This exercise is published and managed by the Citizens Crime Commission and Carnegie Mellon University. We will not, sell, trade, rent, disclose or otherwise share your answers with third parties. All of the information that you provide will be treated as confidential and will only be used for research purposes. We do not use cookies on our website and we do not collect personal identifiable information such as names and birthdays. If you have questions, you can contact us at info@nycrimecommission.org

Phishing Prevention Tips

You have received an email from your bank informing you that there is an issue with your account. Here are some tips you can use to identify the legitimacy of the email.

Authority

Research has found that people tend to comply with requests from authority figures. Thus, phishing scams claim to be from a trusted source by using a corporate logo or name as the sender to attempt to create legitimacy and credibility.

Time Pressure

Phishing scams may request a rapid response to pressure users to act quickly, and decrease the time users have to uncover the scam.

Tone

Phishing scams often use a formal tone with a combination of persuasive and polite statements to influence user decision making. Examples include: polite salutations and closures (e.g., Dear, Thank you, Kind regards); trigger words (e.g., alert, warning, attention); and persuasion (e.g., upon verification, restrictions will be removed).

Fear

Phishing scams may prey on users' fear of something to manipulate them into acting. Cybercriminals may invoke fear by making threats (e.g., account restrictions) or leveraging current events (e.g., natural disasters, health epidemics, economic concerns, political elections, holidays).

This tutor was made possible through a collaboration between the following institutions.

To: Ashley [info@nycrimecommission.org]
From: NYC Bank [criminal@phishingscam.com]
Date: February 12, 2016
Subject: ALERT: Irregular Card Activity

Dear Ashley,

We detected irregular card activity on your NYC Bank Check Card on 1st February 2016.

As the Primay Contact, you must verify your account activity before you can continue using your card, and upon verification, we will remove any restrictions placed on your account.

To review you're account as soon as possible please:

Please click on the link to verify your information with us: http://www.nybank.com

If your account information is not updated within 24 hours then your ability to access your account will be restricted.

We appreciate your prompt attention to this important matter.

Question 1

Check the box next to the area(s) of the email that correspond to the authority of the sender.

Submit

Question 2

Does the sender of this email seem credible? Why or why not?

Submit

Question 3

Check the box next to the area(s) of the email that correspond to time pressure.

Submit

Question 4

Does the use of time pressure in this email make it more or less credible? Why?

Submit

Question 5

Check the box next to the area(s) of the email that attempt to invoke fear.

Submit

Question 6

Overall, would you consider this email to be a phishing scam?