securitycentre.culture.ai Open in urlscan Pro
3.10.28.111  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Email Phishing


YOU HAVE BEEN PHISHED!

The link that you have just clicked on was part of a simulated email phishing
assessment sent on behalf of your organisation.

This training module will help protect yourself and your organisation to prevent
these kinds of attacks.

Continue


WHAT IS EMAIL PHISHING?

Email phishing is a fraudulent attempt to gain access to sensitive information
by targeting you, the user. As an attacker, it can lead to a way of
infiltraiting
your organisation's systems without detection.

Back Continue



HOW COULD I HAVE SPOTTED THIS?

This email contains a few clues that you could have spotted; unveil these below.

Reveal Clue
Illegitimate domain
Reveal Clue
Link URL designation
Back Continue



WARNING!

You have clicked on a phishing link! Return to the training to see the correct
answer.

Return to safety


CHECK THE SENDER'S EMAIL ADDRESS

Does the sender's email address seem genuine?
Be particularly suspicious if the email comes from an unknown address with a
public domain such as Gmail or Hotmail. Sophisticated attacks my spoof genuine
business email addresses. Check the address closely and confirm it is correct
with no spelling differences.
Gain points by correctly identifying a legitimate Amazon email address and
continue to the next section.

Back Continue

Select the answer that you think is a genuine Amazon email address.


INCORRECT
If you look closely at the correct answer highlighted, you will notice that the
domain matches the official domain and doesn't contain any discrepancies.
CORRECT
That's right!
A
your-order@amazon-uk.com
B
order-update@amazon.com
C
shipping@amazon.net
D
amazon-order@deliveries1251.ie
E
order-update@amozon.com
F
amazon-delivery@hotmail.co.uk


BE CAUTIOUS OF LINKS

If an email contains a link, think before you click!

Hover over the link/button to check the URL. Does it show a different URL to the
one shown in the email, or does the URL direct to an unknown or illegitimate
domain?

Gain points by correctly identifying the legitimate Microsoft Office 365 link
and continue to the next section.

Back Continue

Hover over the buttons to reveal the link's URL. Select the button that you
think has a genuine Microsoft URL.


INCORRECT
If you are unsure of what the real URL should be, search for the legitimate
domain/webpage in your web browser.
CORRECT
That's right!
Sign in
Sign in
Sign in
Sign in
Sign in
Sign in


WARNING!

You are attempting to download an attachment from a phishing email! Return to
the training.

Return to safety


BE CAUTIOUS OF ATTACHMENTS

This email doesn't contain any links, but it does have an attachment. Ask
yourself the following questions:

 * Am I expecting this email?
 * Am I expecting to recieve this attachment?
 * Do I recognise the sender's email address
   ?

Knowing all this, what is the best course of action?

INCORRECT
If you're not expecting an email of this nature, and you don't recognise the
sender, report the email in order to stop the attack reaching other employees in
the future.
CORRECT
That's right!
A
Report the email
B
Delete the email
C
Open the attachment
D
Contact the sender
Back Continue
J
From: Josephine Richards <j.richards@gmail.com>
Subject: File for your attention
 Report
UPDATE.pdf
213.4 KB

Hi  Leszek,

Please find attached.

Kind regards,
Josephine

Sent from my iPhone


PHISHING EMAILS WITH CALLS TO ACTIONS

Phishing emails aren't just those that contain links or come with attachments.
In some cases, phishing emails request action from you. Here are three example
emails to demonstrate this kind of attack.

Example 1
Example 2
Example 3

The finance department receives these types of emails regularly and if the email
comes from a company your organisation uses the finance team could easily
mistake this as legitimate. No links or attachments would flag as suspicious,
but there is a request to act. If an email requires action - it requires further
investigation to confirm its legitimacy.

Physical entry allows an attacker to gain access to computer equipment and
systems. An attacker can deploy malware and keyboard loggers using USB or take
advantage of open network ports.

Replying to a phishing email could instigate a conversation and help an attacker
build rapport, leading to an illusion of legitimacy. Providing information such
as requested in the email could help attackers by providing them with a better
understanding of how to target you.

Back Continue
H
From:  Finance Team <finance@holepunchstationary.com>
Subject:   Payment due

Hi  Leszek,

Place could you process the below payment for the stationary order received this
week:

Amount: £865
Bank Name: Lloyds Bank
Sort Code: 12-34-56
Account Number: 81726354

Once processed, we will send receipt as confirmation of payment.

Melisa Brown,
Finance Department

Holepunch Stationary
J
From:   Finance Team <hr-department123@gmail.com>
Subject:   Payment due

Reception,

I have candidate, Craig Bennett, arrive for an interview tomorrow at 3pm, please
could you arrange for a meeting room for 2 hours and add him to the visitors
list?

Thanks,
Jane Wright
HR Department

Your Organisation


I
From:   Finance Team <mike.ohara@it-dept.com>
Subject:   Payment Due
All,

As part of our annual IT audit to ensure all are systems are up to date and are
running as efficiently as possible please could you provide us with the
following information:



 * Antivirus type?

 * Antivirus versison?
 * What browser do you currently use?

If you're unsure how to find any of this information, please don't hesitate to
reply to this email requesting a step-by-step guide.

Regards
Mike O'Hara
IT Technician
Your Organisation


REPORT IT

After using these clues to identify an email as suspicious, ensure you use the
reporting button. Reporting emails will help your organisations defend against
phishing attacks and protect other employees from clicking!

+50 credits

Back Finish
Feedback If you've got a minute, we'd really appreciate some feedback on the
module you just completed. How do you feel about this training?
Mostly Negative Mostly Average Mostly Positive
Thank you for your feedback! Your feedback is really important to us. Do you
have 2 minutes to provide us with some more detail?
No thanks Give detailed feedback
How do you feel about this content?
Mostly Negative Mostly Average Mostly Positive
How does this compare to training you've done elsewhere?
Mostly Negative Mostly Average Mostly Positive
How much do you agree with the statement I learnt something new
1 2 3 4 5 6
Strongly Disagree
Strongly Agree
Skip Feedback
Thank you! Your feedback is enormously helpful to us. Close