Discussion

Once the email is shared, you can lead a discussion as participants explore its content and components. Items to cover as you have participants explore the email: What are participants’ initial observations?

Useful questions:
Discussing the Email
•Show participants how to check the full header of the message. Are participants able to spot some inconsistencies?
•Hover the cursor over links in the email (without clicking) – are participants able to spot anything suspicious? Explain URL shorteners, what they consist of, and why they pose a security threat. Explain how most short URLs can be previewed.
•Any observations about the sender? The addresses of those cc’d (if any)?

Discussing the Attachment
•What happens when they open the attachment?
•After participant input on this, open the EICAR file on your computer being projected and show how your own anti-virus prevents the
computer from being infected).
•On the flip-chart, write phishing and malware and explain the meaning of these words.
•What would they do if they spotted an email they suspected as a phishing email? Delete or mark as spam? Tell co-workers/colleagues/
friends?

Discussing the Website
•If you mirrored a website, now is a good time to show participants what a phishing website looks like.
•Note the subtle URL variances between the original website and the “fake” one.
•Facilitate further discussion among participants: Do they have their own techniques for identifying phishing attacks and avoiding infections through email and websites?