Protecting Oneself from Malicious Online Encounters

Urgent Email or Text Message

Email From a Trusted Business Partner

You work in the finance department of a company and one day you get a message/email to urgently make a payment on behalf of the boss of the company. 

The question is should you do it and how to recognize whether it is a scam and legit?

In this WebQuest we will explore some of the common signs that something is a scam and how to avoid falling for it.

In groups:

  1. Personal experiences
  2. Exploring common phishing and scam techniques.
  3. What to look for, how to stop getting scammed
  4. Make a poster for the office with tips and tricks for keeping your data safe.
  5. What to do if you fell for a scam
  1. Most people know someone who was almost scammed or was the victim of a scam, maybe it was yourself or a friend. Make a list of how it changed your security awareness online or make a list of how you believe it could have been prevented.
  2. Check out some of the examples at this link, try to identify what they have in common, and what would tip you off that they are all phishing attempts. Knowing that all pictures are scam examples, are you at risk of falling for any of them? 50+ Phishing Email Examples – Common Types and Examples of Phishing (hooksecurity.co)
  3. Look at the resources below, are they identifying the same risk factors as you did in the examples from point 2?

7 Ways to Recognize a Phishing Email: Email Phishing Examples (securitymetrics.com)
How To Tell if Someone Is Scamming You Online (Examples) | Aura
Protecting Employees from Phishing Emails – YouTube

Do you believe the method described in the below YouTube video is good for protecting you? Give examples of why it would or would not work for you, maybe an adapted form would work better.
https://www.youtube.com/watch?v=yxlR1st8QKI

4. Now that you have been through your own experiences as well as resources on protection, it is time to share your knowledge. Make a poster with tips on how to prevent falling for a scam.

Poster Basics – How to Create a Research Poster – Research Guides at New York University (nyu.edu)

5. The final step and just as important as recognizing a scam is knowing what to do if you, a colleague, or someone you know falls victim to a scam. 

6 steps to take after falling for an email scam or phishing – Gatefy
How to Make a Poster: Beginner’s Design Guide (& Templates) (visme.co)

Knowledge:

  • Be aware that not all emails are safe.
  • Awareness of own practices.
  • Recognizing common scams and phishing attempts.
  • Knowing what to do if you fall victim to a scam.

Skills:

  • Thinking before entering personal or company data on a website

Attitudes:

  • Not judging people who become victims of scams.

Even emails appearing to be from trusted partners, or your boss can be a scam. Therefore, it is good to keep common signs of phishing and scam in mind when you get a message or an e-mail. 

When companies are attacked whether it is ransomware or viruses, the malicious software often gets into the company from employee’s email inboxes.

Security risks in emails take many forms from the ones meant to lure data from you to the ransomware which locks you out of computer systems and threatens businesses.

Being able to recognize malicious emails activity is important for everyone whether you are working in a corporation or using a personal email.

During this WebQuest you will learn about email safety and how to recognize malicious content.

In groups:

  1. Think about what precautions you already take.
  2. Research how you stay safe with emails, links, and attachments.
  3. Brainstorm on ideas for employee handbook about email safety
  4. Write a section about email safety for an employee handbook.
  1. You probably already know some security risks and take your precautions when dealing with your personal email. The first thing you should do is figure out what email security risks you know about and what you do to protect yourself from malicious emails. Write this down, as it will be useful in the next step.
  2. Now that you know what you do, it is time to do some research. In the resource links you can find information about different risks, please for now take a look at these resources and keep your own practices in mind:

https://www.techtarget.com/searchsecurity/tip/2019s-top-email-security-best-practices-for-employees
What is Email Spoofing & How to Protect Yourself? | Cybernews
The Truth About Clicking Links in Email and What To Do Instead « TipTopSecurity
https://www.youtube.com/watch?v=i_u0Si86NsU

3. In part 4 you will have to write a section for an employee handbook with tips for email safety and awareness of risk. In preparation, brainstorm on what the entry should contain and what kind of illustration it should have if any. If you need tips on brainstorming use these links:
https://www.ideou.com/blogs/inspiration/7-simple-rules-of-brainstorming
https://www.worldofinsights.co/2019/05/15-tips-for-better-brainstorming/

4. Based on the best ideas from the brainstorm, write an entry for the employee handbook about what the most common risks you should be aware of is, and what you can do to protect yourself.

https://grammar.yourdictionary.com/style-and-usage/what-is-effective-writing-communication.html
https://fellow.app/blog/productivity/how-to-improve-written-communication/

Knowledge:

  • Be aware that not all emails are safe.
  • Awareness of own practices.

Skills:

  • Be able to identify whether an email is likely to be secure.
  • Being able to advise others on best practices regarding email safety.

Online safety or security is relative to what risks you take. With this challenge we expect that you have gained increased awareness about email security as well as knowledge and skills to stay safe.