CODE ALPHA CYBER SECURITY INTERNSHIP

PHISHING
AWARENESS
TRAINING
Think Before You Click!

Prepared by: Tayyaba Shaikh

 OBJECTIVES
By the end of this training, you will be able to:

1 2 3
Define phishing and Recognize red flags in Develop critical
identify common phishing emails, thinking skills to
methods used by messages, or posts discern legitimate
scammers requests from
potential phishing
attempts
WHAT IS
PHISHING?
Phishing is when someone tries to trick
you into revealing personal information
like your password, credit card numbers,
or social security number.
Think of an email or message you received
Phishing can happen through emails, text that asked for personal information. What
made it suspicious?
messages, or other online platforms.
 TYPES OF PHISHING
Phishing attacks come in different forms

EMAIL PHISHING SMS PHISHING SOCIAL MEDIA

Scammers send fake Scammers send text
PHISHING
emails pretending to messages with fake
be a trustworthy links or requests for Scammers create fake
organization personal information profiles or posts to
trick you into clicking
on links or sharing
personal informaion
RED FLAGS
Red flags in phishing attempts are
1 Urgent or threatening language
warning signs or indicators that help
individuals identify potential scams.
2 Suspicious sender information
Some common read flags in phishing
include:
3 Requests for personal information

4 Misspellings or grammatical errors

5 Suspicious links or attachments

6 Generic greetings

7 Too good to be true

01 URGENT OR THREATENING
LANGUAGE 03 REQUESTS FOR PERSONAL
INFORMATION

Phishing attempts often create a sense of Legitimate organizations do not request

urgency or use threatening language to personal information, such as usernames,
prompt immediate action. Phases like passwords, or credit card numbers, via
"urgent action required," "account email, social media, or other online means.
suspended," or "your account will be Be cautious of any request for personal
deleted" may indicate a phishing attempt. information.

02 SUSPICIOUS SENDER
INFORMATION 04 MISSPELLINGS OR
GRAMMATICAL ERRORS

Check the sender's email address or social Phishing emails or messages may contain
media profile. Phishing emails or messages misspellings, grammatical errors, or
often use generic or suspicious email awkward phrasing. Legitimate organizations
addresses that do not match the legitimate usually have professional communications
entity they claim to represent. and do not contain obvious errors.
05 SUSPICIOUS LINKS OR
ATTACHMENTS 07 TOO GOOD TO BE TRUE

Be cautious of links or attachments in emails Phishing attempts may lure individuals with
or messages from unknown or untrusted enticing offers, such as winning a prize or
sources. Hover over links to check their getting a huge discount. If an offer seems
actual destinations, and do not click on too good to be true, it may be a phishing
suspicious links or download attachments attempt.
that you were not expecting.

06 GENERIC GREETINGS
Which of the seven red flags do you think is
the hardest to detect? What makes you say
Phishing emails may use generic greetings that?
like "Dear Customer" instead of addressing
you by your name. Legitimate organizations
often personalize their communications with
your name or other relevant information.
EXAMPLES OF REAL LIFE
INCIDENTS
EXAMPLE 1 EXAMPLE 2
Credential Theft - Yahoo (2014): Ransomware Attack - WannaCry (2017):

Incident: Incident:
Yahoo suffered a massive data breach when While not a traditional phishing attack, the
attackers used a combination of spear- WannaCry ransomware spread via phishing
phishing and credential theft to gain emails. It exploited a Windows vulnerability
unauthorized access to user accounts. to encrypt files and demanded a ransom for
their release.
Consequences:
The breach exposed the personal Consequences:
information of 500 million users. This event The attack impacted over 200,000 computers
severely damaged Yahoo's reputation, in 150 countries, affecting critical
resulting in legal consequences and a infrastructure, healthcare systems, and
decrease in user trust. businesses. The financial and operational
consequences were significant.
PROTECTING YOURSELF
AGAINST PHISHING
BEST PRACTICES
Keep software and systems up to date

Use strong, unique passwords

Enable multi-factor authentication

Educate yourself and others about phishing threats.

REPORT
PHISHING
ATTEMPTS
If you suspect a phishing attempt, report it to a trusted adult,
teacher, or the school's IT department. Please don't forward the
phishing email or message to another user. You can show them
on your device. Forwarding phishing emails could lead to others
being phished.

Reporting phishing attempts helps protect others from falling

victim to the scam.
 THINK CRITICALLY

Be skeptical of emails, Think before clicking on Verify the authenticity of

messages, or posts that any links, sharing personal the sender and the
seem too good to be true information online, or information provided
or too urgent. Remember, opening any suspicious before taking any action.
if it sounds too good to be attachments. Ask yourself Trust your instincts and be
true, it probably is! if it seems legitimate and cautious when sharing
if you were expecting it. information online.
 THINK BEFORE YOU CLICK!

PROTECT YOURSELF
FROM PHISHING
Don't share your personal information online!
RESOURCES
Cybersecurity & Infrastructure Security Agency (CISA):

Provides resources on cybersecurity best practices, alerts, and incident response.

National Institute of Standards and Technology (NIST) Cybersecurity Framework:

Offers a framework for improving cybersecurity posture, with guidelines and best practices.

StaySafeOnline:

A resource by the National Cyber Security Alliance, providing tips, resources, and educational materials.