Phishing. What do phishing s do?

Similar documents
FAQ. Usually appear to be sent from official address

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

How to recognize phishing s

Who We Are! Natalie Timpone

But it Was Such a Little Phish February 2016 Webinar

Spam Protection Guide

Cyber Security Guide for NHSmail

DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

Malicious s. How to Identify Them and How to Protect Yourself

Train employees to avoid inadvertent cyber security breaches

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Your security on click Jobs

IMPORTANT SECURITY INFORMATION PHISHING

Phishing Activity Trends Report March, 2005

Webomania Solutions Pvt. Ltd. 2017

Do not open attachments on s that you are not sure of.

Security & Phishing

TIPS TO AVOID PHISHING SCAMS

Ages Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft. Ley Mills IRS Stakeholder Liaison December 20, 2017

Protecting from Attack in Office 365

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

FAQ: Privacy, Security, and Data Protection at Libraries

Phishing Activity Trends Report January, 2005

Panda Security 2010 Page 1

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

Evolution of Spear Phishing. White Paper

3.5 SECURITY. How can you reduce the risk of getting a virus?

2 User Guide. Contents

Introduction to

Online Scams. Ready to get started? Click on the green button to continue.

Automated Context and Incident Response

Retail/Consumer Client Internet Banking Awareness and Education Program

Target Breach Overview

ANNUAL SECURITY AWARENESS TRAINING 2012

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

Phishing: What is it?

Recognizing & Protecting Against Fraud

Security and Privacy

>MESSAGELABS END USER IT SECURITY GUIDE >WHAT STEPS CAN YOU TAKE TO KEEP YOURSELF, YOUR COLLEAGUES AND YOUR COMPANY SAFE ONLINE?

BRING SPEAR PHISHING PROTECTION TO THE MASSES

Virtual Product Fair. Protect your agency data protect your business

South Central Power Stop Scams

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Notices. Third Party Project Usage. Sample Code in Documentation

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Phishing Activity Trends Report November, 2004

Why we spam? 1. To get Bank Logs by spamming different banks.

Staying Safe on the Internet. Mark Schulman

One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious

Bank of america report phishing

CYBER SECURITY RESOURCE GUIDE. Cyber Fraud Overview. Best Practices and Resources. Quick Reference Guide for Employees. Cyber Security Checklist

CE Advanced Network Security Phishing I

Security Using Digital Signatures & Encryption

HOW TO PHISH YOUR BUSINESS (AND GET MANAGEMENT S BUY-IN)

page_1a.png page_1b.png page_2.png page_4.png page_5.png PHISHING ADMIN GUIDE

PHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

C13: Current Threats and Countermeasures 2010 Lou Spahn, Accuvant, Inc.

Client Resources. participant guide

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

Chain 365 Cyber Threat Intelligence Enterprise & Cyber Security. August 2017

PROTECTING YOUR BUSINESS ASSETS

The security of Mozilla Firefox s Extensions. Kristjan Krips

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Best Practices Guide to Electronic Banking

Online Security: Breaking Down the Anatomy of a Phishing

Why was an extra step of choosing a Security Image added to the sign-in process?

41% Opens. 73% Clicks. 35% Submits Sent

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

Business/Commercial Client Internet Banking Awareness and Education Program

falanx Cyber Falanx Phishing: Measure your resilience

I G H T T H E A G A I N S T S P A M. ww w.atmail.com. Copyright 2015 atmail pty ltd. All rights reserved. 1

Authentication Security

Phishing: What is it and how does it affect me?

Phishing: When is the Enemy

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Preventing and Identifying Phishing Scams January 31, 2017

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

2018 Edition. Security and Compliance for Office 365

SiteAdvisor Enterprise

JPCERT/CC Incident Handling Report [January 1, March 31, 2018]

Unique Phishing Attacks (2008 vs in thousands)

CSCD 303 Essential Computer Security Fall 2018

Webroot Phishing Threat Trends

Norton Online Reputation Report: Why Millennials should manage their online footprint

Fighting Phishing I: Get phish or die tryin.

W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s

Phishing Activity Trends Report October, 2004

Introduction. Logging in. WebMail User Guide

Security Practices & File Encryption

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

A Quick Start Guide for teachers: Working with Report cards in eteacher on MXWEB

REPORT. proofpoint.com

06ESFContacts 1 message

How to Build a Culture of Security

CSCE 813 Internet Security Case Study II: XSS

Transcription:

Phishing We have become all too familiar with phishing emails but if that s the case, why do we as a community still fall victim? In this newsletter our goal is to provide you with some basic information about what phishing is, a few techniques to help you identify phishing emails and then instructions on who to contact if you have any questions. What do phishing emails do? Phishing emails can be pretty nasty attacks yet some users just don t get it. Let s try and put this into perspective with a simple scenario. A user gets an email from another employee at Lynn University and it contains a hyperlink in the email that interests them. They don t really know the person but they decide to click on the link anyway and it takes them to a website that asks the user to login to view the content. The user enters in their Lynn username and password and viola, they can access the content. It ends up being nothing that they are interested in and they close the web page and forget about it. What really happened? Well, it all depends on what that phishing campaign was trying to accomplish? Let me give you some examples of the potential risks that stem from clicking on the link in the email. This is only for illustration purposes and hopes to inform you on what COULD be done. 1. When the user clicked on the email, an embedded script ran silently in the background. The script did the following a. It pulled a log of all users who had previously logged into that computer along with their passwords that were still in memory b. It installed a keylogger that is now collecting all the keystrokes that the users types with their keyboard. Including any other usernames and passwords for any other sites they visit. i. What if you accessed your bank recently? Uh oh! Does this mean that they can log into your bank account? Yep! ii. Do you now have to worry about Identity Theft? Possibly? c. It copied all your documents on your desktop or H drive and zipped them in a hidden file on your computer to be used at a later time. d. It also installed a command and control backdoor agent that sends the information that it has collected to a server out on the internet. But wait, that server changes based on a sophisticated algorithm that generates a different server on the hour. All silently in the background. 2. When the user typed in their Lynn Username and password the attacker now has the users email address, domain name, username, and password. a. The attacker now has access to: i. all of your emails and it can send out emails to others in your contact list to spread the attack so that others can be affected.

ii. all of your documents that you have in: 1. Office 365 2. your local computer 3. your Departmental Drives etc. There we have it. A simple scenario to describe how a phishing attack could affect not only university data and information but also, your own personal information and data. We can t stress enough the importance of being more aware of what websites you are accessing and what hyperlinks you are clicking on. The repercussions can be pretty significant. So what does a phishing email look like? Here are some examples of the recent phishing emails that some members of the community have fallen victim to. You may have received a copy of them. ****************************************************************************** ************************************************************************************* *************************************************************************************

************************************************************************* ************************************************************************* Key things to look out for: Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see Email and web scams: How to help protect yourself. Beware of links in email. If you see a link in a suspicious email message, do not click on it. Rest your mouse (but do not click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address.

Links might also lead you to.exe files. These kinds of file are known to spread malicious software. Do you even know the person sending you the email? Does it make sense that the person sending you an email to a finance document but they work in a department that has no affiliation with finance? Threats. Have you ever received a threat that your account would be closed if you didn't respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised. For more information, see Watch out for fake alerts. Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. For more information, see Avoid scams that use the Microsoft name fraudulently. Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered. For more information, see Protect yourself from cybersquatting and fake web addresses. How to Report Phishing emails using the Proofpoint Unwanted Email Plugin in Outlook: 1. Identify email in question. 2. Select and Highlight the email and go to the Message Tab. On the far right you will see a Proofpoint Group on the ribbon. 3. Click on Manage Unwanted and Select Report as Suspicious.

If the Proofpoint Unwanted Email Plug is not installed on your computer, please contact Support Services at 561-237-7979.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback