City Employees Fish for Phish!
September 4, 2013
To help employees learn to recognize phishing emails, the City recently held a contest to find the most authentic-looking phish that an employee received at work or at home. Take a look at the Top 10 entries. Would you have been hooked by one of these?
Can You Identify a Phish?
You've seen those emails that say they're from your bank but are actually a sneaky attempt to steal your personal information. The emails used to be full of grammar errors and misspelled words. Not anymore. These days, they look truly authentic. Do you think you can tell good email from bad? Take the quiz and find out. Then check below for ways to protect yourself from sneaky phishers.
Computer viruses, identity theft, cyber bullying...
The Internet can be a scary, risky place. The purpose of this section is to provide information so you can protect yourself and your family from Internet threats. Review the articles and presentations in the Topic Library to learn more.
Reminder: This information is provided as a courtesy by City of Phoenix. However, this information is intended as an introduction only, and it is up to you to make sure you take the proper steps to secure your home PC and mobile devices. The City of Phoenix is not responsible for computers not owned by the City and cannot answer specific questions about them, nor does the City of Phoenix recommend or endorse any specific vendors, products, or services.
Passwords give you access to your computer account, your information, and your identity -- just like keys give you access to your home, your car, or you safe deposit box. How strong is your password? Test it here. Hopefully it's not on the list of the 500 worst passwords!
Pick strong passwords, ones that can't be easily guessed or cracked, don't share your passwords, and change them regularly. Learn more about passwords (PDF).
Phishing is an attempt to trick you into divulging personal information such as credit card numbers, account usernames and passwords, and social security numbers. Most phishing attempts are via email and instant messaging.
A typical phishing email may appear to come from your bank or a delivery service. The “spoofed” emails look very authentic with company logos, and they contain links to authentic-looking websites.
Don’t get phished! Here are five protection strategies to prevent becoming a victim.
- Be skeptical of all emails — If you don’t recognize sender, chances are this email is either some form of unsolicited spam or it is a phishing email.
- Be wary of links and attachments — If you do open the email, don’t click on links or download images or attachments. Links may take you to malicious websites. Images and attachments could contain malicious software. Be especially wary of emails with sensational headlines or offers to see naked pictures of celebrities.
- Ignore commands and requests for action — If the email is urging you to do something now, stop and think before you fall into their trap. If it’s too good to be true or seems too farfetched, it probably is.
- Check out the link — Discover where a link actually goes. With your mouse, hover over the link and look at the bottom left corner of your browser window. There you should be able to see the exact URL that you will be directed to if you click on the link. If this link shows as an IP address, such as 192.168.1.1, you probably don’t want to click on the link.
- Use the phone — If you get a questionable email or instant message, give the sender a call to verify it. And use a phone number from the phone book or other published source, not one within the message.
View ISPO’s Phishing presentation (PDF) to learn more and test whether you can identify the phish.
Listed below are more links to free information about security and privacy to protect you and your family. The documents contain not only information to teach you about the topics, but also guides and recommendations. Some of ISPO's favorites include:
- Carnegie Mellon CERT's Home Network Security site
- Google's guide to online safety
- Looks Too Good to Be True guide to fraud
- Microsoft's Safety Scanner
- National Cyber Security Alliance's Stay Safe Online site
- NSA's Home Networking Best Practices article (PDF)