Phishing: What is it?

Similar documents
How to recognize phishing s

Online Scams. Ready to get started? Click on the green button to continue.

But it Was Such a Little Phish February 2016 Webinar

FAQ. Usually appear to be sent from official address

Safety and Security. April 2015

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

Your security on click Jobs

South Central Power Stop Scams

Spam Protection Guide

TIPS TO AVOID PHISHING SCAMS

commtech Online Holiday Shopping Tips A Guide Presented by: CommTech Industries

Webomania Solutions Pvt. Ltd. 2017

Security & Phishing

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

Target Breach Overview

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

IMPORTANT SECURITY INFORMATION PHISHING

PROTECTING YOUR BUSINESS ASSETS

Train employees to avoid inadvertent cyber security breaches

Ages Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk

Cyber Security Guide for NHSmail

It pays to stop and think

Phishing. What do phishing s do?

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft

"Stay Smart, Keep Cyber Scam Away" Seminar Build a Secure Cyberspace 2018

Personal Cybersecurity

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft. Ley Mills IRS Stakeholder Liaison December 20, 2017

Guide to credit card security

Paid-for antivirus software

Who We Are! Natalie Timpone

NOT PROTECTIVELY MARKED PHISHING. July 2016

DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

CYBER SECURITY RESOURCE GUIDE. Cyber Fraud Overview. Best Practices and Resources. Quick Reference Guide for Employees. Cyber Security Checklist

Phishing: Don t Phall Phor It Part 1

Common Scams and Fraud. Charlottesville/Albemarle County TRIAD Group

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Internet Safety Utilize the Internet without Fear

Newcomer Finances Toolkit. Fraud. Worksheets

The 12 scams of Christmas

Bank of america report phishing

Client Resources. participant guide

FRAUDULENT TRAVEL SCAMS

Phishing: When is the Enemy

Online Security and Safety Protect Your Computer - and Yourself!

Compliance & HIPAA Annual Education

How Cyber-Criminals Steal and Profit from your Data

Employee Security Awareness Training

NHS South Commissioning Support Unit

Scams and Schemes LESSON PLAN UNIT 1. Essential Question What is identity theft, and how can you protect yourself from it?

WEB OF DECEIT. Why are seniors targeted?

Credit Card Frauds Sept.08, 2016

Retail/Consumer Client Internet Banking Awareness and Education Program

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

CE Advanced Network Security Phishing I

Digital Safety and Digital Citizenship

INTERNET SECURITY STAYING SAFE ONLINE

INFORMATION ABOUT SCAMS FOR RESIDENTS

TWINSBURG COMMUNITY SERVICE BUREAU. Senior Scam Workshop. Presented by Officer Ron Fruscella and Officer Greg Kopniske

Staying Safe on the Internet. Mark Schulman

>MESSAGELABS END USER IT SECURITY GUIDE >WHAT STEPS CAN YOU TAKE TO KEEP YOURSELF, YOUR COLLEAGUES AND YOUR COMPANY SAFE ONLINE?

INTERNET SAFETY IS IMPORTANT

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Objectives. Disclaimer: Phishing: Don t Phall Phor It Part 1. Software Training Services

Introduction to

UNO IT NEWSLETTER. University of New Orleans Information Technology

Recognizing & Protecting Against Fraud

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Basic and Web Security

Security Practices & File Encryption

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Duplication and/or selling of the i-safe copyrighted materials, or any other form of unauthorized use of this material, is against the law.

BRING SPEAR PHISHING PROTECTION TO THE MASSES

Sinu. Your IT Department. Oh, the humanity! The role people play in data security NYC: DC:

Phishing Attacks. Mendel Rosenblum. CS142 Lecture Notes - Phishing Attack

Financial scams. What to look for and how to avoid them.

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR

Review Ch. 3 Connecting to the World s Information. 2010, 2006 South-Western, Cengage Learning

GRANDPARENT S GUIDE TO TECHNOLOGY VOLUME 2

Holiday Season Cyberattacks on Pace to Increase by Nearly 60%

PHISHING GOT DARKER. AND SMARTER.

Security. The DynaSis Education Series for C-Level Executives

Create strong passwords

3.5 SECURITY. How can you reduce the risk of getting a virus?

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

PHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016

User s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved.

Protecting your Security and Privacy on the Web. Tony Brett Head of IT Support Staff Services IT Services. 11 March 2013

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

SHS Annual Information Privacy and Security Training

Quentin Burdick Building

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

CUSTOMER TIPS: HOW TO GUARD AGAINST FRAUD WHEN USING ONLINE BANKING OR ATM s

Do not open attachments on s that you are not sure of.

Malicious s. How to Identify Them and How to Protect Yourself

The Shortcut Guide To. Protecting Against Web Application Threats Using SSL. Dan Sullivan

HIPAA COW Healthcare IT Networking Group Co-Chairs. Scott Vaughan. Brad Candell. Sauk Prairie Healthcare. Group Health Cooperative of Eau Claire

Transcription:

Objec&ves Define phishing and iden&fy various types of phishing scams Recognize common bai&ng tac&cs used in phishing scams Examine real phishing messages Understand how to protect yourself from being hooked by a phishing scam

Phishing: What is it? Phishing Cybercriminal ahempts to steal personal and financial informa&on or infect computers and other devices with malware and viruses Designed to trick you into clicking a link or providing personal or financial informa&on OIen in the form of emails and websites May appear to come from legi&mate companies, organiza&ons or known individuals Take advantage of natural disasters, epidemics, health scares, poli&cal elec&ons or &mely events

Types of Phishing Mass Phishing Mass, large-volume ahack intended to reach as many people as possible Spear Phishing Targeted ahack directed at specific individuals or companies using gathered informa&on to personalize the message and make the scam more difficult to detect Whaling Type of spear phishing ahack that targets big fish, including high-profile individuals or those with a great deal of authority or access Clone Phishing Spoofed copy of a legi&mate and previously delivered email, with original ahachments or hyperlinks replaced with malicious versions, which is sent from a forged email address so it appears to come from the original sender or another legi&mate source Advance-Fee Scam: Requests the target to send money or bank account informa&on to the cybercriminal

Common Bai&ng Tac&cs No;fica;on from a help desk or system administrator Asks you to take ac&on to resolve an issue with your account (e.g., email account has reached its storage limit), which oien includes clicking on a link and providing requested informa&on. Adver;sement for immediate weight loss, hair growth or fitness prowess Serves as a ploy to get you to click on a link that will infect your computer or mobile device with malware or viruses. ACachment labeled invoice or shipping order Contains malware that can infect your computer or mobile device if opened. May contain what is known as ransomware, a type of malware that will delete all files unless you pay a specified sum of money. No;fica;on from what appears to be a credit card company Indicates someone has made an unauthorized transac&on on your account. If you click the link to log in to verify the transac&on, your username and password are collected by the scammer. Fake account on a social media site Mimics a legi&mate person, business or organiza&on. May also appear in the form of an online game, quiz or survey designed to collect informa&on from your account.

Phishing Lure Claims to come from the NDSU IT Help Desk and system administrators References NDSU and North Dakota State University Calls for immediate ac&on using threatening language Includes hyperlink that points to fraudulent site

Phishing Lure Claims to come from the NDSU Human Resources Timely call for ac&on during annual review season From address includes NDSU, but not.edu address (@ndsu.com) Includes hyperlink that points to fraudulent site

Phishing Lure Claims to come from PayPal Includes PayPal logo, but from address is not legi&mate (@ecomm360.net) Calls for immediate ac&on using threatening language Includes hyperlink that points to fraudulent site

Phishing Lure Likely an advancedfee scam Takes advantage of ongoing humanitarian crisis If it sounds too good to be true, it likely is

Detect a Phishing Scam Spelling errors (e.g., pessward ), lack of punctua&on or poor grammar Hyperlinked URL differs from the one displayed, or it is hidden Threatening language that calls for immediate ac&on Requests for personal informa&on Announcement indica&ng you won a prize or lohery Requests for dona&ons

Can you detect a phishing scam?

Is the name of the staff mailing list correct? Use the hover technique. Does the displayed URL match the actual URL? Examine the spelling, grammar and punctua&on.

Examine the login page is the logo familiar? Look at the sub&tles on the logo, is anything unusual? Who is reques&ng this informa&on? Is it someone who would normally request it? Check for spelling errors

Do you know the sender? There is no gree&ng There is no saluta&on or signature Are you expec&ng an ahachment from this person or company?

Protect Yourself: Refuse the Bait STOP. THINK. CONNECT. Before you click, look for common bai&ng tac&cs If the message looks suspicious or too good to be true, treat it as such Install and maintain an&virus soiware on your electronic devices Use email filters to reduce spam and malicious traffic

Protect Yourself: Refuse the Bait Be wary of messages asking for passwords or other personal informa&on No one from NDSU will ask for your password Most reputable businesses and organiza&ons will not ask for this informa&on via email Never send passwords, bank account numbers or other private informa&on in an email Do not reply to requests for this informa&on Verify by contac&ng the company or individual, but do not use the contact informa&on included in the message

Protect Yourself: Refuse the Bait Do not click on any hyperlinks in the email User your computer mouse to hover over each link to verify its actual des&na&on, even if the message appears to be from a trusted source Pay ahen&on to the URL and look for a varia&on in spelling or different domain (e.g., ndsu.edu vs. ndsu.com) Consider naviga&ng to familiar sites on your own instead of using links within messages Examine websites closely Malicious websites may look iden&cal to legi&mate sites Look for hhps:// or a lock icon in the address bar before entering any sensi&ve informa&on on a website

Protect Yourself: Report a Phish If you have received a phishing message Forward it directly to ndsu.reportaphish@ndsu.edu, which keeps intact important informa&on that may help IT staff iden&fy the source of the scam. Then delete the message.

Got Hooked? Protect Yourself: Take Ac&on Now If you suspect You interacted with or replied to a phishing scam using your NDSU email account You might have revealed or shared personal or financial informa&on You should Immediately contact the NDSU IT Help Desk: ndsu.helpdesk@ndsu.edu or 701-231-8685 Immediately change the password(s) for your account(s). If you use the same password for mul&ple accounts and sites, change it for each account. Do not reuse that password in the future. Watch for signs of iden&ty thei by reviewing your bank and credit card statements for unauthorized charges and ac&vity. If you no&ce anything unusual, immediately contact your credit card or bank. Consider repor&ng the ahack to the police, and file a report with the Federal Trade Commission: www.ic.gov.

More Informa&on Credible Online Resources: Stay Safe Online: hhps://staysafeonline.org/stay-safe-online/keep-a-clean-machine/spam-and-phishing Federal Trade Commission: hhps://www.consumer.ic.gov/ar&cles/0003-phishing United States Computer Emergency Readiness Team: hhps://www.us-cert.gov/report-phishing NDSU Informa&on Security Office ndsu.itso@ndsu.edu Theresa Semmens, chief informa&on security officer 701-231-5870 or theresa.semmens@ndsu.edu Jeff Gimbel, senior security analyst 701-231-6730 or jeff.gimbel@ndsu.edu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback