<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_PM_001+course+type@vertical+block@5323bbaf3a4d42fc9c60c33801fe4666" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_PM_001+course+type@html+block@a0097c6117714131b4d3f8fd13db7ec7">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_PM_001+course+type@html+block@a0097c6117714131b4d3f8fd13db7ec7" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>Identifying phishing attacks is the best way to avoid them - but there are a number of other things you can do that can <strong>prevent phishing attacks from being successful</strong>.</p>
<p>This module will look at:</p>
<blockquote>
<ul>
<li>How to strengthen your digital environment against phishing attacks</li>
<li>What to do once you’ve identified a phishing attack</li>
<li>What to do if you’ve been phished and entered information in a fake website</li>
<li>What to do if you’ve clicked on a malicious link or opened a malicious document</li>
</ul>
</blockquote>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_PM_001+course+type@vertical+block@53af452beba84119a3f94ee8486d396f" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_PM_001+course+type@html+block@381476d1a10d40ecafb313549410bc3e">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_PM_001+course+type@html+block@381476d1a10d40ecafb313549410bc3e" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p><strong>Prevention is better than cure</strong>, as they say - and in this case, prevention is not just about being able to identify phishing attacks; it’s also about having good digital hygiene practices. </p>
</div>
</div>
<div class="vert vert-1" data-id="block-v1:Totem+TP_PM_001+course+type@problem+block@f9464891eff34952a7ed49dbc72db0e0">
<div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:Totem+TP_PM_001+course" data-block-type="problem" data-usage-id="block-v1:Totem+TP_PM_001+course+type@problem+block@f9464891eff34952a7ed49dbc72db0e0" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="True">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Quiz is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
<div class="vert vert-2" data-id="block-v1:Totem+TP_PM_001+course+type@html+block@6505811f7a044ea78b2c958d3d8245e6">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_PM_001+course+type@html+block@6505811f7a044ea78b2c958d3d8245e6" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>If you want to learn more about these and other good digital hygiene practices, enroll in Totem’s course on <a href="https://learn.totem-project.org/courses/course-v1:Totem+TP_SP_001+course/about" target="_blank">Secure Passwords</a>, and explore our recommended guides and tutorials at the end of this course.</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_PM_001+course+type@vertical+block@a8fdb602b6be4044aa00f0753fe95cad" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_PM_001+course+type@html+block@6569a730afae48eb8b3038478f11f248">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_PM_001+course+type@html+block@6569a730afae48eb8b3038478f11f248" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>If you’ve detected a phishing attempt and avoided clicking a malicious link, good job! But there are a few things that you still need to do.<br /><br /><strong>Notify - Report - </strong><strong><strong>Delete </strong></strong></p>
<blockquote><ol>
<li><strong>Notify</strong>. Let your contacts and/or your colleagues know about the attempt, and warn them to be mindful. Though some phishing attacks are targeted (See Module 2 - When phishing gets personal) most are indiscriminate; cast wide like a fishing net.</li>
<li><strong>Report</strong>. There are a number of ways to report phishing attacks (see the Tip below). Reporting might take a little bit of your time, but it can result in the link being suspended, or the attacker’s email address or social media account being blocked. This will help prevent others from being phished, as well as help experts and platforms to recognise patterns and mitigate phishing attacks.</li>
<li><strong>Delete</strong>. Delete the email and empty your trash folder. In some cases, you might need to document the email for reporting purposes; consider taking a screenshot of it (and if you are going to share this screenshot, remember to hide your personal details, like your name and email address).</li>
</ol></blockquote>
<p></p>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;">
<p><strong>Tip:</strong></p>
<p><strong>Where can you report a phishing incident?</strong></p>
<p>Many commercial platforms have dedicated pages for this - you can find these by searching “[name of the platform]” and “report a phishing attack”. You can report a phishing page to Google Search, and if the email or message was sent from a commercial platform, you can report the email address or username to that platform as a fraudulent account.</p>
<p><strong>How to verify if it is a phishing attempt?</strong></p>
<p>Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community on Virus Total: <a href="https://www.virustotal.com/" target="_blank">https://www.virustotal.com/</a></p>
<p>Amnesty International offers journalists, activists, and human rights defenders the ability to submit suspicious emails to the email address <a href="mailto:share@amnesty.tech" target="_blank">share@amnesty.tech</a> for analysis and support.</p>
</section>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_PM_001+course+type@vertical+block@f8187226ca3b41af8cb28f8684469e9e" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_PM_001+course+type@html+block@c6baf2ab6c30463787a2907dbe863566">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_PM_001+course+type@html+block@c6baf2ab6c30463787a2907dbe863566" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>First and foremost, Do Not Panic. Phishing attackers depend on impulsive human reactions (hence their use of urgency as a tactic). Now is the time to stay calm, and do as much damage control as you can. What action you need to take will depend on the type and objective of the phishing attack; but here are some best-practice steps. <br /><br /><strong>If you have clicked on a phishing link</strong> and entered your login details or credit card information into a fake website:</p>
<blockquote><ol>
<li>As mentioned already - Do Not Panic</li>
<li>Use a different device (if possible) to log into your compromised account and change your password. If not possible, use the same device</li>
<li>If you entered your credit card information into the phishing page, cancel your card and notify your bank. Where possible, also put a “fraud alert” on your account</li>
<li>If the phishing attack targeted a service provided by Google, Facebook, Twitter or Whatsapp, go to the settings of your account and log out of this account on all connected devices. If you are also using this account (e.g. Gmail or Facebook) to log into other accounts, temporarily remove these accounts’ access as well</li>
</ol>
<blockquote>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;">
<ul>
<li><strong>Gmail</strong> > go to myaccount.google.com and log in > go to Security > Third Party Apps with Account Access and select “Manage Third-Party Access” > remove access by third parties</li>
<li><strong>Facebook</strong> > login > go to Settings > Apps > select the apps you want to remove third party access from > select the app and then select “Remove”</li>
<li><strong>Twitter</strong> > login > go to Settings > Apps & Devices > remove access by third party apps and devices</li>
<li><strong>Whatsapp</strong> > open Whatsapp > <a href="https://faq.whatsapp.com/an/web/26000018/" target="_blank">Go to Settings</a> > select Whatsapp Web > select “Logout from all computers”</li>
</ul>
</section>
</blockquote>
<ol start="5">
<li>If possible, go to the settings of your account and check that the attacker hasn’t entered a strange email address in the auto-forwarding section (email), or changed the phone number or secondary email address the platform uses to verify your account. (If the attacker has entered a different email address or phone number here, they can use this to change your password again, and lock you out of your account)</li>
<li>Check that the attacker has not tried to reset the passwords of other accounts linked to your email address (your primary email address is often the way in which services verify it is you, and enable you to reset your password). You can do this by looking closely at the emails you have received since being phished. Are there any “password reset” emails there? Don’t forget to check the Trash! </li>
<li>If you use the same login details for multiple accounts, change the passwords for each of these accounts as well</li>
<li>Let your contacts and colleagues, or your workplace, know you have been phished, and ask them to be mindful</li>
<li>If the attack was targeted (“spear phishing”) - for example, if your organisation has its own email infrastructure and the attack mimicked this - inform the person in the organization who is responsible for IT infrastructure or organizational security</li>
<li>Assess the damage; if possible with the help of a trusted person who will help you think calmly. What information has been compromised? What could someone do with this information? How can you control the damage, or render the information they have useless? (e.g if they got your password, by changing the password and logging out of all devices)</li>
<li>If you’ve been logged out of a Google, Facebook or Twitter account, reach out to the platform. The company might be able to restore your access to your account</li>
<li>If everything else fails, you can reach out to - among others:</li>
</ol>
<blockquote>
<ul>
<li><a href="https://www.accessnow.org/help/" target="_blank">Access Now Helpline</a></li>
<li><a href="https://www.digitaldefenders.org/" target="_blank">Digital Defenders</a></li>
</ul>
</blockquote>
</blockquote>
<p></p>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;"><strong>Tip:</strong> Print this <a href="/assets/courseware/v1/79e4df6e1cf00b179bd5fe7d39cbdaaf/asset-v1:Totem+TP_PM_001+course+type@asset+block/TP_PM_001_PhishingActionCard_Link.pdf" target="_blank">Phishing Action Card</a> and hang it near your computer in the office and at home. In the unfortunate event that you get phished, it will be in close reach.</section>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_PM_001+course+type@vertical+block@d77d4e6797e94575b2c29c3c8af9b9d1" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_PM_001+course+type@html+block@7d99fe832dfe4c1495d5171dce92fc33">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_PM_001+course+type@html+block@7d99fe832dfe4c1495d5171dce92fc33" data-request-token="4907183ea05811eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>If you have clicked on a link or opened a document, and you are afraid you <strong>downloaded and installed a virus</strong>:</p>
<blockquote><ol>
<li>Do Not Panic.</li>
<li>If possible, take the device you think is infected offline (i.e. disconnect from the internet)</li>
<li>Assess the damage. Do you still have access to the device, or are you locked out (by ransomware)?</li>
<li>If possible, contact a digital security expert. This could be your organization’s IT person, or a local IT specialist. If you don’t know anyone, ask around in trusted network</li>
<li>If you still have access to your device, run your antivirus scanner and if possible ask a trusted IT person for help. Your IT person can help you run this malware scanner, <a href="https://www.virustotal.com/" target="_blank">Virus Total</a></li>
<li>If you no longer have access to your device, ask your IT person to wipe your device and restore your latest backup (yes, another good reason in the long list of excellent reasons to regularly backup your devices)</li>
<li>Tell your contacts and colleagues, or your workplace, that you have been phished, and that attackers could possibly have accessed information</li>
<li>Asses the damage; if possible with the help of a trusted person who will help you think calmly. What information was compromised? What could someone do with this information? How can you control the damage, or render the information they have useless? (e.g if they got your password, by changing the password and logging out of all devices)</li>
<li>If all else fails, you can reach out to - among others:</li>
</ol></blockquote>
<blockquote>
<blockquote>
<ul>
<li><a href="https://www.accessnow.org/help/" target="_blank">Access Now Helpline</a></li>
<li><a href="https://www.digitaldefenders.org/" target="_blank">Digital Defenders</a></li>
</ul>
</blockquote>
</blockquote>
<p></p>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;"><strong>Tip:</strong> Print this <a href="/assets/courseware/v1/93edfe73dc4d25190540f2b96fb4ecfd/asset-v1:Totem+TP_PM_001+course+type@asset+block/TP_PM_001_PhishingActionCard_Virus.pdf" target="_blank">Phishing Action Card</a> and hang it near your computer in the office and at home. In the unfortunate event that you get phished, it will be in close reach.</section>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>