Phishing and Ransomware

Similar documents
59YHTgcmmrUbp965ht2TugQFZRjjak9Ckrp66CTxKEsgBZZJZqJvz462M3ePt5EGVcuL

BEST PRACTICES FOR PERSONAL Security

<deb61fd5 4d79 a Fri, Feb 17, 2017 at 4:08 PM (Delivered after 8 seconds) Bill MacKenty

bh=9f8/dl/qo6zqvut76gpsxonsryoygj7+iz3zai0nyty=; b=uzb/khk +qtkuju4s0ehm4kowgbvgoagiofkkbeqgxde79wrvtbe2kdtnqhenm+vnp1

bh=40lsbgolp7pbwmgrxdkxpu2gosgmm2ifbkmg6lw1jeu=; b=wmry1ugcb83u5xihbivsnolgzuj07gjvzmm+469p5b +8PzVhEWlQ1wqSjQBPAFHp6J

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

How to Build a Culture of Security

FAQ. Usually appear to be sent from official address

<OF1C8DBAB4.F6DD93FA ON852580F EA Mon, Mar 27, 2017 at 2:22 PM (Delivered after 239 seconds)

Webomania Solutions Pvt. Ltd. 2017

2 User Guide. Contents

Cyber Security Guide. For Politicians and Political Parties

Registering for and Signing Into myclinicalexchange

Adobe Security Survey

s. has become a primary means of communication. can easily be forged. can be abused

Advanced Introduction to Machine Learning CMU-10715

Cyber Hygiene Guide. Politicians and Political Parties

Logging into myclinicalexchange

Beyond the Theoretical: A Deep Dive Into Phishing CUNA Technology Conference

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Registering and Paying for myclinicalexchange

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Delivery incomplete. Detected a bounce of message #36, list gbird (bounce type DSN)

Registering and Creating Requests for myclinicalexchange

Google Identity Services for work

Office 365: Secure configuration

Securing Your Salesforce Org: The Human Factor. February 2016 User Group Meeting

Case 3:09-cv F Document Filed 04/07/11 Page 17 of 23 PageID 16514

t and Migration of WLCG TEIR-2

CE Advanced Network Security Phishing I

Why was an extra step of choosing a Security Image added to the sign-in process?

South Central Power Stop Scams

& Online Evidence Collection

Account Customer Portal Manual

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

n Define active and passive footprinting n Identify methods and procedures in information gathering Chapter #2:

Seller Reference Guide Everything you need to know

CIS 5373 Systems Security

Safety and Security. April 2015

Registering and Creating Requests for myclinicalexchange

Manually Unlock User Account Windows 7 Standard

Phishing Read Behind The Lines

PowerPanel Enterprise

Setting Up in Daycare Works Help. Version: 06/25/2013

Patient Quick Start Guide

9 Steps to Protect Against Ransomware

Automatic Delivery Setup Guide

Mentoring Connector Program Administrator Manual

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Changes to Government Gateway

Online and Mobile Banking Upgrade November 1 st, 2018

SymmetryCRM: Outlook Mail Application Tool

The most extensive identity protection plan available

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Teresa Gibbons ITU Support Center Manager October 18, 2012

. Account & Google Message Center Guide. January Prepared by: Angela Mars IT Education and Training

Installation guide for Choic Multi User Edition

IMPORTANT DATES. Friday, January 18 th

Administrator Manual. Last Updated: 15 March 2012 Manual Version:

Comodo SecureBox Management Console Software Version 1.9

Moving from Prevention to Detection March 2017

The University of Toledo Intune End-User Enrollment Guide:

Mobile Banking with Mobile Deposit FAQs

Mr. Gottlieb, The Central Bank of Belize is not permitted by statute to respond to your specific questions.

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

Getting Started with the DEFEND System

Case Management System

Frequently Asked Questions

User Manual for SYSADMIN for e-diary Application

Keeping Your PC Safe. Tips on Safe Computing from Doug Copley

Case Management System

SIMS ID Registration with SIMS Agora

Phish Alert Button How-To. Website:

Getting Started with the Severe Weather Shelter Scheduling Software

Online Services USER GUIDE. First Time Log In

WHITEPAPER. Protecting Against Account Takeover Based Attacks

RezDesk User Guide for Travel Arrangers

(electronic mail) is the exchange of computer-stored messages by telecommunication.

Webroot Phishing Threat Trends

Administrator Manual. Last Updated: 15 March 2012 Manual Version:

IACA Discussion List Guidelines, Use and Subscription Management

Patient Portal User Guide The Patient s Guide to Using the Portal

JAPAN CYBER-SAVVINESS REPORT 2016 CYBERSECURITY: USER KNOWLEDGE, BEHAVIOUR AND ATTITUDES IN JAPAN

CLOUD MAIL End User Guide. (Version 1.0)

A. Getting Started About e-access Enrolling in e-access: Authenticating your account Login... 5

Business Online Banking & Bill Pay Guide to Getting Started

How to Conquer Targeted Threats: SANS Review of Agari Enterprise Protect

The University Registrar s office will supply you with a USER ID and an initial PIN.

Registering as a parent

Security and Privacy

Sentry Power Manager (SPM) Software Security

State of the Phish 2016

Update on new Microsoft Cloud Technology

C13: Current Threats and Countermeasures 2010 Lou Spahn, Accuvant, Inc.

Phishing in the Age of SaaS

User Manual Appointment System

IACA Discussion List. About the IACA Discussion List. Guidelines, use and subscription management

PCI Compliance. What is it? Who uses it? Why is it important?

Security Awareness. Chapter 2 Personal Security

Transcription:

Phishing and Ransomware Dave Phillips Information Technology Resources March 2, 2016

Phishing Phishing What it looks like How to identify What happens to your credentials Remember that ITR will NEVER, EVER ask for your login credentials in an email.

Sample - Phishing Email Subject: You have two message's from your Admin. Date: February 29, 2016 Dear dphillips@hartnell.edu Your have two important message's on your Etudes from Office of Faculty Administration. Click here to read Thanks Etudes Team

Phishing - Sample Email Subject: Alert Date: February 18, 2016 Your Two incoming mails were placed on pending status due to a recent upgrade to our data, In order to receive the messages Click Here to login and wait for response from Administrator, we apologize for any inconvenience and appreciate your understandings. Thank you!

Phishing Sample Email Hartnell University Email Account Security info replacement Someone started a process to replace all of the security info for your Email Account. If this was you, you can safely ignore this email. Your security info will be replaced with 153#234 when the 5-day waiting period is up. If this wasn't you, someone else might be trying to take over your email account. Click here to fill in details and verify your current information in our servers and we'll help you protect this account. Thanks, Dave For: Hartnell University Email Team Phone: 831-755-6729 Email: alert@hartnell.edu

Phishing Sample Email Official Notification Letter Email from Google Corporations : Official Notification Letter 8/14/2015 7:02 PM Google Corporations 1 attachment View Open in browser Download Save to Drive Dear Google User, This is to officially inform you that you have been selected as a winner for using Google services, attached is our official notification letter for your perusal. Sincerely. Larry Page CEO & Co-founder of Google

Spear Phishing Sample Email

Phishing How to Identify

Phishing Show Original Delivered-To: dphillips@hartnell.edu Received: by 10.107.9.10 with SMTP id j10csp2188264ioi; Wed, 2 Mar 2016 04:55:51-0800 (PST) X-Received: by 10.55.82.85 with SMTP id g82mr32980902qkb.107.1456923351075; Wed, 02 Mar 2016 04:55:51-0800 (PST) Return-Path: <webmaster@intervent.com> Received: from mout.perfora.net (mout.perfora.net. [74.208.4.196]) by mx.google.com with ESMTPS id j32si3040185qga.91.2016.03.02.04.55.50 for <dphillips@hartnell.edu> (version=tls1_2 cipher=ecdhe-rsa-aes128-gcm-sha256 bits=128/128); Wed, 02 Mar 2016 04:55:51-0800 (PST) Received-SPF: neutral (google.com: 74.208.4.196 is neither permitted nor denied by best guess record for domain of webmaster@intervent.com) client-ip=74.208.4.196; Authentication-Results: mx.google.com; spf=neutral (google.com: 74.208.4.196 is neither permitted nor denied by best guess record for domain of webmaster@intervent.com) smtp.mailfrom=webmaster@intervent.com Received: from oxusgaltgw15.schlund.de ([10.72.72.62]) by mrelay.perfora.net (mreueus002) with ESMTPSA (Nemesis) id 0M9HxI-1akQWW1q5m-00CiBP for <dphillips@hartnell.edu>; Wed, 02 Mar 2016 13:55:50 +0100 Date: Wed, 2 Mar 2016 07:55:50-0500 (EST) From: "\"[[\"jfitch@hartnell.edu" <jfitch@hartnell.edu> Reply-To: "\"[[\"jfitch@hartnell.edu" <jfitch@hartnell.edu>

Phishing Show Original Delivered-To: dphillips@hartnell.edu Received: by 10.107.9.10 with SMTP id j10csp2187788ioi; Wed, 2 Mar 2016 04:54:41-0800 (PST) X-Received: by 10.140.132.149 with SMTP id 143mr33255775qhe.7.1456923281571; Wed, 02 Mar 2016 04:54:41-0800 (PST) Return-Path: <webmaster@intervent.com> Received: from mout.perfora.net (mout.perfora.net. [74.208.4.197]) by mx.google.com with ESMTPS id g184si35827941qhd.51.2016.03.02.04.54.41 for <dphillips@hartnell.edu> (version=tls1_2 cipher=ecdhe-rsa-aes128-gcm-sha256 bits=128/128); Wed, 02 Mar 2016 04:54:41-0800 (PST) Received-SPF: neutral (google.com: 74.208.4.197 is neither permitted nor denied by best guess record for domain of webmaster@intervent.com) client-ip=74.208.4.197; Authentication-Results: mx.google.com; spf=neutral (google.com: 74.208.4.197 is neither permitted nor denied by best guess record for domain of webmaster@intervent.com) smtp.mailfrom=webmaster@intervent.com Received: from oxusgaltgw15.schlund.de ([10.72.72.62]) by mrelay.perfora.net (mreueus001) with ESMTPSA (Nemesis) id 0MLxKE-1aXpZk3r5g-007iJl for <dphillips@hartnell.edu>; Wed, 02 Mar 2016 13:54:40 +0100 Date: Wed, 2 Mar 2016 07:54:40-0500 (EST) From: "jfitch@hartnell.edu" <webmaster@intervent.com> Reply-To: "jfitch@hartnell.edu" <webmaster@intervent.com> To: dphillips@hartnell.edu

Delivered-To: dphillips@hartnell.edu Received: by 10.107.9.10 with SMTP id j10csp2277976ioi; Wed, 2 Mar 2016 07:54:25-0800 (PST) X-Received: by 10.31.150.193 with SMTP id y184mr17064874vkd.99.1456934065918; Wed, 02 Mar 2016 07:54:25-0800 (PST) Return-Path: <eprice@hartnell.edu> Received: from mail-vk0-x22c.google.com (mail-vk0-x22c.google.com. [2607:f8b0:400c:c05::22c]) by mx.google.com with ESMTPS id o130si22583198vkf.206.2016.03.02.07.54.25 for <dphillips@hartnell.edu> (version=tls1_2 cipher=ecdhe-rsa-aes128-gcm-sha256 bits=128/128); Wed, 02 Mar 2016 07:54:25-0800 (PST) Received-SPF: pass (google.com: domain of eprice@hartnell.edu designates 2607:f8b0:400c:c05::22c as permitted sender) client-ip=2607:f8b0:400c:c05::22c; Authentication-Results: mx.google.com; spf=pass (google.com: domain of eprice@hartnell.edu designates 2607:f8b0:400c:c05::22c as permitted sender) smtp.mailfrom=eprice@hartnell.edu; dkim=pass header.i=@hartnell-edu.20150623.gappssmtp.com Received: by mail-vk0-x22c.google.com with SMTP id e185so205782798vkb.1 for <dphillips@hartnell.edu>; Wed, 02 Mar 2016 07:54:25-0800 (PST)

Phishing Report Phishing

What Happens to Your Credentials Cumulus Experiment http://www.hartnell.edu/sites/default/files/library_documents/br_where_is_your_data_report_2016.pdf

Survey from Wombat Security 85 percent of respondents said they were a victim of a phishing attack (up 13%percent from the prior report) 67%percent said they experienced a spear phishing attack (a 22 percent increase) 60%percent said they believe the rate of phishing attacks has increased overall

Survey from Wombat Security 44%percent complained of lost employees productivity 36%percent faced consequences related to the loss of proprietary information 20%percent dealt with damage to their reputation

Always Remember When in Doubt Check it Out! Look at email headers (Show Original) Ask ITR for help Remember that ITR will NEVER, EVER ask for your login credentials in an email.

What to do if you are a Phishing Victim 1. Turn off your computer. 2. Log into PAWS on another computer and change your password immediately. 3. Call ITR for help.

Ransomware Ransomware What it looks like Recent Cases Latest Rasomware Locky What to do NEVER open an attachment if you were not expecting it, even if it is from someone you know.

Ransomware What it looks like A ransomware Email looks very similar to Phishing emails. Goal is to get you to download the malicious software by clicking a link or a button. The software install will usually ask you for permission.

Ransomware - Cryptolocker

Ransomware Family Growth

Ransomware Latest Victims Hospitals, businesses, schools, and yes, even police precincts are victims. http://www.ibtimes.com/ransomwarehackers-bigger-threat-ever-forcinghospitals-police-pay-hostage-fees- 2319822

Ransomware Latest Version Locky

Ransomware Another Locky Email

Ransomware Latest Version Locky

Ransomware Latest Version Locky

What to do Ransomware Victim 1. Forcibly turn off your computer (hold the power button down for 8 seconds). 2. Log into PAWS on another computer and change your password immediately. 3. Call ITR immediately. Don t leave a message find someone in ITR to help.

Always Remember When in Doubt DON T check it Out! DON T let your curiosity win out! NEVER open an attachment if you were not expecting it, even if it is from someone you know.

Always Remember Questions? Comments?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback