This is a quick tutorial I made for my staff.
Users have been getting a large amount of spam and phishing emails lately. This small presentation will hopefully serve as a quick visual tutorial for recognizing the good from the bad.
1. Updated by Chris. Casal, 4/2014
SNIFF OUT SPAM: IT’S PHISHY
A quick tutorial on differentiating between legitimate emails and
emails designed to steal your credentials & identity
Friday, May 2, 14
2. Updated by Chris Casal, 4/2014
PREFACE
Most email scams aren’t technical “hacking” in that they don’t gain illegal access to your
account. Rather, they are “phishing” scams, designed to get you to enter your username &
password on their site, essentially granting them access to your account
Friday, May 2, 14
3. Updated by Chris Casal, 4/2014
EMAIL #1
Friend of Foe?
Friday, May 2, 14
4. Updated by Chris Casal, 4/2014
EMAIL #2
Friend or Foe?
Friday, May 2, 14
5. Updated by Chris Casal, 4/2014
SIDE BY SIDE
Notice the similarities?
Notice the differences?
Friday, May 2, 14
6. Updated by Chris Casal, 4/2014
THE FOE -THE PHISHER
Scares you by threatening to restrict email access
Asks for name, email AND password - that’s a huge red flag!
Friday, May 2, 14
7. Updated by Chris Casal, 4/2014
THE FRIEND
An official email regarding your storage capacity
Does not ask for user information
Informs you of steps you should take
Friday, May 2, 14
8. Updated by Chris Casal, 4/2014
SIDE BY SIDE
Left = bad
Right = good
Friday, May 2, 14
9. Updated by Chris Casal, 4/2014
THE FOE -THE CLUES
The sender’s email is very odd & suspicious
They are asking for account security information
No legitimate email will ever ask you to “reply” or “click here” and provide your security information
Friday, May 2, 14
10. Updated by Chris Casal, 4/2014
THE FRIEND
Informs you of the issue
Gives you steps for corrective action
Never asks for personal information nor security access such as passwords
Friday, May 2, 14
11. Updated by Chris Casal, 4/2014
KEEP IN MIND
• Remember:
• no harm in getting the email
• no reputable email will ever say “click here and enter your
password” or “reply to with your password included”
• never enter your password on an untrusted site
• verify the site by looking at the address bar
Friday, May 2, 14
12. Updated by Chris Casal, 4/2014
IFYOU DO GET
COMPROMISED
• It happens, no one is completely immune
• Log in to your service at the main address (schools.nyc.gov,
gmail.com, yahoo.com, etc)
• Change your password immediately
• Send an email to your contacts letting them know you were
compromised, to ignore the spammy email from your
account, and suggest they change their passwords too
Friday, May 2, 14
13. Updated by Chris Casal, 4/2014
CREDITS
Created by Chris Casal
ComputerTeacher,Technology Coordinator, and PS10.org Google Apps Administrator
PS10 - 15K010
ccasal@ps10.org / ccasal@schools.nyc.gov
@mr_casal
Friday, May 2, 14