Who We Are! Natalie Timpone

Similar documents
How to recognize phishing s

Personal Cybersecurity

Your security on click Jobs

Newcomer Finances Toolkit. Fraud. Worksheets

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Security & Phishing

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

How to Build a Culture of Security

Webomania Solutions Pvt. Ltd. 2017

Best Practices Guide to Electronic Banking

Evolution of Spear Phishing. White Paper

Chapter 6 Network and Internet Security and Privacy

Phishing. What do phishing s do?

PCI Compliance. What is it? Who uses it? Why is it important?

Online Scams. Ready to get started? Click on the green button to continue.

How Cyber-Criminals Steal and Profit from your Data

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

TWINSBURG COMMUNITY SERVICE BUREAU. Senior Scam Workshop. Presented by Officer Ron Fruscella and Officer Greg Kopniske

mhealth SECURITY: STATS AND SOLUTIONS

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

South Central Power Stop Scams

Employee Security Awareness Training

But it Was Such a Little Phish February 2016 Webinar

Safety and Security. April 2015

Cyber Security Guide for NHSmail

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

Security Awareness. Chapter 2 Personal Security

Security Awareness. Presented by OSU Institute of Technology

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Identity Theft and Account Takeover Prevention

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

41% Opens. 73% Clicks. 35% Submits Sent

Protecting Your Business From Hackers

A Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services

Protect Yourself From. Identify Theft

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Combating Cyber Risk in the Supply Chain

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

CYBER SECURITY AND MITIGATING RISKS

Cyber Security Updates and Trends Affecting the Real Estate Industry

Target Breach Overview

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Web Cash Fraud Prevention Best Practices

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

ANNUAL SECURITY AWARENESS TRAINING 2012

Compliance & HIPAA Annual Education

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Putting security first for critical online brand assets. cscdigitalbrand.services

IT & DATA SECURITY BREACH PREVENTION

McAfee S DO s AnD DOn ts Of Online Shopping

Wire Fraud Scams: How to Protect

3.5 SECURITY. How can you reduce the risk of getting a virus?

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

Online Threats. This include human using them!

Why you MUST protect your customer data

Introduction to

Security Using Digital Signatures & Encryption

FAQ: Privacy, Security, and Data Protection at Libraries

Spam Protection Guide

Cyber Insurance: What is your bank doing to manage risk? presented by

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

FAQ. Usually appear to be sent from official address

Legal Aspects of Cybersecurity

Governance Ideas Exchange

Webroot Phishing Threat Trends

GRANDPARENT S GUIDE TO TECHNOLOGY VOLUME 2

Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social Engineering Scams

DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

Financial scams. What to look for and how to avoid them.

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft

Electronic Identity Theft and Basic Security

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft. Ley Mills IRS Stakeholder Liaison December 20, 2017

PROTECTING YOUR BUSINESS ASSETS

Cyber Security Practice Questions. Varying Difficulty

Employee Privacy in the Electronic Workplace

The Cyber War on Small Business

Chapter 12. Information Security Management

Today s Presentation. Define phishing Explain phishing techniques Examples of phishing Statistics about phishing Defense against Dark Arts Resources

CUSTOMER TIPS: HOW TO GUARD AGAINST FRAUD WHEN USING ONLINE BANKING OR ATM s

Ages Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk

Taking control of your finances... 5 Use these tips to manage your finances

Client Resources. participant guide

Cyber-Threats and Countermeasures in Financial Sector

Cybersecurity and Hospitals: A Board Perspective

Train employees to avoid inadvertent cyber security breaches

SPRING 2018 HERSHEYSMILL FRAUD PREVENTION NEWSLETTER

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Publishers clearing house scam complaint

Online Security and Safety Protect Your Computer - and Yourself!

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

How to Keep Your Personal Information Secure

IMPORTANT SECURITY INFORMATION PHISHING

Cyber Security Risk Management and Identity Theft

PBX Fraud Information

SHARE Session Protecting Critical Data on a z/os Mainframe: A New Attitude

Transcription:

Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert

Who Are Hackers? 1. White Hats 2. Black Hats 3. Script Kiddies 4. Hacktivists 5. State Sponsored 6. Spy 7. Cyber Terrorists

Who Are They? 1. White Hats 2. Black Hats 3. Script Kiddies 4. Hacktivists 5. State Sponsored 6. Spy 7. Cyber Terrorists

Who Are They? 1. White Hats 2. Black Hats 3. Script Kiddies 4. Hacktivists 5. State Sponsored 6. Spy 7. Cyber Terrorists

Who Are They? 1. White Hats 2. Black Hats 3. Script Kiddies 4. Hacktivists 5. State Sponsored 6. Spy 7. Cyber Terrorists

Who Are They? 1. White Hats 2. Black Hats 3. Script Kiddies 4. Hacktivists 5. State Sponsored 6. Spy 7. Cyber Terrorists

Who Are They? 1. White Hats 2. Black Hats 3. Script Kiddies 4. Hacktivists 5. State Sponsored 6. Spy 7. Cyber Terrorists

Who Are They? 1. White Hats 2. Black Hats 3. Script Kiddies 4. Hacktivists 5. State Sponsored 6. Spy 7. Cyber Terrorists

Who Are They? 1. White Hats 2. Black Hats 3. Script Kiddies 4. Hacktivists 5. State Sponsored 6. Spy 7. Cyber Terrorists

What do they want? biometric data name payment card address vehicle social media profiles birthday social security numbers health/medical email Internal IP Addresses geographic info phone

Social Engineering Attacks What is Social Engineering?

Social Engineering Explained Two Types! 1. Technical 2. Non-Technical Technical: Phishing Spear Phishing Click-Baiting Non-Technical Vishing Hoaxing Authoritative

In The News Office of Personnel Management (OPM) Breach 22 Million Records Stolen PII Data Consisting Of SSN, Dob, Places Lived, Full Names Of All Relatives) Information Sold On Dark Web Prepare for: Increases in Phishing and Vishing Attacks PII Data allows attackers to pass basic authentication questions

Phone Scams 86,000,000 Phone Scams Occur in the U.S. Every Month 14,333,333 a month are done by robocallers Most popular phone scam is fraudulent Tech Support 3 rd Most popular phone scam is Auto Insurance Know Anyone Who Has Received Fraudulent Tech Support Calls? AAA Club Membership offers Free ID Theft Protection! http://www.aaa.com/idtheft http://info.pindropsecurity.com/rs/905-its-138/images/pindrop-phone-fraud-report-2014-2015.pdf

Primary Methods Used Together

Advancements in Phishing Malware Good phishing artists don t require their victims to download any attachments. Simply clicking on a link in the email can lead to compromise.

10 Tips to Spot a Phishing Email The message contains a mismatched URL One of the first things that I recommend checking in a suspicious email message is the integrity of any embedded URLs. Often times the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over top of the URL, you will see the actual hyperlinked address (at least that's how it works in Outlook). If the hyperlinked address is different from the address that is displayed, then the message is probably fraudulent or malicious.

10 Tips to Spot a Phishing Email Good http://csaa-insurance.aaa.com/ Evil http://csaa.com.evilbutfriendlywebsite.com/ URLs contain a misleading domain name Often times people that launch phishing scams depend on their victims not knowing how the DNS naming structure for domains works. It is the last part of a domain name that is the most telling. For example, the domain name webmail.csaa.com would be a child domain of csaa.com because csaa.com appears at the end of the full domain name (on the right hand side). Conversely, csaa.com.evilbutfriendlywebsite.com would clearly not have originated from csaa.com because the reference to csaa.com is on the left side of the domain name, not the right.

10 Tips to Spot a Phishing Email Messages contain poor spelling and grammar Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, legality, and a number of other things. As such, if a message is filled with poor grammar or spelling mistakes it probably didn't come from a major corporation's legal department.

10 Tips to Spot a Phishing Email The message asks for personal information No matter how official an email message might look, it is always a bad sign if the message asks for personal information. A reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

10 Tips to Spot a Phishing Email The offer seems too good to be true There is an old saying that if something seems too good to be true, it probably is. That saying holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, then the message is probably a scam. After all, why would a Nigerian prince that you have never heard of contact you to help him smuggle money out of his country?

10 Tips to Spot a Phishing Email You didn't initiate the action I received an email message informing me that I had won a lot of money!!! The only problem is that I bank somewhere else. If you get a message informing you that you have won a contest that you did not enter then you can bet that the message is a scam.

10 Tips to Spot a Phishing Email You are asked to send money to cover expenses One telltale sign of a phishing E-mail is that you will eventually be asked for money. You might not get hit up for cash in the initial message, but sooner or later a phishing artist will likely ask for money to cover expenses, taxes, fees, or something like that. If that happens, then you can bet that it's a scam.

10 Tips to Spot a Phishing Email The message makes unrealistic threats Although most of the phishing scams seem to try to trick people into giving up cash or sensitive information by promising the victim instant riches, other phishing artists try to use intimidation to scare the victim into giving up information. If a message makes unrealistic threats then the message is probably a scam.

10 Tips to Spot a Phishing Email The message appears to be from a government agency Phishing artists who want to use intimidation don't always pose as a bank. Sometimes phishing artists will send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about anything else that could scare the average law abiding citizen.

10 Tips to Spot a Phishing Email Something Doesn't Look Right! The idea is that if something just doesn't look right, then there is probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious then it is usually in your best interest to avoid acting on the message.

Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it s money wasted, because none of these measures address the weakest link in the security chain. Kevin Mitnick You can lead a horse to water, but you can t make it drink. The secrets to motivating someone to learn are: Build strong relationships Give them a voice and a choice Make it fun Make it relevant Make it real National Education Association Secure our employees, the Human Operating System, by changing behaviors with an active and engaging awareness program Natalie Timpone

Compliance Learning VS Fun!

Congratulations!! You have increased your risk awareness. Copy this icon onto the Risky Bingo card and submit the completed card to RiskyBusinessWeek@csaa.com to be entered into a drawing for prizes

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback