This is a quick tutorial I made for my staff.
Users have been getting a large amount of spam lately (most of which results from phishing scams).
This small presentation will hopefully serve as a quick visual tutorial for recognizing the good from the bad, and more importantly how to tell if a trusted sender has been compromised.
Recognize spam email (even if you trust the sender)
1. KNOW YOUR EMAIL
SPAM
A Guide to Avoiding CompromisingYour Email Account
Tuesday, February 25, 14
2. SPAMMY EMAIL
A message arrives like this, from a trusted source..
Tuesday, February 25, 14
3. THE GIANT RED FLAGS
The Click Here link is red flag #1
The disclaimer is red flag #2
Is it written in your friend’s voice? No? Red flag #3
Tuesday, February 25, 14
4. WHATTO DO?
DO NOT “Click Here”
Respond to the sender letting them know they’ve been compromised, suggest they change their
password
Delete the email - simply opening the email is fine, you are not compromised for getting it
Tuesday, February 25, 14
5. HOW DOYOU KNOW IT’S BAD?
Here is what it looks like if you clicked on the link...
Looks ok?
Look at the address in the address bar...
Tuesday, February 25, 14
6. GIANT RED FLAG
Never sign in to a site who’s address looks like this
.ru if Russia’s country code, Russia is a hotbed of hackers/spammers
Tuesday, February 25, 14
7. WHAT IS A SAFE ADDRESS?
The lock means the site is secure
The “s” in https means the site is secure
The fact google.com is in the address means it is the right place
Tuesday, February 25, 14
8. BAD LOGIN SCREEN
Look at the bad grammar in the opening line
Tuesday, February 25, 14
9. PROPER LOGIN SCREEN
Every Google address will take you to the same screen
A proper Google sign-in page will always look like this
Tuesday, February 25, 14
10. EVEN IFYOU ARE GAFE
GAFE (Google Apps for Education)
If your domain has a specific login address (ie: mail.ps10.org) you will still get the standard
Google screen but with the added pop-up regarding your domain
Tuesday, February 25, 14
12. GOOD!
This is what a proper screen & address looks like
Tuesday, February 25, 14
13. HOWTHIS WORKS
• These spammer/hacker email links work like this:
• they direct you to their site
• you “sign in” giving them your username & password
• they now have access to your account
• they use your address book to send more spam
Tuesday, February 25, 14
14. KEEP IN MIND
• Remember:
• no harm in getting the email
• no reputable email will ever say “click here and enter your
password”
• never enter your password on an untrusted site
• verify the site by looking at the address bar
Tuesday, February 25, 14
15. IFYOU DO GET
COMPROMISED
• It happens, no one is completely immune
• Log in to your service at the main address (gmail.com,
yahoo.com, etc)
• Change your password immediately
• Send an email to your contacts letting them know you were
compromised, to ignore the spammy email from your
account, and suggest they change their passwords too
Tuesday, February 25, 14
16. Created by Mr. Casal, 1/2014
CREDITS
Created by Chris Casal
ComputerTeacher,Technology Coordinator, and PS10.org Google Apps Administrator
PS10 - 15K010
ccasal@ps10.org / ccasal@schools.nyc.gov
@mr_casal
Tuesday, February 25, 14