Can You Avoid Phishing?

1. Now who may be the targets of phishing attacks?

Corporations

Specific social circles

You

Everyone

Spear phishing target specific groups of people but other phishers phish for information in the whole sea that is internet so everyone could be affected by it.

Explanation

Spear phishing target specific groups of people but other phishers phish for information in the whole sea that is internet so everyone could be affected by it.

2. You probably have used or at least seen Facebook. Is this the real Facebook?

Yes

No

The URL is not facebook.com. It doesn't use SSL connection. There is no padlock icon in the address bar. There is a yellow header in the website that doesn't exist on the real website.

Explanation

The URL is not facebook.com. It doesn't use SSL connection. There is no padlock icon in the address bar. There is a yellow header in the website that doesn't exist on the real website.

3. And the last question... Another email from PayPal. Is it real?

Yes

No

The sender is clearly not from PayPal. The paypal part of the email is only a subdomain of fvdd.co.uk Such companies as PayPal never address their users as "User", they use real names. The link also leads to the same fake subdomain of fvdd.co.uk

Explanation

The sender is clearly not from PayPal. The paypal part of the email is only a subdomain of fvdd.co.uk Such companies as PayPal never address their users as "User", they use real names. The link also leads to the same fake subdomain of fvdd.co.uk

4. Now you need to check your Gmail. Are you at the right place?

Yes

No

Website uses SSL connection. Padlock icon is present at the address bar. Link leads to the same domain.

Explanation

Website uses SSL connection. Padlock icon is present at the address bar. Link leads to the same domain.

5. Phishing is a way of attempting to acquire information. What information does it try to acquire?

Usernames and passwords

Credit card details

Social security numbers

Other personal details

While some phishers phish for specific information others might make use of any personal information.

Explanation

While some phishers phish for specific information others might make use of any personal information.

Submit

6. Some people say you that they can tell which website is secure just by looking at it. Which visual clues in a website can be trusted to identify a real website?

Company logo

Seal of a Certificate Authority

Style of the email

None of them

It is impossible to tell if a website is legitimate just by look and feel, since more advanced phishing attacks use website clones that are identical to the originals. So the only way to check if it is legitimate is to look at the security indicators in the browser.

Explanation

It is impossible to tell if a website is legitimate just by look and feel, since more advanced phishing attacks use website clones that are identical to the originals. So the only way to check if it is legitimate is to look at the security indicators in the browser.

7. Lets check if you can spot a legitimate URL. Which of these links would lead to Google account settings?

Google.com.accounts.com

Accounts.google.com

Google.accounts.com

Accounts.com/google

Google-accounts.com

Only one of the addresses is in the Google domain the other are subdirectories of accounts.com or a completely different website - google-accounts.com

Explanation

Only one of the addresses is in the Google domain the other are subdirectories of accounts.com or a completely different website - google-accounts.com

8. People have different techniques of telling that a website is real. What is the most important thing to pay attention to when trying to determine if a website could be trusted?

Look and feel of the website

Noticing security indicators in the browser

The domain in the address bar seems to be legitimate

It has some links to real websites

Look and feel can be deceiving since it is possible to completely clone a legitimate website.
People use tricks to make their URL's look as close to the real ones as possible such as changing between l (lowercase L) I (capital i) 1 (one) or adding part to the URL that will redirect the user to a phishing site.
If a website has some links that lead to legitimate websites it doesn't mean that there isn't one link that will lead to a phishy place.
Security indicators in the browser are there for a reason, they give information about SSL connection and the Certificate Authority. This information should be sufficient to find a legitimate website.

Explanation

Look and feel can be deceiving since it is possible to completely clone a legitimate website.
People use tricks to make their URL's look as close to the real ones as possible such as changing between l (lowercase L) I (capital i) 1 (one) or adding part to the URL that will redirect the user to a phishing site.
If a website has some links that lead to legitimate websites it doesn't mean that there isn't one link that will lead to a phishy place.
Security indicators in the browser are there for a reason, they give information about SSL connection and the Certificate Authority. This information should be sufficient to find a legitimate website.

9. There are many techniques of masking fake URL's to look as legitimate as they can. Which of these links could be unsafe?

The domain part looks legitimate but the rest of it is some strange symbols and numbers.

An IP address is given instead of an URL

It has @ ([email protected]) symbol in the URL

There is a port switch (example.com:8034) at the end of the URL

Phishers can use binary encoding to hide parts of the URL that they don't want for the user to see.
Everything before @ symbol is omitted so only the part after it is important and this may be used to trick people.
Some companies even have redirects to phishing websites on their servers(!) the only thing you need to do to access it is to change the port you are connecting through.
IP addresses cannot be trusted unless you really know where that IP leads to.

Explanation

Phishers can use binary encoding to hide parts of the URL that they don't want for the user to see.
Everything before @ symbol is omitted so only the part after it is important and this may be used to trick people.
Some companies even have redirects to phishing websites on their servers(!) the only thing you need to do to access it is to change the port you are connecting through.
IP addresses cannot be trusted unless you really know where that IP leads to.

Submit

10. You've got this email... Is it legitimate?

Yes

No

The sender is from the known senders list. The link leads to legitimate website. There is information about how to avoid phishing so the user could always contact PayPal and check if this email is legitimate.

Explanation

The sender is from the known senders list. The link leads to legitimate website. There is information about how to avoid phishing so the user could always contact PayPal and check if this email is legitimate.

11. Your browser tries to help you detect fraudulent websites. Which indications in the browser indicate that the site is secure?

Https:// protocol in the adress bar

Padlock icon in the website itself

Padlock icon in the browser status bar

Link to a trusted Certificate Authority in the page

Trusted Certificate Authority indication in the browser

https show that we have a secure SSL connection.
Padlock icon in the browser usually means that we're securely connected and it additionally may mean the certificate supplier is trusted which is also a reliable source of legitimacy.
However we shouldn't trust anything that is in the email itself since it can be easily forged.

Explanation

https show that we have a secure SSL connection.
Padlock icon in the browser usually means that we're securely connected and it additionally may mean the certificate supplier is trusted which is also a reliable source of legitimacy.
However we shouldn't trust anything that is in the email itself since it can be easily forged.

Submit