Skip to content

A8 - Phishing

Part 1 - Analysing Phishing Emails

Skim through the 7 red flags of phishing outlined in this document.

Find three examples of phishing emails. You can find some here.

For each phishing example you found, identify three red flags that would help you determine they're phishing emails.

Submit a document containing the three emails you found (you can just paste them in), as well as the red flags you identified.

Part 2 - Create Your Own

Pretend you're a scammer and create a fictional phishing or scam email. You should include in this part:

  • The text of the email itself, including any images you might include in the email
  • If your email links to anywhere, such as a fake login page, an illustration of that page (it doesn't actually need to be functional, and you can include screenshots if you'd like)

After this, add:

  • A paragraph explaining how your scam will work (how are you actually tricking the user to give you private information and/or money?)
  • An indication of how a savvy user might detect that you are scamming them. Make at least some reference to the red flags of phishing previously discussed.

Evaluation

Part 1 will be evaluated as usual (eg, meets expectations, exceeds expectations).

Part 2 will be evaluated as per the following rubric:

  • Showing understanding of how scams work and how to detect them (10 marks)

    • [9, 10] - A scam was created that makes sense. It is clearly explained in the paragraph, and red flags that may cause the scam to be detected are clearly indicated.
    • [7, 8] - A scam was created that makes sense. The explanation and red flags are addressed with some clarity/thoroughness.
    • [5, 6] - A scam is proposed. It may not fully be workable, and the submission may lack explanation of the scam and/or the red flags.

  • Thoroughness and Creatitivity (10 marks)

    • [9, 10] - Email and any related documents are convincing, and contain a level of detail consistent with real scams. Follow-up explanations contain all relevant information.
    • [7, 8] - Email and any related documents contain a level of detail that is fairly consistent with real scams. Follow-up explanations contain most or all relevant information.
    • [5, 6] - Email and related documents are complete, but may lack detail or not be fully convincing. Follow-up explanations have been provided, but may lack necessary detail.