Download presentation
Presentation is loading. Please wait.
1
Take the Quiz and find out more!
Spot the Phish Quiz Take the Quiz and find out more!
2
About the Quiz Start Quiz INTERNAL
You receive s from banks, e-commerce vendors and other organizations each day. Unfortunately, cyber criminals also send out fake s that look like they are from credible senders with the intention of stealing your valuable information. By clicking on a malicious link, downloading an infected file or visiting a suspicious website, you may have given cyber crimnals access to your information without even knowing it. So, how can you tell the difference between a real and a fake ? Take the quiz and find out more We have collected a set of examples at BASF to help you test your ability to identify a phishing scam. Please note that this quiz is just an exercise. It does not contain any factual information. it has been developed for internal training purposes in order to enable BASF employees to better identify phishing mails. To begin, start the presentation mode in PowerPoint. Then, click the "Start Quiz" button below. Each example will be displayed one at a time on a slide. You decide if the is a "Phish" or “Real." After each example, you will find out the correct answer and"why“ an was a phishing mail or a real one. Good Luck! Start Quiz INTERNAL
3
Example 1 Real or fake? Real Fake INTERNAL
4
Example 1: Malicious attachment in email What’s phishy about this email?
Sender seems to be an important authority Fake! Example of spelling & grammar errors Request to open the attachment Reference to a specific tax transaction An „executable“ file as the tax transaction report x Real ü Fake INTERNAL
5
Example 2 Real or fake? Real Fake INTERNAL
You are sent an with a link from your bank to update your bank account details. The link takes you to this site: Real Fake INTERNAL
6
Example 2: Link to a fake website What’s phishy about this email?
How to identify the domain Read from left to right from the first single “/” until the second period of a URL. (Here the domain: „banksofamerica-wellsfargo.com“) Illegitimate domain Fake! Request to log into your bank account x Real ü Fake INTERNAL
7
Example 3 Real or fake? Real Fake INTERNAL
8
Example 3: Trustworthy link and URL What’s phishy about this email?
General request to change passwords without links Real! Legitimate sender Correct contact signature Legitimate Domain ü x Real Fake INTERNAL
9
Example 4 Real or fake? Real Fake INTERNAL
10
Example 4: Malicious attachment in email What’s phishy about this email?
Mismatch between sender and the content of the Fake! Time pressure imposed through provision of a deadline Reference to a specific transaction Serious consequences if no action is taken Indirect request to open the attachment x Real ü Fake „.zip“ file as a report Unknown contact with missing contact details INTERNAL
11
Example 5 Real or fake? Real Fake INTERNAL
12
Example 5: Suspicious, unknown sender What’s phishy about this email?
False, non-BASF account = „Outlock“? The sender pretends to own a BASF account by entering a fake address in cc. How? The „I“ in „“Stefanie“ is really an „L“ Fake! Authoritative pressure from HR Manager. Time pressure imposed through provision of a deadline Request for sensitive information Example of spelling & grammar errors This is a case of Spearphishing , i.e. a phishing scam targeting specific individuals or groups. A spearphishing may include personal contact details and other information that can fool a recipient into believing that the was sent by a legitimate sender. x Real ü Fake Incorrect BASF signature missing contact details INTERNAL
13
Congratulations! You have completed the quiz!
Remember: If you receive a suspicious from an unknown sender or an that may have a malicious link or attachment, then do not click on the link or open the attachment. Please report it by clicking on the Phishing Button in Outlook. If you become a victim of a phishing scam: Inform your supervisor and Information Protection Officer. Further, if you may have unintentionally released information as a result of a scam or phishing mail, please take measures to notify your supervisor and other affected parties. Checklist: What indicates a suspicious ? Mismatch between the name of the sender and the content of the Links to unknown websites Unsolicited request for sensitive information Unsolicited attachments that you are asked to view or update Spelling and grammatical errors Unrealistic story – “too good to be true” Pressure to answer questions (e.g. time or authoritative pressure) Reference made to orders, deliveries or outstanding bills INTERNAL
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.