Module 1: Detecting Phishing

Course 2: Threat Detection & Response

Progress: Module 1 of 2

🎣 Detecting Phishing Attacks

Phishing is the #1 cybercrime, with over 300,000 victims in 2023 alone. These deceptive messages trick people into revealing passwords, credit card numbers, and other sensitive information. Learning to spot them is critical.

⚠ The Threat: The FBI reports phishing was the most common cybercrime in 2023, with losses exceeding $52 million. The Anti-Phishing Working Group found phishing attacks increased by 150% since 2019.

What is Phishing?

Phishing is a social engineering attack where criminals impersonate legitimate organizations to steal your information. Attacks come via:

Common Phishing Tactics

8 Red Flags to Watch For

1. Suspicious Sender Address

Check carefully—phishers use addresses that look similar but contain subtle differences.

Legitimate: support@amazon.com
Phishing: support@amazn.com, support@amazon-security.com

2. Generic Greetings

Legitimate companies address you by name. Phishing uses "Dear Customer" or "Hello User."

3. Spelling/Grammar Errors

Professional organizations proofread. Multiple typos are a red flag.

4. Suspicious Links

Hover over links (don't click!) to see the real URL. Phishing links lead to fake websites.

5. Urgent Language

Phishers create artificial urgency to pressure you into acting without thinking.

6. Requests for Personal Info

Legitimate organizations NEVER ask for passwords, SSN, or credit cards via email/text.

7. Unexpected Attachments

Attachments from unknown senders can contain malware or viruses.

8. Mismatched URLs

Check if the domain matches the company. Look for misspellings or unusual extensions.

What to Do If You Receive Phishing

✓ Safe Actions:
  1. Don't click links or download attachments
  2. Don't reply to the message
  3. Verify independently—call the company using their official number
  4. Report it to spam@uce.gov and reportphishing@apwg.org
  5. Delete the message
  6. Mark as spam in your email client

If You Clicked a Phishing Link

  1. Disconnect from the internet immediately
  2. Change your passwords on a different device
  3. Enable two-factor authentication
  4. Run antivirus scans
  5. Monitor your accounts for suspicious activity
  6. Contact your bank if you provided financial info

Test Your Knowledge

📝 Module 1 Quiz

Test your phishing detection skills. You need 4/5 to pass.

Question 1: What was the most common type of cybercrime in 2023?

Question 2: Which email address is most likely phishing?

Question 3: True or False: Legitimate companies will ask for your password via email if there's a security issue.

Question 4: What should you do FIRST if you receive a suspicious email?

Question 5: What is "smishing"?

← Back to Course Overview