Legitimate companies will never ask for sensitive data like your password, OTP, or credit card details via email or text.

7. Fake Email Addresses: Check the sender’s email address closely. Phishing emails may come from addresses that look similar to real ones (e.g., support@paypaI.com with an uppercase "I" instead of a lowercase "l").

8. Too Good to Be True Offers: If a message claims you've won a prize, lottery, or reward without any reason, it's likely a scam.

🛡️ Stay Safe by Staying Aware

Always think before clicking any link, downloading an attachment, or entering your information. If something feels off, trust your instincts and double-check by contacting the organization directly using official contact methods.

Protect Yourself from Phishing

Protect Yourself

Here are some steps you can take to protect yourself:

Report Phishing Attempts

Report Phishing

If you receive a suspicious email, message, or phone call that you believe is a phishing attempt, it's important to report it immediately. Reporting helps protect others and supports organizations and cybersecurity teams in stopping these threats.

📨 How to Report a Phishing Email

1. Do Not Click on Any Links or Download Attachments: Always avoid interacting with suspicious messages.

2. Use the "Report" Feature: Most email services (like Gmail or Outlook) have built-in reporting tools:

3. Forward the Email to Authorities: You can forward the phishing email to the following addresses:

4. Inform the Impersonated Company: Visit the official website of the company that was impersonated and look for their fraud or abuse reporting page.

5. Report to National Cybercrime Portal (India): Visit cybercrime.gov.in to file an official complaint with law enforcement.

Quizzes

1. What is phishing?

A type of fishing
A cyber attack to steal information
A social engineering tactic
Both b and c

2. Which of the following is a sign of phishing?

Generic greetings
Urgent requests for information
Poor grammar
All of the above

3. What should you do if you receive a suspicious email?

Click on the links to check
Report it immediately
Ignore it
Forward it to friends

4. What is spear phishing?

Phishing aimed at a large group
Targeted phishing aimed at a specific individual
Phishing through social media
None of the above

5. Which of the following is a common phishing tactic?

Sending fake invoices
Creating fake websites
Using social engineering techniques
All of the above

Real-Time Threat Examples

Example 1: A recent phishing email impersonating a popular bank requested users to verify their account details by clicking a link. Many users fell victim, leading to unauthorized transactions.
Example 2: A fake SMS claiming to be from a government agency warned recipients of a tax issue, urging them to click a link to resolve it. This led to several users providing personal information.
Example 3: A social media account was hacked and used to send messages to friends, asking for money due to an emergency. Many friends were tricked into sending money.

Case Studies

Case Study 1: The Target Data Breach

In 2013, hackers used phishing emails to gain access to Target's network, leading to the theft of 40 million credit and debit card numbers. The attackers sent emails to Target employees that appeared to be from a trusted vendor, tricking them into providing access to sensitive information.

Case Study 2: The Google Docs Phishing Attack

In 2017, a phishing attack disguised as a Google Docs sharing request spread rapidly, tricking users into granting access to their Google accounts. The attackers used a fake Google login page to capture user credentials, affecting millions of users before it was contained.

Case Study 3: The Ubiquiti Networks Incident

In 2015, Ubiquiti Networks fell victim to a phishing attack that resulted in a loss of $46.7 million. The attackers impersonated a vendor and sent emails to Ubiquiti employees, convincing them to transfer funds to accounts controlled by the attackers.

Frequently Asked Questions (FAQs)

What should I do if I think I've been phished?

If you suspect you've been a victim of phishing, change your passwords immediately, enable two-factor authentication, and report the incident to your email provider and relevant authorities.

How can I tell if an email is legitimate?

Check for spelling errors, generic greetings, and suspicious links. Always verify the sender's email address and look for signs of urgency or threats.

Can phishing happen on social media?

Yes, phishing can occur on social media through fake accounts, messages, or links. Always verify the source before clicking on links or providing personal information.