DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

Similar documents
FAQ. Usually appear to be sent from official address

Webomania Solutions Pvt. Ltd. 2017

Cyber Security Guide for NHSmail

How to recognize phishing s

Cyber Security Guide. For Politicians and Political Parties

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

Cyber Hygiene Guide. Politicians and Political Parties

Phishing. What do phishing s do?

ELECTRONIC BANKING & ONLINE AUTHENTICATION

TIPS TO AVOID PHISHING SCAMS

Train employees to avoid inadvertent cyber security breaches

Employee Security Awareness Training

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

IMPORTANT SECURITY INFORMATION PHISHING

CHAPTER 8 SECURING INFORMATION SYSTEMS

Phishing Attacks. Mendel Rosenblum. CS142 Lecture Notes - Phishing Attack

Who We Are! Natalie Timpone

CNATRAINST A N6 3 Mar 16. Subj: CNATRA ELECTRONIC MAIL DIGITAL SIGNATURE AND ENCRYPTION POLICY

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Online Threats. This include human using them!

Phishing: Don t Phall Phor It Part 1

Introduction. Logging in. WebQuarantine User Guide

Security & Phishing

2 User Guide. Contents

Frequently Asked Questions (FAQ)

The Rise of Phishing. Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group

Target Breach Overview

Best Practices Guide to Electronic Banking

Introduction to Information Security Dr. Rick Jerz

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Bank of america report phishing

SSAC Public Meeting Paris. 24 June 2008

Phishing: When is the Enemy

NHS South Commissioning Support Unit

CYBER SECURITY RESOURCE GUIDE. Cyber Fraud Overview. Best Practices and Resources. Quick Reference Guide for Employees. Cyber Security Checklist

Securing Information Systems

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

Create strong passwords

Phishing Activity Trends

Ransomware A case study of the impact, recovery and remediation events

Online Security and Safety Protect Your Computer - and Yourself!

Ransomware A case study of the impact, recovery and remediation events

Unique Phishing Attacks (2008 vs in thousands)

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

Introduction. Logging in. WebMail User Guide

Phishing Activity Trends Report August, 2006

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Safeguarding Controlled Unclassified Information and Cyber Incident Reporting. Kevin R. Gamache, Ph.D., ISP Facility Security Officer

Spam Protection Guide

Online Scams. Ready to get started? Click on the green button to continue.

Security and Privacy

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Retail/Consumer Client Internet Banking Awareness and Education Program

NOT PROTECTIVELY MARKED PHISHING. July 2016

Chapter 6 Network and Internet Security and Privacy

Securing Information Systems

9 Steps to Protect Against Ransomware

CE Advanced Network Security Phishing I

Phishing. A simplified walkthrough on how phishing campaigns are often orchestrated, and possible defences. Copyright March 2018

Protecting from Attack in Office 365

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft. Ley Mills IRS Stakeholder Liaison December 20, 2017

falanx Cyber Falanx Phishing: Measure your resilience

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

But it Was Such a Little Phish February 2016 Webinar

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

Objectives. Disclaimer: Phishing: Don t Phall Phor It Part 1. Software Training Services

Phishing Activity Trends Report October, 2004

Phishing Activity Trends

Phishing Activity Trends Report August, 2005

To learn more about Stickley on Security visit You can contact Jim Stickley at

Layer by Layer: Protecting from Attack in Office 365

State of the Phish 2016

Cyber Security Practice Questions. Varying Difficulty

Today s Presentation. Define phishing Explain phishing techniques Examples of phishing Statistics about phishing Defense against Dark Arts Resources

Phishing Activity Trends Report January, 2005

Malicious s. How to Identify Them and How to Protect Yourself

Phishing: What is it?

41% Opens. 73% Clicks. 35% Submits Sent

Copyright

Security. The DynaSis Education Series for C-Level Executives

Phishing in the Age of SaaS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

CHAPTER 3. Information Systems: Ethics, Privacy, and Security

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

Introduction to

Securing Information Systems

White paper. Common attacks and counter measures. How Keytalk helps protect against sniffing, man in the middle, phishing and trojan attacks

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Electronic Identity Theft and Basic Security

Web Cash Fraud Prevention Best Practices

The Dilemma: Junk, Spam, or Phishing? How to Classify Unwanted s and Respond Accordingly

What is Zemana AntiLogger?

Evolution of Spear Phishing. White Paper

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Your security on click Jobs

A Framework to Assist Users in the Identification of Phishing Attacks

Safety and Security. April 2015

Do not open attachments on s that you are not sure of.

Transcription:

//FOUO DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations Updated: 16 NOV 2006 //FOUO

Objective Inform and increase the awareness of all Department of Defense personnel of the dangers and threats imposed on DoD information systems as a result of spear-phishing emails. Instruct personnel on how to recognize these email threats while offering methods to help counter the threat. Instructions - To advance to the next slide, click the button. - Click to return to the previous slide. - Click on the hyperlinked (blue, underlined) text to get more information on an item. - Click to return from the hyperlinked location.

What is Phishing? Phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords, personal information, military operations, and credit card/financial details, by masquerading as a trustworthy person or business in an electronic communication. BUT, DID YOU KNOW.

Hidden Threats of Phishing Phishing emails not only attempt to trick you into giving out sensitive information, but also can include malicious software. What this means These emails may contain mini-programs that will be installed on your computer. They may capture your keystrokes or capture your personal files and send them to people they shouldn t be going to without you knowing it!!!

Hidden Threats of Phishing Most phishing attempts are for identity theft, but there is a rise in attempts at gaining access to online banking, federal, and defense information. These hidden/unknown threats can capture your passwords/login credentials and also compromise unclassified, but yet sensitive, information that can put Department of Defense operations at risk.

What is Spear Phishing? Spear Phishing is a GREATER threat!!! Spear Phishing is a highly targeted phishing attempt. The attacker selectively chooses the recipient (target) and usually has a thorough understanding of the target s command or organization.

What is Spear Phishing? The attacker may: Address the recipient by name Use lingo/jargon of the organization Reference actual procedures, SOPs/TTPs, or DOD Instructions The email may appear very genuine. Sometime these emails have legitimate operational and exercise nicknames, terms, and key words in the subject and body of the message.

Common Examples of Phishing Phishing is not anything new and many of you may have seen examples in emails from your personal / at-home email accounts. You may have seen emails that appear to come from your bank or other online financial institutions. Commonly Seen Commercial Examples: ebay, PayPal, all banking and financial institutions

Bank of America Military Bank Phishing Email sent portraying Bank of America, Military Bank Entices the user to complete a survey and receive a $20 or $25 credit

Bank of America Military Bank Convincing website linked from BOA Military Bank email

Bank of America Military Bank Convincing website linked from BOA Military Bank email

Should I be worried? YES, this is occurring within DOD The attacker s primary focus is to get you to open an attachment or follow a web link. These actions may install the malicious software. Most spear phishing attacks within DOD are not for identity theft.

Who should be worried? Everyone within DOD is a target. Attempts have been seen at all levels and areas. Military, Civilians, Contractors All Ranks All Services All Geographic Locations Discovered spear phishing messages within the DOD can be very convincing

Recognition From field of an email can be easily faked (spoofed). It might appear completely correct, or have a similar variation. account_security@mypay.com On the other hand, the message may come from a legitimate email account, because that account has been compromised. john.smith.yourboss@yourbase.mil This can occur when the attackers obtain someone s login credentials and email contacts in their address book in order to obtain more accounts. How can I be sure? Is the message digitally signed?

Recognition Other recognition factors of phishing attempts: 1) Generic Greeting 2) Fake Sender s Address 3) False Sense of Urgency 4) Fake Web Links. Deceptive Web Links. Email is requiring that you follow a link to sign up for a great deal, or to log in and verify your account status, or encourages you to view/read an attachment. 5) Emails that appear like a website 6) Misspellings and Bad Grammar

//FOUO Recognition (Example 1) Sanitized example of a message with a link to a website that installs malicious software. DO NOT FOLLOW THESE LINKS //FOUO

//FOUO Recognition (Example 2) Sanitized example of a message with an attachment that contained malware. DO NOT OPEN THE ATTACHMENT IF YOU RECEIVE A SIMILARLY COMPOSED EMAIL NOTE: VALIANT SHIELD was an actual exercise event. Message was sent from a supposed exercise account. //FOUO

//FOUO Recognition (Example 3) Sanitized example of a message with an attachment that contained malware. DO NOT OPEN THE ATTACHMENT IF YOU RECEIVE A SIMILARLY COMPOSED EMAIL //FOUO

//FOUO Recognition (Example 4) Sanitized example of a message with an attachment that contained malware. DO NOT OPEN THE ATTACHMENT IF YOU RECEIVE A SIMILARLY COMPOSED EMAIL //FOUO

Prevention (as a receiver) Be cognizant and vigilant of this threat. Before clicking on any weblink within a message or opening up an attachment, be sure the source of the email is legitimate. Is it digitally signed? The links and attachments can contain malware, spyware, viruses, and trojan horses. If you click on these illegitimate links/attachments, your computer or account will likely be compromised.

Prevention (as a sender) At a minimum, Digitally Sign All E-mails? If your position involves official direct email contact with outside DoD entities, digital signatures might not be an option. If this is the case, be suspect of the format and enclosed attachments with these individuals.

Prevention (as a sender) Note on Operations Security (OPSEC) Users should digitally sign and encrypt all messages that contain: (at a minimum) For Official Use Only (FOUO) Privacy Act / personal information technical and contract data proprietary information foreign government information financial information source selection information

Prevention (as a sender) Do not send emails using HTML formatting. Use Plain Text or Rich Text formatted emails. Plain Text (or ASCII) is preferred because Rich Text looks the same as HTML formatting. How do I set this up?

Digital Signing The importance of digitally signing your messages can t be stressed enough. To date, there are no known spoofs to digital signatures, other than compromised PKI credentials due to negligence. Digitally Signed Message Digitally Signed and Encrypted Message

Awareness Be aware of current information systems threats and targets within DOD Command and organization Information Security professionals should be following these current threats and continually educating you on them. Specific reports and alerts are published by JTF-GNO.

Resources / Further Details JTF-GNO Portal: NIPRNET: https://www.jtfgno.mil (CAC required) JTF-GNO J2/J3 Alert 066-06 (PDF, CAC required) SIPRNET: http://www.jtfgno.smil.mil DOD Information Awareness Training http://iase.disa.mil/dodiaa/launchpage.htm

//FOUO The End The JTF-GNO directs the operation and defense of the Global Information Grid across strategic, operational, and tactical boundaries in support of DoD s full spectrum of war fighting, intelligence, and business operations. //FOUO

What is Social Engineering? Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. All Social Engineering techniques are based on flaws in human logic known as cognitive biases. [ Cognitive biases won t be expanded here, but it involves the different ways we all perceive reality and how bad people use these facts to get what they need.]

Sending Plain Text E-mail 1) In Outlook, in the menu bar, select Tools -> Options 2) Select the Mail Format tab and select Plain Text 3) Click on Internet Format (then next slide) 2 3

Sending Plain Text E-mail 4) Under Outlook Rich Text options, select either Convert to Plain Text format or Send using Outlook Rich Text format 4

Sign a Message When composing a message in Outlook, ensure you sign the message by selecting the button below. To encrypt, select the envelope with the blue lock icon.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback