Basic and Web Security
|
|
- Linette Greene
- 5 years ago
- Views:
Transcription
1 Basic and Web Security September, 2015 Daniel Hegglin Security Officer
2 Agenda The Internet is a bad neighborhood. How did I get here? Why people are so easily tricked Characteristics of scam s things to look for and tools to help Can I open this attachment? Can I click on this link? Q&A 2
3 How did I get here? How did I get here? -Lakewood High School Math focus -Cal Poly SLO University - Computer Science -Internship IBM -Permanent with IBM, Cisco, YAGO, Cabletron, a few more -Software Engineer in Networking -Director of Service and Support -Back to Engineering! 3
4 How did I get here? Day of a software security engineer -Lots of coordination -Planning and validating -Meetings -Coding -Metrics and Presentations Security is a continuously evolving field. Today s latest hacks are common tomorrow. For security software engineers, software engineering is the first step. Make sure they do at least one internship they will learn amazing amounts and understand what it s like. 4
5 Real K-State Federal Credit Union web site Fake K-State Federal Credit Union web site used in spear phishing scam 5
6 Spear phishing scam received by K-Staters in January 2010 Phishing scams try to trick you into providing private Information, like a password or bank acct info. Spear phishing Targets a specific population in this case, K-State users. 6
7 The malicious link in the took you to an exact replica of K-State s single sign-on web page hosted on a server in the Netherlands which will steal your eid and password if you enter it and Sign in. Note the URL highlighted in red flushandfloose.nl, which is obviously not k-state.edu 7
8 Fake SSO web page Real SSO web page 8
9 Fake SSO web page site not secure (http, not https) and hosted in the Netherlands (.nl) Real SSO web page note https 9
10 Fake SSO web page Real SSO web page Use the eid verification badge to validate 10
11 Result of clicking on eid verification badge on a legitimate K-State web site that uses the eid and password for authentication 11
12 Most Effective Spear Phishing Scam 12
13 Most Effective Spear Phishing Scam 13
14 Most Effective Spear Phishing Scam 14
15 How to identify a scam General principles: Neither IT support staff nor any legitimate business will EVER ask for your password in an !!! Use common sense and logic if it s too good to be true, it probably is. Think before you click many have fallen victim due to a hasty reply Be paranoid Don t be timid about asking for help from your IT support person or the IT Help Desk 15
16 How to identify a scam Characteristics of scam Poor grammar and spelling The Reply-to: or From: address is unfamiliar, or is not a ksu.edu or k-state.edu address Uses unfamiliar or inappropriate terms (like send your account information to the MAIL CONTROL UNIT ) It asks for private information like a password or account number The message contains a link where the displayed address differs from the actual web address It is unexpected (you weren t expecting Joe to send you an attachment) Does not provide explicit contact information (name, address, phone #) for you to verify the communication. Good example is spear phishing scam that tries to steal your eid password is signed Webmail administrator 16
17 How to identify a scam Beware of scams following major news events or natural disasters (e.g., after Hurricane Katrina asking for donations and mimicking a Red Cross web site) Seasonal scams like special Christmas offers, or IRS scams in the spring during tax season They take advantage of epidemics or health scares, like H1N1 scam last year Often pose as legitimate entity PayPal, banks, FBI, IRS, Wal*Mart, Microsoft, etc. If unsure, call the company to see if they sent it (we did this with recent from Manhattan Mercury) Hackers very good at imitating legitimate will use official logos, some links in the will work properly, but one link is malicious Many make sensational claims; remember to apply the common sense filter if it sounds too good to be true, it probably is 17
18 Useful sources of information Google search for unique phrase in the suspected scam to see what others are reporting about it Web sites of organization targeted by scams often have information, like the IRS Snopes to debunk/confirm hoaxes, rumors, and other urban legends snopes.com Teach yourself with Sonicwall s Phishing and Spam IQ Quiz K-State s IT security web site updated regularly SecureIT.k-state.edu Current threats and spear phishing scams posted on K- State s IT threats blog threats.itsecurity.k-state.edu/ 18
19 Evaluating attachments Don t open attachments you were not expecting From someone you do not know From someone you know, but weren t expecting them to send you a file (infected computers can send malicious s from the owner of the computer to everyone in their addressbook) This is especially true if the content of the message is brief, vague, and/or unusual 19
20 Evaluating attachments Ignore or delete it if it s not expected or important; not worth the risk of opening it and infecting your computer Beware of executable files embedded in.zip attachments is a common way for hackers to send.exe files that would normally be deleted by systems If there s any reason to believe it might be legitimate, validate the attachment before opening it Contact the sender and ask if it is legit Ask your IT support person or the IT Help Desk Test it with antivirus software to see if it is a known malicious program 20
21 What can we do? Remember - Hallmark, amazon.com, Twitter, etc. do not send information or instructions in attachments Don t open attachment unless you are expecting it and have verified with sender Analyze attachments before opening them Think before you click Be paranoid! 21
22 Web Browsing Threats Malicious links/sites to click or not to click, that is the question. Malicious advertisements Drive-by Download (don t even have to click!) Search engines tricked to present malicious/bogus result near the top of your search results (aka Blackhat Search Engine Optimization (SEO) Poisoning) 22
23 Can I click on this? Watch for displayed URL (web address) that does not match the actual displayed: actual: Beware of link that executes a program (like ldr.exe above) Avoid numeric IP addresses in the URL Watch for legitimate domain names embedded in an illegitimate one 23
24 Can I click on this? Beware of supposedly from US companies with URLs that point to a non-us domain (Kyrgyzstan in example below) From: Capital One bank <cservice@capitalone.com> URL in msg body: IE8 highlights the actual domain name to help you identify the true source. Here s a web address from an IRS scam that s actually hosted in Pakistan: 24
25 Can I click on this? Beware of domains from unexpected foreign countries Kyrgyzstan: Pakistan: Lithuania: Hungary: Romania: Russia: MANY scams originate in China (country code =.cn) Country code definitions available at: 25
26 Can I click on this? Watch for malicious URLs cloaked by URL shortening services like: TinyURL.com Bit.ly CloakedLink.com 26
27 Can I click on this? TinyURL has a nice preview feature that allows you to see the real URL before going to the site. See tinyurl.com/preview.php to enable it in your browser (it sets a cookie) Bit.ly has a Firefox add-on to preview shortened links: addons.mozilla.org/en-us/firefox/addon/10297 It also warns you if the site appears to be malicious: 27
28 Malicious Advertisements Isn t just NY Times ratemyprofessors.com (!!) msnbc.msn.com health.msn.com music.msn.com astrology.msn.com realestate.msn.com usatoday.com cnbc.com digg.com mail.live.com addictinggames.com foxsports.com hollywoodreporter.com These legitimate sites are not in cahoots with the criminals, they re just not careful enough in screening ads from third party ad networks 28
29 Drive-by Downloads The scary thing is you don t even have to click on anything just visiting a site with malicious code can initiate a download that installs malware on your computer without you knowing it. Symantec claims every one of the top 100 websites in the world have served up malicious code at some point JavaScript in the ad executes when the page is loaded and tries to exploit a vulnerability in Adobe PDF reader, Java, or Flash or all three; this is why a tool like NoScript or something that blocks ads is 29 effective
30 Drive-by Downloads Commonly used to promote fake antivirus software (aka scareware or extortionware ) make you believe your computer is infected with lots of malware, enticing the nervous user to Click Here to buy fake security software for $30-$100, plus they steal your credit card information Can be used to infect your computer with any malware keyloggers, Trojans, Torpig, Malware changes at a very rapid rate to escape detection by AV software; hackers test their malware against 43 popular AV products at virustotal.com before launching Prevention is by keeping Adobe Reader, Flash, and Java updated with latest security patches 30
31 What s a feller to do? If you re not scared by now, then I m worried about you and I pity your IT support person 31
32 Conclusion There s no way to be 100% secure surfing the web these days Use multi-faceted approach to reduce your risk (browser security features, browser addons, Trend Micro security software, educate yourself) These tools and techniques make your browsing experience less convenient and may frustrate you at times, but they are necessary in today s hostile online climate Think before you click! 32
33 What s on your mind? 33
Dissecting Phishing Scams
Dissecting Phishing Scams IT Security Training April 13, 2011 Harvard Townsend Chief Information Security Officer harv@ksu.edu Agenda Definitions with examples What s the big deal? The numbers Phishing
More informationSpam Protection Guide
Spam Email Protection Guide Version 1.0 Last Modified 5/29/2014 by Mike Copening Contents Overview of Spam at RTS... 1 Types of Spam... 1 Spam Tricks... 2 Imitation of 3 rd Party Email Template... 2 Spoofed
More informationOnline Scams. Ready to get started? Click on the green button to continue.
Online Scams Hi, I m Kate. We re here to learn how to protect ourselves from online scams. We ll follow along with Kevin to learn what types of scams are out there, how to recognize the warning signs,
More informationProtecting your Security and Privacy on the Web. Tony Brett Head of IT Support Staff Services IT Services. 11 March 2013
Protecting your Security and Privacy on the Web Tony Brett Head of IT Support Staff Services IT Services 11 March 2013 Agenda Why bother? Common data leaks Email security Viruses & Trojans Phishing Why
More informationPROTECTING YOUR BUSINESS ASSETS
PROTECTING YOUR BUSINESS ASSETS How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and Your Credit Card Number Gets Stolen A MyNAMS Presentation by Regina Smola @2012 Regina
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 7 - Social Engineering1 - Phishing Reading: Chapter 6 Overview Social Engineering Defined Humans as vulnerabilities Phishing What is it? What does
More informationStaying Safe on the Internet. Mark Schulman
Staying Safe on the Internet Mark Schulman 1 Your Presenter Mark Schulman IT professional for almost 40 years No affiliation with any product 2 What We ll Talk About Passwords Email Safety Staying Safe
More informationCSCD 303 Essential Computer Security Fall 2017
CSCD 303 Essential Computer Security Fall 2017 Lecture 11a - Social Engineering1 Phishing Reading: Chapter 6 Overview Social Engineering Defined Humans as vulnerabilities Phishing What is it? What does
More informationSecurity Practices & File Encryption
Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Email Security Practices & File Encryption Content provided by Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will
More informationQuick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page
Workshop #7 Email Security Previous workshops 1. Introduction 2. Smart phones & Tablets 3. All about WatsApp 4. More on WatsApp 5. Surfing the Internet 6. Emailing Quick recap on Emailing Email Security
More informationIntroduction to
Introduction to Email gcflearnfree.org/print/email101/introduction-to-email Introduction Do you ever feel like the only person who doesn't use email? You don't have to feel left out. If you're just getting
More informationELECTRONIC BANKING & ONLINE AUTHENTICATION
ELECTRONIC BANKING & ONLINE AUTHENTICATION How Internet fraudsters are trying to trick you What you can do to stop them How multi-factor authentication and other new techniques can help HELPING YOU STAY
More informationCyber Security Guide for NHSmail
Cyber Security Guide for NHSmail Version 3.0 February 2017 Copyright 2017Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute,
More informationHow to recognize phishing s
Phishing email messages, websites, and phone calls are designed to steal money, steal data and/or destroy information. Cybercriminals can do this by installing malicious software on your computer or stealing
More informationSafety and Security. April 2015
Safety and Security April 2015 Protecting your smartphone and your data 2 Set a passcode on your smartphone For some smartphone models: 1. Go to Settings. 2. Tap ID & Passcode. 3. Set a 4-digit passcode.
More informationPhishing: Don t Phall Phor It Part 1
Phishing: Don t Phall Phor It Part 1 Software Training Services Welcome to Part 1 of the online course: Phishing: Don t Fall for it! 1 Objectives Definition of Phishing State of Phishing Today Recognizing
More informationCyber Security Guide. For Politicians and Political Parties
Cyber Security Guide For Politicians and Political Parties Indian Election Integrity Initiative Design by ccm.design Cover Image by Paul Dufour Helping to Safeguard the Integrity of the Electoral Process
More informationPhishing: What is it?
Objec&ves Define phishing and iden&fy various types of phishing scams Recognize common bai&ng tac&cs used in phishing scams Examine real phishing messages Understand how to protect yourself from being
More informationFAQ. Usually appear to be sent from official address
FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address
More informationTrain employees to avoid inadvertent cyber security breaches
Train employees to avoid inadvertent cyber security breaches TRAIN EMPLOYEES TO AVOID INADVERTENT CYBER SECURITY BREACHES PAGE 2 How much do you know about cyber security? Small business owners often lack
More informationCyber Hygiene Guide. Politicians and Political Parties
Cyber Hygiene Guide Politicians and Political Parties Canadian Election Integrity Initiative Design by ccm.design Cover Image by Songquan Deng Helping to Safeguard the Integrity of the Electoral Process
More informationWho We Are! Natalie Timpone
Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who
More informationINTERNET SAFETY IS IMPORTANT
INTERNET SAFETY IS IMPORTANT Internet safety is not just the ability to avoid dangerous websites, scams, or hacking. It s the idea that knowledge of how the internet works is just as important as being
More informationManually Create Phishing Page For Facebook 2014
Manually Create Phishing Page For Facebook 2014 While you are creating phishing page manually you have to do a lot of work Web Templates -- For importing premade template for Gmail, Facebook from SET.
More informationSouth Central Power Stop Scams
Don t get tricked. People around the country have been receiving emails and phone calls from scammers. South Central Power wants to help you keep your money and prevent scams. Review the helpful tips below.
More informationRestech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS
Restech User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS Your presenter: Vince Gremillion, CISSP 30+ years technical and customer service experience Founder/Co-Owner RESTECH
More informationIT & DATA SECURITY BREACH PREVENTION
IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part 1: Reducing Employee and Application Risks CONTENTS EMPLOYEES: IT security hygiene best practice APPLICATIONS: Make patching a priority AS CORPORATE
More informationTIPS TO AVOID PHISHING SCAMS
TIPS TO AVOID PHISHING SCAMS WHAT IS PHISHING? Phishing is the use of fraudulent email, websites, text messages and phone calls to trick people into disclosing personal financial or identity information,
More informationAges Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk
Ages 11-14 Donʼt Fall for : Activity 1 Don t bite that phishing hook! Children play a game where they study various emails and texts and try to decide which messages are legit and which are phishing scams.
More informationIT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)
IT Security Protecting Ourselves From Phishing Attempts Ray Copeland Chief Information Officer (CIO) Phishing Defined The fraudulent practice of sending emails claiming to be from reputable people or companies
More information3.5 SECURITY. How can you reduce the risk of getting a virus?
3.5 SECURITY 3.5.4 MALWARE WHAT IS MALWARE? Malware, short for malicious software, is any software used to disrupt the computer s operation, gather sensitive information without your knowledge, or gain
More informationOnline Security and Safety Protect Your Computer - and Yourself!
Online Security and Safety Protect Your Computer - and Yourself! www.scscu.com Fraud comes in many shapes and sizes, but the outcome is simple: the loss of both money and time. That s why protecting your
More informationPRACTICING SAFE COMPUTING AT HOME
PRACTICING SAFE COMPUTING AT HOME WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED PATCHLINK ENGINEER ENTERPRISE INFORMATION SYSTEMS
More informationChapter 6 Network and Internet Security and Privacy
Chapter 6 Network and Internet Security and Privacy Learning Objectives LO6.1: Explain network and Internet security concerns LO6.2: Identify online threats LO6.3: Describe cyberstalking and other personal
More informationThe 12 scams of Christmas
The 12 scams of Christmas November 2011: SCAMwatch is advising consumers to watch out for this year s 12 scams of Christmas. Scams occur all year round but scammers prey on people s generosity and vulnerabilities
More informationQUARTERLY TRENDS AND ANALYSIS REPORT
September 1, 2007 Volume 2, Issue 3 QUARTERLY TRENDS AND ANALYSIS REPORT www.us-cert.gov Introduction This report summarizes and provides analysis of incident reports submitted to US-CERT during the U.S.
More informationPhishing. What do phishing s do?
Phishing We have become all too familiar with phishing emails but if that s the case, why do we as a community still fall victim? In this newsletter our goal is to provide you with some basic information
More informationTo learn more about Stickley on Security visit You can contact Jim Stickley at
Thanks for attending this session on March 15th. To learn more about Stickley on Security visit www.stickleyonsecurity.com You can contact Jim Stickley at jim@stickleyonsecurity.com Have a great day! Fraud
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationPhishing. Eugene Davis UAH Information Security Club April 11, 2013
Phishing Eugene Davis UAH Information Security Club April 11, 2013 Overview A social engineering attack in which the attacker impersonates a trusted entity Attacker attempts to retrieve privileged information
More informationCE Advanced Network Security Phishing I
CE 817 - Advanced Network Security Phishing I Lecture 15 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationBut it Was Such a Little Phish February 2016 Webinar
But it Was Such a Little Phish February 2016 Webinar Firestorm Insights February 2016 1000 Holcomb Woods Parkway Suite 130 Roswell, GA 30076 770-643-1114 Fax: 1-800-418-9088 www.firestorm.com Page Intentionally
More informationCLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies
Fraud Overview and Mitigation Strategies SUNTRUST TEAM: DOUG HICKMAN SENIOR VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS SPECIALTY PRACTICE JAMES BERNAL ASSISTANT VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS
More informationStaying Safe Online. My Best Internet Safety Tips. and the AgeWell Computer Education Center.
Staying Safe Online My Best Internet Safety Tips and the AgeWell Computer Education Center Welcome to our first Webinar of 2017! Agenda o How to use the Webinar Room o Upcoming CEC Classes o My tips for
More informationInternet and Mini.K.G Senior Scientist, FRAD, CMFRI
Internet and E-Mail Mini.K.G Senior Scientist, FRAD, CMFRI Email: mini.anish02@gmail.com 28 Introduction to Internet Internet is a worldwide system of interconnected computer networks. It connects several
More informationPhishing: When is the Enemy
Phishing: When E-mail is the Enemy Phishing, once only a consumer worry, is creating headaches for e-mail administrators as businesses become the next target. CONTENTS Understanding the Enemy 2 Three Things
More informationDo not open attachments on s that you are not sure of.
Avoid free online offers of programs to rid your hard drive of viruses and shred your history completely. It will probably install spyware or infect your hard drive. Do not open attachments on emails that
More informationRecognizing & Protecting Against Fraud
Fraud Mitigation and Cyber Strategies for Public Entities April 209 Recognizing & Protecting Against Fraud 2 Why is it Important to Remain Vigilant? Fraud does not discriminate it occurs everywhere, and
More informationcommtech Online Holiday Shopping Tips A Guide Presented by: CommTech Industries
Online Holiday Shopping Tips A Guide Presented by: CommTech Industries Holiday season is already upon us and that means high traffic for online shopping and higher risk for internet scams. The scammers
More informationDoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations
//FOUO DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations Updated: 16 NOV 2006 //FOUO Objective Inform and increase the awareness of all Department of Defense personnel
More informationTwitter Basics at the Deerfield Public Library
Twitter Basics at the Deerfield Public Library Class Outline: 1) What is Twitter? 2) Setting up an account and profile 3) Terms you should know & examples 4) How do I decide what to write? 5) Q & A Expected
More informationKnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.
KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks. About Us The world s most popular integrated Security Awareness Training and Simulated
More informationYour security on click Jobs
Your security on click Jobs At Click Jobs is a trading name of Raspberry Recruitment Limited, we're committed to helping you find the right job in a safe and secure environment. On these pages, you can
More informationFAQ: Privacy, Security, and Data Protection at Libraries
FAQ: Privacy, Security, and Data Protection at Libraries This FAQ was developed out of workshops and meetings connected to the Digital Privacy and Data Literacy Project (DPDL) and Brooklyn Public Library
More informationWhy was an extra step of choosing a Security Image added to the sign-in process?
General Information Why was an extra step of choosing a Security Image added to the sign-in process? Criminals can create websites that look very similar to legitimate business websites. We want to take
More informationOverview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises
More informationFighting Phishing I: Get phish or die tryin.
Fighting Phishing I: Get phish or die tryin. Micah Nelson and Max Hyppolite bit.ly/nercomp_sap918 Please, don t forget to submit your feedback for today s session at the above URL. If you use social media
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationSpam Evolution Report: October 2009
Spam Evolution Report: October 2009 Prepare by Kaspersky Lab,a leading manufacturer of secure content management solutions About Kaspersky Lab Kaspersky Lab delivers the world s most immediate protection
More informationCSC Introduction to Computers and Their Applications
CSC 170 - Introduction to Computers and Their Applications Lecture 8 The World Wide Web What is the World Wide Web? The Web is not the Internet The Internet is a global data communications network The
More informationFrauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam
Frauds & Scams Why is the Internet so attractive to scam artists? Anonymity Low cost Rapid growth Easy to adapt Be Cyber Savvy with C-SAFE 118 2006 Internet Fraud Trends Average Loss Online Auctions 34%
More informationFrequently Asked Questions (FAQ)
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationPhishing Attacks. Mendel Rosenblum. CS142 Lecture Notes - Phishing Attack
Phishing Attacks Mendel Rosenblum Phishing Basic idea: Get unsuspecting users to visit an evil Web site Convince them that the evil Web site is actually a legitimate site (such as a bank or PayPal) Trick
More informationSecurity and Privacy
E-mail Security and Privacy Department of Computer Science Montclair State University Course : CMPT 320 Internet/Intranet Security Semester : Fall 2008 Student Instructor : Alex Chen : Dr. Stefan Robila
More informationBRING SPEAR PHISHING PROTECTION TO THE MASSES
E-Guide BRING SPEAR PHISHING PROTECTION TO THE MASSES SearchSecurity phishing. I n this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationSecurity Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment
Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment Ray Colado, Information Security Analyst Raise awareness around information security to help
More informationHow Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong
How Enterprise Tackles Phishing Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong Hackers turning to easy marks - Social engineering Phishing was the #1 threat vector (> 50%) for Office
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of September, 2007 Summarization of September Report Findings The total number of unique phishing reports submitted to APWG in September 2007 was 38,514, an
More informationWEB OF DECEIT. Why are seniors targeted?
A challenge for senior citizens who embrace the computer age is knowing how to avoid online fraud. Although people of all ages are at risk, statistics show that when it comes to online safety, seniors
More informationPHISHING Takedown Process
PHISHING Takedown Process CONGRATULATIONS, you just won a trip to the Bahamas! Update your password now! Please confirm your account information. You have a tax refund waiting for you. These are the common
More informationScams and Schemes LESSON PLAN UNIT 1. Essential Question What is identity theft, and how can you protect yourself from it?
LESSON PLAN Scams and Schemes Essential Question What is identity theft, and how can you protect yourself from it? Lesson Overview Students learn strategies for guarding against identity theft and scams
More informationWHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?
WHAT IS CORPORATE ACCOUNT TAKEOVER? Corporate Account Takeover (also referred to as CATO) is a type of fraud where criminals gain access to a business financial accounts to make unauthorized transactions.
More informationKeeping Your PC Safe. Tips on Safe Computing from Doug Copley
Keeping Your PC Safe Tips on Safe Computing from Doug Copley Don t be an Administrator Administrator is an account that can do ANYTHING on the PC Most computers start with 1 account with administrator
More informationConveying Emotion. Chapter 12: Computers In Polite Society: Social Implications of IT. Improving the Effectiveness of . Problems with
Chapter 12: Computers In Polite Society: Social Implications of IT Fluency with Information Technology Third Edition by Lawrence Snyder Improving the Effectiveness of Email Problems with email: Conveying
More informationIC B01: Internet Security Threat Report: How to Stay Protected
IC B01: Internet Security Threat Report: How to Stay Protected Piero DePaoli Director, Product Marketing IC B01: Internet Security Threat Report: How to Stay Protected 1 Topics 1 Targeted Attacks 2 Spam
More informationBackend IV: Authentication, Authorization and Sanitization. Tuesday, January 13, 15
6.148 Backend IV: Authentication, Authorization and Sanitization The Internet is a scary place Security is a big deal! TODAY What is security? How will we try to break your site? Authentication,
More informationDuplication and/or selling of the i-safe copyrighted materials, or any other form of unauthorized use of this material, is against the law.
Thank you for your interest in e-safety, and for teaching safe and responsible Internet use to your students. Educators are invited to access and download i-safe curriculum AT NO CHARGE under the following
More informationOnline Threats. This include human using them!
Online Threats There are many dangers from using the web (and computer in general). One should watch out for malware, automated programs designed to cause harm to you, your data, and your system. You are
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationOnline Security: Breaking Down the Anatomy of a Phishing
Online Security: Breaking Down the Anatomy of a Phishing Email In today s world where everyone s information is online, phishing is one of the most popular and devastating online attacks, because you can
More informationWire Fraud Begins to Hammer the Construction Industry
Wire Fraud Begins to Hammer the Construction Industry Cybercriminals are adding new housing construction to their fraud landscape and likely on a wide scale. Created and published by: Thomas W. Cronkright
More informationAny conversation about virtualization for small- and medium-sized businesses (SMBs) usually starts around
E-NEWS www.e-safetech.om 1-412-944-2402 2018 E-Safe Technologies All rights reserved. September 2018 In this issue Choose from 5 Virtualization Options 5 Cyber Security Measures Barracuda and E-Safe Top
More informationWeb Security School Lesson 3 Locking down your Web applications
Web Security School Lesson 3 Locking down your Web applications Michael Cobb, Founder & Managing Director, Cobweb Applications, Ltd. searchsecurity.com/websecurityschool Web Security School overview Lesson
More informationWeb Security Computer Security Peter Reiher December 9, 2014
Web Security Computer Security Peter Reiher December 9, 2014 Page 1 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow around
More information>MESSAGELABS END USER IT SECURITY GUIDE >WHAT STEPS CAN YOU TAKE TO KEEP YOURSELF, YOUR COLLEAGUES AND YOUR COMPANY SAFE ONLINE?
>MESSAGELABS END USER IT SECURITY GUIDE >WHAT STEPS CAN YOU TAKE TO KEEP YOURSELF, YOUR COLLEAGUES AND YOUR COMPANY SAFE ONLINE? >CONTENTS >WHAT IS MESSAGING AND WEB SECURITY? >P1 >EMAIL THREATS >P1 >VIRUSES
More informationEvolution of Spear Phishing. White Paper
Evolution of Spear Phishing White Paper Executive Summary Phishing is a well-known security threat, but few people understand the difference between phishing and spear phishing. Spear phishing is the latest
More informationQuick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.
Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac. Product Highlights Quick Heal Fast and highly responsive Virus Protection. Browsing Protection and Phishing Protection to
More informationUser s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved.
User s Guide SingNet Desktop Security 2011 Copyright 2010 F-Secure Corporation. All rights reserved. Table of Contents 1. Getting Started... 1 1.1. Installing SingNet Desktop Security... 1 1.1.1. System
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationWelcome. Password Management & Public Wi-Fi Security. Hosted by: Content by:
Welcome Password Management & Public Wi-Fi Security Hosted by: Content by: Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 1:00 Welcome Foster & Motley Clients to Security Education
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationInternet Basics. Basic Terms and Concepts. Connecting to the Internet
Internet Basics In this Learning Unit, we are going to explore the fascinating and ever-changing world of the Internet. The Internet is the largest computer network in the world, connecting more than a
More informationInternet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions.
Internet Quick Start Guide Get the most out of your Midco internet service with these handy instructions. 1 Contents Wi-Fi Name and Password..................................................... 4 Why Change
More informationSecurity Awareness. Presented by OSU Institute of Technology
Security Awareness Presented by OSU Institute of Technology Information Technologies Division Security Awareness Topics Social Engineering Phishing Social Networks Displaying Sensitive Information Wireless
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More information