Show Menu

Identity Theft: Phishing 101 Cheat Sheet (DRAFT) by [deleted]

Avoid fake email design to steal your identity

This is a draft cheat sheet. It is a work in progress and is not finished yet.


Phishing are emails that are specif­ically designed to attract the user to open a link or document that will launch a virus or attack on the user's computer with the intent to steal data or demand a ransom..The message are typical disguised as important must read messages.

What are phishing’s telltale signs? Although phishing emails have become more sophis­tic­ated, some criminals still make spelling and grammar mistakes. More subtle clues are URLs with spelling errors or the wrong domain — .com versus .org, for example. Here's a handy guide to phishing vocabu­lary, and ways that stolen data can be used.

Phishing Vocabulary

Phishing: An electronic commun­ication from what looks like a trustw­orthy source that seeks to obtain victims’ sensitive inform­ation — computer username and password, or credit card, Social Security or bank account numbers — for malicious intent.
Spear phishing: Phishing targeted at specific indivi­duals. Attackers first gather intell­igence about the target to make the deception more believable and increase the likelihood of success. The criminal might connect with the victim on social media to glean inform­ation and foster trust.
Whaling: Spear phishing targeting a high-p­rofile person, such as a hospital executive.
Social engine­ering: A non-te­chnical method of intrusion hackers use that relies heavily on human intera­ction and often involves tricking people into breaking normal security proced­ures. It is one of the greatest threats that organi­zations today encounter.
Nation­-state actors: Targeted intrusions into your specific computer network by an organized group of hackers to collect inform­ation from any organi­zation with valuable data, like hospital medical records.
Hackti­vists: Computer hackers who join groups like Anonymous in order to demons­trate their dissat­isf­action with powerful organi­zations such as corpor­ations and govern­ments that fail to share their views.
Malware: An umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransom­ware, spyware, adware, scareware and other malicious programs. It can take the form of executable code, scripts, active content and other software.

Phishing Red Flags

Get smart on Phishing! Learn to read links!

Phishing are fake messages intended to lure you to fake websites that are made to look like e.g. a bank website, but in reality set up by data thieves. If you fill in forms on those sites, you will give all your inform­ation to criminals and invite indentity theft, credit card fraud, cleaned out bank accounts etc. This is called "­phi­shi­ng"
Learn how to identify links to fake sites, so you will not be fooled!

Ways Cyber Criminals Use Data

Medical record theft: Cyber criminals steal patients’ health records to sell them on the black market.
Medical identify theft: Criminals use patients’ stolen health record inform­ation to gain personal access to medical treatment, to acquire prescr­iption drugs for personal use or sale, or to make false claims against patients’ insurers.
Identity theft: Criminals sell or personally use employees’ or patients’ credit cards, bank or Social Security numbers to open and max out credit cards, clean out bank accounts and commit tax fraud.
Industrial espionage: Criminals steal a hospital’s intell­ectual property in areas such as medical technology innova­tion, clinical research and business practices.

Protection Against Phishing

Avoid eMail Attach­ments. Never open attach­ments from unknown source or known companies that you do not usually correspond with.
Firewalls: A system designed to prevent unauth­orized access to or from a private network. Firewalls can be implem­ented in both hardware and software, or a combin­ation of both. Firewalls are frequently used to prevent unauth­orized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
Spam Filters: These filters prevent unsoli­cited emails from clogging your inbox with these downloads. Spammers are often attempting to steal personal data by sending spoofed spam emails which mimic legitimate companies’ domain names.