Home

Recognizing phishing

Recognizing phishing

MODULE CONTENTS

This module explains the principle of phishing. The different types of attacks are explained. Some techniques to identify them are reviewed. This module consists of a 3-minute motion design followed by a quiz to validate the learners' skills.

PEDAGOGICAL OBJECTIVES

  • Know the principle of phishing

  • Become familiar with the different techniques used by hackers

  • Give some examples of attacks

In the phishing technique, a hacker will try to organize a mass attack and send an email to many messengers in the hope of extracting information and obtaining gains.

It is imperative to be wary of all messages asking you to click on a link or open an attached file. In most cases, you receive an email from a trusted site, such as a bank for example. You are prompted to click on a link and are then directed to a perfect copy of the trusted site. You are then prompted to enter your username and password: the aim is to retrieve your information and impersonate you on the site in question.

There are ways to identify this type of attack:

  • Check that this email is addressed to you. They are often quite impersonal or vague.

  • Usually the message doesn't evoke any memories but rather questions.

  • Check that you know the sender or the address they use to contact you.

  • Be aware of spelling and typos. Often this type of message has an incorrect or abnormal level of language for the organization or person sending it.

  • Check the destination of the link by dragging your mouse over it without clicking. The destination address is often altered, such as "banko.net".

  • If the URL address says "https", it means that the site is secure.

To sum up, be careful of abnormal requests.

Phishing has developed considerably in recent years and the level of quality of attacks is constantly increasing, so caution is an essential rule to avoid these attacks.