WIXLIB

Don’t take the bait

DISCLAIMERReference to any specific commercial product, process or service bytrade name, trademark, manufacturer, or otherwise, does not constituteor imply its endorsement, recommendation or favour by CPNI. The viewsand opinions of authors expressed within this document shall not beused for advertising or product endorsement purposes.To the fullest extent permitted by law, CPNI accepts no liability for anyloss or damage (whether direct, indirect or consequential, and includingbut not limited to, loss of profits or anticipated profits, loss of data,business or goodwill) incurred by any person and howsoever causedarising from or connected with any error or omission in this document orfrom any person acting, omitting to act or refraining from acting upon,or otherwise using the information contained in this document or itsreferences. You should make your own judgment as regards use of thisdocument and seek independent professional advice on your particularcircumstances. Crown Copyright 2017

3INTRODUCTIONThis quiz has eight example messages. Foreach, you must decide whether you think it isgenuine by selecting ‘real’ or an example ofphishing by selecting ‘phish’.The answers are provided towards the backof this booklet. Give yourself one point foreach correct answer. Turn to page 21 todiscover what your results mean.HINT: CPNI’s ‘Don’t Take The Bait!’animation and infographic providesinformation that may help you to spotphishing attempts.WHAT IS PHISHING?Phishing is when an attacker looks toexploit a user in order to bypass securitymeasures, via an electronic communication,e.g. an email.WHAT IS SPEAR PHISHING?Spear phishing is a targeted type ofphishing. An attacker finds out informationabout an individual which allows them totailor their attacks and appear trustworthyin an electronic communication.

4EXAMPLE 1Home Foods (do not reply@points.homefoods.co.uk)Weds 29 March 2017 12:25:55 0200We are giving away free Home Foods giftsDear Luke,This spring, Home Foods are celebrating our 10th anniversary. In celebrationof this we are giving away a limited number of free Home Foods gifts - allyou have to do is register your details and tell us your favourite Home Foodstore!To register for your free gifts now, click HERE.Sincerely,Home Food Customer ServiceCopyright 2016 Home Foods. All Rights Reserved.Reply

5EXAMPLE energyorg.co.ukDesign files as requestedCSAXDLodNTJkyuX9LCyzz3LBTZTcsq1 NamdfSQ@mail.comThis message has been held to queue “Unknown Filetype”Reasons for this are indicated below.Attachment 3 “BOOKLET FINAL.indd”, identified as ‘(Minimum strength)(strength Implied:0)’: The attachment is of an unspecified data type‘unidentified’.Please contact the IT Service Desk for further assistance.Reply

6EXAMPLE 3“Alpha Express” AlphaExpress@welcome.aexp.comSecurity Concern on Your Alpha ExpressDear Customer:We are writing to you because we need to speak with you regarding asecurity concern on your account. Our records indicate that you recentlyused your Alpha Express card on April 29, 2017.For your security, new charges on the accounts listed above may bedeclined. If applicable, you should advise any Additional Card Member(s) onyour account that their new charges may also be declined.To secure your account, please log in at:http://alphaexpress.comYour prompt response regarding this matter is appreciated.Sincerely,Alpha Express Identity Protection TeamPlease do not reply to this e-mail. This customer service e-mail was sent to you by AlphaExpress. You may receive customer service e-mails even if you have unsubscribed frommarketing e-mails from Alpha Express.Reply

7EXAMPLE 4On 12 May, 2017, you removed a card ending 356 from your NetworkPayaccount.Any payments you authorised on the card before 13 May will be completed;however, no new payments will be processed on this card.Didn’t make this update?If you didn’t make this change, log into your NetworkPay account and reviewyour information as soon as possible. If you notice any unusual activity,please contact our help centre immediately. The details are available on ourwebsite.Thanks,NetworkPayReply

8EXAMPLE 5Federal Trade Council [mailto: ftc.ivRY9@ftcc.gov.uk]03 January 2017 15:07Jones, AmalCONSUMER COMPLAINT NOTIFICATIONDear Amal,This notification has been sent to you because we have received a consumercomplaint, claiming that your company is violating the CCPA (ConsumerCredit Protection Act).According to our policy we have initiated a formal investigation beforetaking legal action.You can download the document containing the complaint and the plaintiffcontact information from:https://ftcc.gov/download.asxp?complaint id 4306534Note that Adobe Reader must be installed on your computer.Please take a moment to read the bolded section in the complaint,regarding the CCPA complaint.Regards,Federal Trade CouncilReply

9EXAMPLE 6fayU16@email.com19 June 2017 13:20Anna KingHi Anna,I saw your recent presentation at the Green Energy UK conference. I haveattached a new research paper that you may find interesting.It hasn’t yet been published!Regards,Report green energy.docxReply

10EXAMPLE 7“HR Pay and Reward” HRPR@watercompany.co.ukHR Latest- PAY DEAL 17/18Dear employee,We are writing to you following the conclusion of the provisionalnegotiations regarding pay increases for the financial year 17/18.Given the current financial climate we are pleased to announce that we havesuccessfully negotiated improved salary ranges for each grade.For further details of the new ranges and for information as to how thesechanges may affect you, please refer to the HR pages.Kind regards,HR Pay and RewardNorthington House Estate@watercompanyhttp://intranet/HRPRReply

11EXAMPLE 8ops v #387562.ZIP(82kb)Dear accounts department,Please find attached your invoice for review. If you have any queries pleasecontact your ADX team on the number provided in your invoice.Important: do not reply to this email as this inbox is not monitored.Please pay this invoice at your earliest convenience to avoid additionalcharges.Thank you for choosing ADX,ADX TeamReply

12TURN THE PAGE FOR QUIZ RESULTS!

13EXAMPLE 1Home Foods (do not reply@points.homefoods.co.uk)Weds 29 March 2017 12:25:55 0200We are giving away free Home Foods giftsDear Luke,This spring, Home Foods are celebrating our 10th anniversary. Incelebration of this we are giving away a limited number of freeHome Foods gifts - all you have to do is register your details and tellus your favourite Home Food store!To register for your free gifts now, click HERE.Sincerely,Home Food Customer ServiceCopyright 2016 Home Foods. All Rights Reserved.ReplyThe phisher may have details that theuser is a customer of Home Foods,and so the email may appear authentice.g. addressed to the user by name,including well known logos.Phishers may use images and detailsof popular events (e.g. sports) andreferences to reward (e.g. free gifts) toencourage a sense of curiosity to clickthe link.The misspelling of ‘Home Food’ inthe sign-off also suggests somethingmight be amiss, though do be wary thatspelling and typographical mistakesoccur in real emails, too.

14EXAMPLE energyorg.co.ukDesign files as requestedCSAXDLodNTJkyuX9LCyzz3LBTZTcsq1 NamdfSQ@mail.comThis message has been held to queue “Unknown Filetype”Reasons for this are indicated below.Attachment 3 “BOOKLET FINAL.indd”, identified as ‘(Minimum strength)(strength Implied:0)’: The attachment is of an unspecified data type‘unidentified’.Please contact the IT Service Desk for further assistance.ReplyThis is an automated notification that anattachment meant for the user has notpassed the technical controls of the emailsystem, e.g. it is a banned file type.The user is not being encouraged torespond to the message directly. This maybe an indication that a message is notsuspicious, although more sophisticatedapproaches may only ask a user torespond after a series of communications.The correct action here would be for theuser to consider whether the sender isknown to them and whether they wereexpecting the attachment. The user couldcontact their IT service desk (using theorganisation’s usual method) to checkwhether the attachment can be retrievedsecurely.

15EXAMPLE 3“Alpha Express” AlphaExpress@welcome.aexp.comSecurity Concern on Your Alpha ExpressDear Customer:We are writing to you because we need to speak with youregarding a security concern on your account. Our recordsindicate that you recently used your Alpha Express card on April29, 2017.For your security, new charges on the accounts listed above maybe declined. If applicable, you should advise any Additional CardMember(s) on your account that their new charges may also bedeclined.To secure your account, please log in at:http://alphaexpress.comYour prompt response regarding this matter is appreciated.Sincerely,Alpha Express Identity Protection TeamPlease do not reply to this e-mail. This customer service e-mail was sent toyou by Alpha Express. You may receive customer service e-mails even if youhave unsubscribed from marketing e-mails from Alpha Express.ReplyThe ‘Alpha Express Identity ProtectionTeam’ suggests authority with the subject;the user may feel that they have a lowerunderstanding of identity protection.The user may feel pressured to respondquickly to the email to reduce negativeimplications, e.g. declined charges or lossof access to their credit card.The phisher has provided a way out for theuser, by following the link to ‘secure theiraccount’.Busy or distracted users, or thoseunfamiliar with the way their card providerusually communicates, may be tempted toclick the link.

16EXAMPLE 4On 12 May, 2017, you removed a card ending 356 from your NetworkPayaccount.Any payments you authorised on the card before 13 May will be completed;however, no new payments will be processed on this card.Didn’t make this update?If you didn’t make this change, log into your NetworkPay account and reviewyour information as soon as possible. If you notice any unusual activity,please contact our help centre immediately. The details are available on ourwebsite.Thanks,NetworkPayReplyThis email is an example of how agenuine company may notify a customerthat there have been changes to theiraccount. The message does not requestthat the customer responds by clickinga link or opening an attachment. Itmakes no request for the customer toprovide personal details to the emailsender directly, e.g. account numbers orpasswords.If the user is suspicious they are able tovisit the usual website of the companyand do their own research rather thanfollowing a link suggested in the email,which could be spoofed.