beware of phishing scams

Post on 12-Nov-2014

966 Views

Category:

Documents

2 Downloads

Preview:

Click to see full reader

DESCRIPTION

The cyber threat to our Army and Nation is pervasive and most often target, human behavior through social engineering. The best mitigation measure for this risk is to increase cyber awareness by educating our Soldiers, Family Members, Government Civilians, and Contractors. HQDA has directed Army Antiterrorism Quarterly Theme Cyber Threat Awareness (2Q/FY13). For more information on Cyber Security, visit http://www.staysafeonline.org/stay-safe-online/

TRANSCRIPT

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

•Weareeasilyenticed—wetrustknownbrands/logos

•Lackofusereducationandawareness

•LackofInformationAssuranceknowledgeandwarningindicators

•Visuallydeceptivetext

•Imagemasking

•ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

• Changeyourpasswordimmediatelyattherealwebsite:

• Typethewebsitenameinyourbrowser’saddressbar.

• Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

• Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

• Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

• Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

• Weareeasilyenticed—wetrustknownbrands/logos

• Lackofusereducationandawareness

• LackofInformationAssuranceknowledgeandwarningindicators

• Visuallydeceptivetext

• Imagemasking

• ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

•Changeyourpasswordimmediatelyattherealwebsite:

•Typethewebsitenameinyourbrowser’saddressbar.

•Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

•Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

•Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

•Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

• Weareeasilyenticed—wetrustknownbrands/logos

• Lackofusereducationandawareness

• LackofInformationAssuranceknowledgeandwarningindicators

• Visuallydeceptivetext

• Imagemasking

• ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

•Changeyourpasswordimmediatelyattherealwebsite:

•Typethewebsitenameinyourbrowser’saddressbar.

•Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

•Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

•Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

•Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)

User Awareness•Mostphishingattemptsareforidentitytheft,butphishingisalsobeingusedtogainaccesstoonlinebanking,federal,andDoDinformation

• PhishingAttackscanbegearedtocollectpersonalinformationsuchas:SSN,mother’smaidenname,dateofbirth,passwords,creditcardnumbers,etc.

• Phishingemailsnotonlyattempttotrickyouintogivingoutsensitiveinformation,butalsocanincludemalicioussoftware

•MalicioussoftwarecanbevirusesandothercomputercodedesignedtoallowahackertouseyourcomputerforillegalInternetactivity,ortoaccessyourunit’snetworktogatherDoDinformation

•Maliciouscodemaycaptureyourkeystrokesorcaptureyourpersonalandworkfilesandsendthemtopeoplewithoutyourknowledge

How Phishing Works

Protect Yourself and Your Organization

DO

• Watchoutforphishing

• Deletesuspiciousemails

• ContactyourInformationAssuranceOfficeroryourservicingNetworkEnterpriseCenter(NEC)ifyouhavequestionsaboutemails

• Reportanypotentialincidents

DO NOT • Opensuspiciousemails

• Clickonsuspiciouslinksinemailsorpop-upwindows

• Calltelephonenumbersprovidedinsuspiciousemails

• Discloseanyinformation

User Awareness•Mostphishingattemptsareforidentitytheft,butphishingisalsobeingusedtogainaccesstoonlinebanking,federal,andDoDinformation

• PhishingAttackscanbegearedtocollectpersonalinformationsuchas:SSN,mother’smaidenname,dateofbirth,passwords,creditcardnumbers,etc.

• Phishingemailsnotonlyattempttotrickyouintogivingoutsensitiveinformation,butalsocanincludemalicioussoftware

•MalicioussoftwarecanbevirusesandothercomputercodedesignedtoallowahackertouseyourcomputerforillegalInternetactivity,ortoaccessyourunit’snetworktogatherDoDinformation

•Maliciouscodemaycaptureyourkeystrokesorcaptureyourpersonalandworkfilesandsendthemtopeoplewithoutyourknowledge

How Phishing Works

Protect Yourself and Your Organization

DO

• Watchoutforphishing

• Deletesuspiciousemails

• ContactyourInformationAssuranceOfficeroryourservicingNetworkEnterpriseCenter(NEC)ifyouhavequestionsaboutemails

• Reportanypotentialincidents

DO NOT • Opensuspiciousemails

• Clickonsuspiciouslinksinemailsorpop-upwindows

• Calltelephonenumbersprovidedinsuspiciousemails

• Discloseanyinformation

User Awareness•Mostphishingattemptsareforidentitytheft,butphishingisalsobeingusedtogainaccesstoonlinebanking,federal,andDoDinformation

• PhishingAttackscanbegearedtocollectpersonalinformationsuchas:SSN,mother’smaidenname,dateofbirth,passwords,creditcardnumbers,etc.

• Phishingemailsnotonlyattempttotrickyouintogivingoutsensitiveinformation,butalsocanincludemalicioussoftware

•MalicioussoftwarecanbevirusesandothercomputercodedesignedtoallowahackertouseyourcomputerforillegalInternetactivity,ortoaccessyourunit’snetworktogatherDoDinformation

•Maliciouscodemaycaptureyourkeystrokesorcaptureyourpersonalandworkfilesandsendthemtopeoplewithoutyourknowledge

How Phishing Works

Protect Yourself and Your Organization

DO

• Watchoutforphishing

• Deletesuspiciousemails

• ContactyourInformationAssuranceOfficeroryourservicingNetworkEnterpriseCenter(NEC)ifyouhavequestionsaboutemails

• Reportanypotentialincidents

DO NOT • Opensuspiciousemails

• Clickonsuspiciouslinksinemailsorpop-upwindows

• Calltelephonenumbersprovidedinsuspiciousemails

• Discloseanyinformation

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

•Weareeasilyenticed—wetrustknownbrands/logos

•Lackofusereducationandawareness

•LackofInformationAssuranceknowledgeandwarningindicators

•Visuallydeceptivetext

•Imagemasking

•ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

• Changeyourpasswordimmediatelyattherealwebsite:

• Typethewebsitenameinyourbrowser’saddressbar.

• Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

• Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

• Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

• Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)

top related