Spot a spoof!

Ghosty has broken into your inbox. Now you

have to stamp him out.

He isn’t that difficult to spot.

We have a bag full of tricks to help you find him.

Hover over the “From” field in your mailbox

• Probably the easiest way to identify whether an email is legitimate or not, is to simply hover your mouse arrow over the name in the “From” column.

• By doing so, you will be able to tell if the actual email address and the sender name match.

• For example, an email from Match.com should typically come from “match.com” (not “motch.com” or “humbletemper.com”).�

Trick 1

Tell a Ghosty by his grammar or rather the lack of it

• A common practice of many hackers is to use misspelled words on purpose.

• While it may seem that this would easily reveal an illegitimate email, it is actually a tactic used to find less savvy users.

• Spammers have learned that if they get a response from a poorly written email, they are on to an easy target and will focus their efforts to bring that user down.

Trick 2

Welcame to my world!

Plain text or no logos on the email

• Most legitimate marketing/blast email messages will be written with HTML and will be a mix of text and images.

• A typical phishing email may show an absence of images, including the lack of the company’s logo.

• If the email is all plain text and looks different than what you’re used to seeing from that sender, it is best to go with your gut feeling and report the message to the security team.

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Donec a ligula id lorem finibus facilisis luctus et elit.

Suspendisse tincidunt ipsum sapien, auctor feugiat sapien

sagittis eget. Suspendisse vitae turpis ac orci gravida

venenatis. Mauris diam ex, pharetra id scelerisque non,

Trick 3

An image is worth a thousand words

• All image in the e-mail body and no text makes Ghosty a dumb boy.

• Having just an image in the email body is a common practice of many spammers. Make sure the email is a good mix of text and images.

• Also, there may be embedded links for you to hover over within the image as an extra precaution.

Trick 4

Ghosty is getting creepy - asking you for personal information

• In common phishing attacks, the sender will seek to know your personal information.

• This is the kind of information that is unique to you, and can be used to identify you and used for harmful intentions

• E.g. asking you to provide and/or update your personal information about an account (e.g. Social Security number, bank account details, account password).

Trick 5

What‛s your

full address?

Where do you bank?

Please confirm your mother's maiden name

Hey! Can

I have

your n

umber?

Attachments that you wouldn’t/shouldn’t trust

• The majority of financial institutions or retailers will not send out attachments via email, so ask yourself if this is unusual and be careful about opening any attachments from senders or messages that seem suspicious.

• High risk attachments file types include: .exe, .scr, .zip, .com, .bat.

Trick 6 Guess what?!

I got a lot of great catches at multi-nationals by asking a line manager to fill out their headcount in an excel file and returning it to HR. When they opened the file, I took over their computer! $$$$!

P.S. they should have hovered to check the sender!

Hey, but it sounds urgent/too good to be true

• If an email seems too good to be true, it most likely is.

• Be cautious with any message offering to make you a winner or place money into your bank account by simply “clicking here”.

• Also, if the content places any kind of urgency as far as “you must click into your account now”, it is most likely a scam and should be marked as “junk”.

Congratulations! You have won.

10,00,000

Trick 7

Is your email address listed as the ‘From’ address?

• Now no one sends emails to themselves unless they are sending a test mail that is.

• If you notice that your email address is being identified as the From address, this is a sign of a fake email message.

• You may see “undisclosed recipients” and this is something to keep an eye on as well. It could be a valid send, but double check by using the other tips identified in this guide.

Trick 8

5

2

1

3

4

#MustDo

Lock Your Device

Be Mindful of your Surroundings

Challenge Poor Security Behaviour

Clear Your Desk

Protect your work online

and before we say it’s

a wrap

Bye bye, Ghosty!