Skip to content

Phishing Awareness Toolkit

Image of a fish and fish hookMarch 2018

Materials in this toolkit are available to the entire UC community. Items marked "Grab-and-go" are intended to be quick and easy to use or customize (e.g. substituting a local URL and/or logo for the systemwide one provided). Additional materials are also provided for those looking for a wider variety from which to choose or modify.

For editable files beyond what is available here, please contact your Systemwide Information Security Awareness Workgroup rep(s), listed to the left. If your location isn't listed, please email Cecelia Finney at cecelia.finney@ucop.edu.

| Article | Posters | Videos | Quizzes | Informational Web Pages | Newsletters | Social Media Posts | Webinar |


Article: "Don't Let a Phishing Scam Reel You In". "Grab-and-go"

Cybercriminals use phishing—a type of social engineering—to manipulate people into doing what they want. Technology makes phishing easy. Setting up and operating a phishing attack is fast, inexpensive, and low risk: any cybercriminal with an e-mail address can launch one. Students, staff, and faculty have all suffered losses from phishing. Knowing what you're up against can help you be more secure. Here are a few things you can do to guard against phishing attacks... [More... See the full article]


Posters:

Click on thumbnail for full size flyer.

"Grab-and-go" Posters:
Note: Shark-and-penguin "Grab-and'go" posters have a customizable footer only. More flexible versions are available but require additional time/effort to customize.

Flyer: Always check before you click! Flyer: Hello? Who's Calling? Protect yourself from phone phishing. Flyer: How to spot a phishing email

*Best for online or presentation use.
Text may be small/dense for use as
a stand-alone flyer.


Additional Posters:

Flyer: Recognize the red flags. Don't be fooled by phishing scams. Flyer: One fish two fish, scammed fish duped fish. Don't get duped by a phishing scam.


(top of page)


Videos: (all closed captioned)

"Grab-and-go" Videos:

  1. Phishing/General Protection (STOP. THINK. CONNECT.) (1:16 min)
    • Some good tips that aren’t included in other videos, like how easy it is to replicate an organization's image/logo. Short and easy to follow.
  2. RBC Cyber Security - No Phishing! (Royal Bank of Canada) (2:15 min)
    • Humorous, well done video. A take on Norse mythology and gaming. Friends helping friends recognize what to do. Mentions the ‘s’ in https and how criminals are getting good at faking it. Highlights two common phishes.
  3. Protect Yourself from Phishing Attacks (UCSB) (0:55 sec)
    • Mirrors the main points from the above article.

Additional Videos:

  1. “Phishing E-Safe” (Univ of Michigan, 2013) (1:02 min)
    • Shows a real individual and her story. Convincing and engaging. From higher ed institution. Good for students.
  2. What does Phishing mean? (Decoded (a technology company)) (1:12 min)
    • Very short, fast audio, but lots of good information. For example, how phishing can lead to stealing confidential information at your company. Mentions password managers and two factor authentication. Could be effective for students.
  3. "Hang Up on Phone Fraud" (Federal Trade Commission) (3:08 min)
    • Examples of actual scams, including someone clicking on a link in email.
    • At just over 3 minutes, this video is a good candidate for an easy, short, view-and-discuss session.
    • Note: Points to FTC reporting channels and URLs.
  4. "Hang Up on Fraudulent Telemarketing" (FTC) (3:07 min)
    • Examples of actual scams. Second half (what to do) is the same as second half of "Hang Up on Phone Fraud" above. Same notes apply, though different examples are used.

(top of page)


Quizzes:

"Grab-and-go" Quiz:

Additional Quizzes:

  • FTC (Federal Trade Commission) phishing scams game. 5 question quiz. Well done; helpful information. Also available for download (click "Downloads" tab below the quiz).
    • Note: Promotes FTC reporting channels and URLs. Take this into consideration when choosing whether to use.
  • SonicWALL Phishing and Spam IQ Quiz. Fun, informative quiz to test how well you distinguish between email schemes and legitimate email. A little sales pitchy at the very end.

(top of page)


Informational Web Pages:

"Grab-and-go" Web Pages:

Additional Web Pages:

(top of page)


Newsletters:

"Grab-and-go" Newsletter:
SANS OUCH Newsletter on social engineering (from Jan 2017 but still "current")

Additional Newsletters:
SANS OUCH Newsletter: "Stop That Phish" (April 2018)
MS-ISAC/CIS newsletter: Identifying and Reporting Common Scams (July 2017)

(top of page)


Social Media Posts:

"Grab-and-go" Posts:

  • Never email confidential information to anyone. #Phishing
  • Hover to discover: Mouse over links in email to reveal their true URL. Avoid getting phished—no hook for you! #Phishing #CyberAware
  • “Verify your account by midnight or it will turn into a pumpkin!” Get a message urging you to take action? Delete it! #Phishing #CyberAware
  • Receive a suspicious email from a friend or colleague? Call them to ask if they really sent it. #Phishing #CyberAware

Additional Posts:

  • #Phishing attacks: Report phishy communications to your IT department.
  • Reputable institutions will never email you to confirm details of your account. #Phishing
  • Typos or other mistakes may indicate the email in question is a #Phishing attack.
  • Never give out information over the phone if you did not initiate the call. #Phishing
  • Be wary of links emailed or texted from unknown or unverified senders. Type the URL in your browser. #Phishing
  • Hover over links in messages to see where they truly lead. Better yet, type a known URL into your browser. #Phishing #CyberAware
  • Afraid you’ve fallen for a #phishing scam? Stop what you’re doing & change your password immediately! Then notify the Help Desk. #CyberAware
  • Posting personal information or travel details publicly provides fuel for scam artists. #Phishing #CyberAware #PrivacyAware
  • Manage your social media carefully: Posting personal info online creates bait for scams and #phishing. #CyberAware #PrivacyAware
  • Email attachments: A cybercriminal's #1 choice for spreading malicious software. Do not open unexpected attachments! #Phishing #CyberAware
  • Trust your instincts: Does that message feel off? It probably is. Contact the sender to confirm it's legit. #Phishing #CyberAware
  • Is it urgent? Slow down. Cybercriminals want you to do what you're told, when you're told. Think before you click. #Phishing #CyberAware
  • Remember: #Phishing is not just for email! You can get phished by phone, text message, on social media, or in person. #CyberAware

(top of page)


Webinars

"Grab-and-go" Webinar:
Too Legit to Quit: How to Avoid Making Legitimate Campus Messages Look Phishy - An Educause/HEISC Webinar

Speakers: Petr Brym (UC Davis), Patricia Clay (DeSales University), and Ed Hudson (CSU, Office of the Chancellor)
(Live webinar event recorded on February 21, 2018.)

Description: With phishing attacks becoming more sophisticated and increasingly successful, we can’t simply rely on educating end users. How do we avoid making legitimate campus messages look phishy? How do we keep email a reliable channel for campus communications? And what are the tools or methods available to supplement our anti-phishing training campaigns on campus? This webinar will offer lessons learned, as well as the pros and cons of viable strategies for creating well-crafted messages that look legitimate. Attendees will be encouraged to share effective communication approaches they’ve used to successfully supplement a phishing awareness campaign on their campus.

Additional webinar: 
Phishing Programs: Chapter 1 – Getting Your Campus Ready for a Phishing Awareness Campaign - April 2017

---

(top of page)

Copyright © Regents of the University of California | Terms of use