Amy: Finally I have finished my assignment. It’s time to play some music.

Pink: Hey, did you finish your assignment?

Amy: Wooh! You scared me! Of course I did. Just a moment. I have to submit it in Moodle.

Amy: No way, stop playing tricks on me.

Pink: Play? This game is marvelous and super fun. Do you want to play together? Konohamura Takuya is also in this game!!!

Amy: What? No! I mean I have a problem with logging into my Moodle account. Take a look.

Pink: Have you tried resetting your password?

Amy: You bet.

Amy: Something strange. It’s not my email address.

P: How could this be? Should we report it to the police?

P: Hey, you dropped something. What is this? I.S.A.?

Amy: Let me have a look. There is a QR code on it.

P: Why don’t we scan it and check it out?!

Amy: Sure.

Man: Hi Amy. This is agent Zero from I.S.A.. I am coming to solve your information security problems.

Amy: I don’t even know him.

Agent 0: Calm down. Give me a second to explain it. I can help you to sort out the Moodle login problem.

Amy: How did you know that I can’t log in to my Moodle account?

Agent 0: I have received a message from my assistant saying that you need a hand. Could you tell me when was the last time you logged in to your Moodle account?

Amy: I was about to download my notes for doing my assignment, then my professor sent me an email and interrupted me.

Agent 0: An email?

Agent 0: The mystery is solved. You fell into a phishing trap.

P: Fishing? What kind of fish did you catch? Eels? It sounds good!

Agent 0: A ‘fish’ was baited, but not an Eel. A phishing email is a fake email. It might disguise itself as a person or a company you know, asking you to do something for it. If you follow its instructions to click on a link or open an attachment, your personal information and also your account numbers would be stolen.

P: You mean Amy’s email is a phishing email? But the sender name looks fine to me.

Agent 0: Let me analyze your email with our I.S.A. class A technology.

First of all, check the sender name. Though the name is correct, we should not be deceived by its false front. In fact, the sender name can be made up easily, we should take the sender name with a grain of salt. Examining the content is more important.

Secondly, check the salutation. When general salutation, for example, ‘Dear student’, and ‘Dear Sir or Madam’ is used, it means that the sender might be sending bulk emails, or the sender might not even know you. These are the tricks often used by a phishing email.

Lastly, above all is to check links. You take a look at the link first and see if there are any problems.

Amy: Well. The link refers to Moodle as usual. It seems normal.

Agent 0: What if you move the mouse to hover over the link? Be careful not to click it. You will find the difference.

Amy: The link has changed!

Agent 0: This link is actually the real boss behind. It would lead you to a fraudulent website, and then you will share your personal information unconsciously.

Amy: You’re right! This website is totally the same as the real one. The same thing shows up!

Agent 0: It will help you to log in to the real one after your password has been stolen, which makes you feel like nothing has happened.

P: How do they know the name and the department of the professor?

Agent 0: The information could be easily found on the internet. You could also search for the information of any professor at any time.

P: So, will her academic result be affected as she felt into the trap of this phishing email?

Agent 0: Changing the result is not allowed and not acceptable, and it would violate the code of agent. However, we could teach you some tactics to prevent phishing emails.

Agent 0: If you receive a suspicious email, do not open any link or attachment. Verify the email with the sender first.

Amy: What can I do now? I can’t hand in my assignment if I can’t log in to my Moodle account.

Agent 0: Now we are sure that it is a phishing email. Please delete the phishing email immediately and report it to the ITS department of your college. Remember to attach the phishing email and its header. I will send you a QR code and you should follow the instructions.

P: What is happening to my computer?

Agent 0: It’s time to end our conversation.

P: Oh wait! My boyfriend’s phone probably got viruses. The chat history is always cleared when I check his phone. How can we find you to help him?

Agent 0: You will never find us. We will be back if there are any information security issues.

Amy: The computer is finally back to normal. I have to send an email to the ITS department, ask them to deal with the phishing email for me now, and also hand in my assignment as soon as possible.

P: Well, it no longer matters whether you hand in your assignment or not.

Amy: What are you talking about? The deadline is 5 pm today.

Amy: Oh no! It’s already 6 pm. No. No. No. I have to send another email to my professor and explain what happened to me.

P: Do it faster and have dinner with me please. I want some Japanese cuisine.

Amy: You want some Japanese food?!

P: Yes! You love Japanese food, don’t you?

Amy: Right!!!!! Let’s go now!!!

P: Don’t you have to send an email?                                                    

Amy: It’s just a little thing. Nothing is more important than having Japanese food! GO! GO!

Which restaurant should we go?

Tat Gor: Poor innocents. With just a phishing email, I can pretend to whoever I want, even the president, by changing the name of the sender. Then they will do whatever I tell them, even if I want their bank accounts.

Why would the client pay me for this information? They are just students.

It won’t be that simple.

Let me play around with it.