Upload File

help! why phishing works what is phishing? i think i’ve been … · 2014. 9. 26. · phishing is...

  • Home
  • Documents
  • Help! Why Phishing Works What is Phishing? I think I’ve been … · 2014. 9. 26. · Phishing is usually an e-mail sent to a large group of people that attempts to scam the recipients
7
SUSPICIOUS ACTIVITY REPORTING Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network Enterprise Center (NEC)

Upload: others

Post on 05-Oct-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Help! Why Phishing Works What is Phishing? I think I’ve been … · 2014. 9. 26. · Phishing is usually an e-mail sent to a large group of people that attempts to scam the recipients

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

•Weareeasilyenticed—wetrustknownbrands/logos

•Lackofusereducationandawareness

•LackofInformationAssuranceknowledgeandwarningindicators

•Visuallydeceptivetext

•Imagemasking

•ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

• Changeyourpasswordimmediatelyattherealwebsite:

• Typethewebsitenameinyourbrowser’saddressbar.

• Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

• Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

• Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

• Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)

Page 2: Help! Why Phishing Works What is Phishing? I think I’ve been … · 2014. 9. 26. · Phishing is usually an e-mail sent to a large group of people that attempts to scam the recipients

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

• Weareeasilyenticed—wetrustknownbrands/logos

• Lackofusereducationandawareness

• LackofInformationAssuranceknowledgeandwarningindicators

• Visuallydeceptivetext

• Imagemasking

• ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

•Changeyourpasswordimmediatelyattherealwebsite:

•Typethewebsitenameinyourbrowser’saddressbar.

•Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

•Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

•Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

•Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)

Page 3: Help! Why Phishing Works What is Phishing? I think I’ve been … · 2014. 9. 26. · Phishing is usually an e-mail sent to a large group of people that attempts to scam the recipients

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

• Weareeasilyenticed—wetrustknownbrands/logos

• Lackofusereducationandawareness

• LackofInformationAssuranceknowledgeandwarningindicators

• Visuallydeceptivetext

• Imagemasking

• ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

•Changeyourpasswordimmediatelyattherealwebsite:

•Typethewebsitenameinyourbrowser’saddressbar.

•Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

•Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

•Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

•Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)

Page 4: Help! Why Phishing Works What is Phishing? I think I’ve been … · 2014. 9. 26. · Phishing is usually an e-mail sent to a large group of people that attempts to scam the recipients

User Awareness•Mostphishingattemptsareforidentitytheft,butphishingisalsobeingusedtogainaccesstoonlinebanking,federal,andDoDinformation

• PhishingAttackscanbegearedtocollectpersonalinformationsuchas:SSN,mother’smaidenname,dateofbirth,passwords,creditcardnumbers,etc.

• Phishingemailsnotonlyattempttotrickyouintogivingoutsensitiveinformation,butalsocanincludemalicioussoftware

•MalicioussoftwarecanbevirusesandothercomputercodedesignedtoallowahackertouseyourcomputerforillegalInternetactivity,ortoaccessyourunit’snetworktogatherDoDinformation

•Maliciouscodemaycaptureyourkeystrokesorcaptureyourpersonalandworkfilesandsendthemtopeoplewithoutyourknowledge

How Phishing Works

Protect Yourself and Your Organization

DO

• Watchoutforphishing

• Deletesuspiciousemails

• ContactyourInformationAssuranceOfficeroryourservicingNetworkEnterpriseCenter(NEC)ifyouhavequestionsaboutemails

• Reportanypotentialincidents

DO NOT • Opensuspiciousemails

• Clickonsuspiciouslinksinemailsorpop-upwindows

• Calltelephonenumbersprovidedinsuspiciousemails

• Discloseanyinformation

Page 5: Help! Why Phishing Works What is Phishing? I think I’ve been … · 2014. 9. 26. · Phishing is usually an e-mail sent to a large group of people that attempts to scam the recipients

User Awareness•Mostphishingattemptsareforidentitytheft,butphishingisalsobeingusedtogainaccesstoonlinebanking,federal,andDoDinformation

• PhishingAttackscanbegearedtocollectpersonalinformationsuchas:SSN,mother’smaidenname,dateofbirth,passwords,creditcardnumbers,etc.

• Phishingemailsnotonlyattempttotrickyouintogivingoutsensitiveinformation,butalsocanincludemalicioussoftware

•MalicioussoftwarecanbevirusesandothercomputercodedesignedtoallowahackertouseyourcomputerforillegalInternetactivity,ortoaccessyourunit’snetworktogatherDoDinformation

•Maliciouscodemaycaptureyourkeystrokesorcaptureyourpersonalandworkfilesandsendthemtopeoplewithoutyourknowledge

How Phishing Works

Protect Yourself and Your Organization

DO

• Watchoutforphishing

• Deletesuspiciousemails

• ContactyourInformationAssuranceOfficeroryourservicingNetworkEnterpriseCenter(NEC)ifyouhavequestionsaboutemails

• Reportanypotentialincidents

DO NOT • Opensuspiciousemails

• Clickonsuspiciouslinksinemailsorpop-upwindows

• Calltelephonenumbersprovidedinsuspiciousemails

• Discloseanyinformation

Page 6: Help! Why Phishing Works What is Phishing? I think I’ve been … · 2014. 9. 26. · Phishing is usually an e-mail sent to a large group of people that attempts to scam the recipients

User Awareness•Mostphishingattemptsareforidentitytheft,butphishingisalsobeingusedtogainaccesstoonlinebanking,federal,andDoDinformation

• PhishingAttackscanbegearedtocollectpersonalinformationsuchas:SSN,mother’smaidenname,dateofbirth,passwords,creditcardnumbers,etc.

• Phishingemailsnotonlyattempttotrickyouintogivingoutsensitiveinformation,butalsocanincludemalicioussoftware

•MalicioussoftwarecanbevirusesandothercomputercodedesignedtoallowahackertouseyourcomputerforillegalInternetactivity,ortoaccessyourunit’snetworktogatherDoDinformation

•Maliciouscodemaycaptureyourkeystrokesorcaptureyourpersonalandworkfilesandsendthemtopeoplewithoutyourknowledge

How Phishing Works

Protect Yourself and Your Organization

DO

• Watchoutforphishing

• Deletesuspiciousemails

• ContactyourInformationAssuranceOfficeroryourservicingNetworkEnterpriseCenter(NEC)ifyouhavequestionsaboutemails

• Reportanypotentialincidents

DO NOT • Opensuspiciousemails

• Clickonsuspiciouslinksinemailsorpop-upwindows

• Calltelephonenumbersprovidedinsuspiciousemails

• Discloseanyinformation

Page 7: Help! Why Phishing Works What is Phishing? I think I’ve been … · 2014. 9. 26. · Phishing is usually an e-mail sent to a large group of people that attempts to scam the recipients

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

•Weareeasilyenticed—wetrustknownbrands/logos

•Lackofusereducationandawareness

•LackofInformationAssuranceknowledgeandwarningindicators

•Visuallydeceptivetext

•Imagemasking

•ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

• Changeyourpasswordimmediatelyattherealwebsite:

• Typethewebsitenameinyourbrowser’saddressbar.

• Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

• Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

• Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

• Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)


Understanding Phishing: Text Direction Deception! Phishing - Text... · 2020. 4. 1. · Understanding Phishing: Text Direction Deception! Every so often we at INKY come across a scam

Phishing Prevention, Solutions & Services | Cofense - How to Spot … · 2020. 9. 4. · Phishing emails will try to fluster recipients by creating a sense of urgency. Fear Scaring

What is Bad Email? Spam, Phishing, Scam, Hoax and Malware distributed via Email

Pc zombie spim spear phishing ransomware spam scam presentación

A apresentação trata de diversas vertentes e aspectos do ataque de Phishing Scam

Beware of BAIT! · Beware of BAIT! How to Spot a Phishing Scam “Phishing” emails attempt to trick people into sharing information that helps criminals access an organization’s

February 2014 Feature Article: Phishing Scam Update Scam Update not addressing you by name and proving that they know David Harley, ESET North America Urban Schrott, ESET Ireland It

Pc zombie,spim,ramsomware,spam,phishing y scam presentacion 3

URLCheck Malware and Phishing URLs agggg gregator · URLCheck Malware and Phishing URLs agggg gregator by ... (nigerian scam, lottery, etc) 5. ... phishing protection“ published

Need to free up your phone? Amazon Photos can helpJul 04, 2020  · LinkedIn phishing A recent trend in LinkedIn phishing is the connection request scam. Phishers create fake LinkedIn

Protect Against Phishing Attacks...Phishing Attacks A Prevention Checklist Check the Sender’s Address Phishing costs businesses $500 Million a Year. 50% of recipients open emails

THE ULTIMATE GUIDE TO PHISHING€¦ · Phishing is a type of online scam where criminals send out fraudulent email messages that appear to come from a legitimate source. The email

Pc zombie, spim, ramsomware, spam, phishing y scam investigacíon 03 semana 08

Ichthyology: Phishing as a Science - Black Hat | Home · Ichthyology: Phishing as a Science ... protection on their domain, ... them to the scam. Unfortunately,

February 2014 Feature Article: Phishing Scam Update Radar... · February 2014 Feature Article: Phishing Scam Update. Table of Contents Phishing Scam Update .....3 ESET Corporate News

Enron scam. accounting scam

SCAM - SCAMMERS - PHISHING: TOME CUIDADO NA REDE!

Pc zombie, spam, scam, phishing, spear

Stop Phishing: A Guide to Protecting Your Web Site Against ... · Stop Phishing: A Guide to Protecting Your Web Site ... a phishing scam. ... A Guide to Protecting Your Web Site Against

Pc zombie, spim, spear, phishing, ransomware, spam, scam tarea 7, semana 7

Cybercrime! vor Phishing, Hacking, Sex- tortion oder Romance … · 2019-10-07 · Wie schützen Sie sich vor Phishing, Hacking, Sex-tortion oder Romance Scam? Öffentliche Informationsveranstaltungen

Phishing Scam - A fraude do século XXI

Pc zombie, Phishing Ransomware, Scam, Span, Spin

Phishing Scam (INFO 2602, Sect 1)

Força Aérea Brasileira — Asas que protegem o país · Phishing, phishing-scam ou phishing/scam, é o tipo de fraude por meio da qual um golpista tenta obter dados pessoais e financeiros

Using Deep Networks and Transfer Learning To Address ... · Transfer Learning Multi-class: friend, 419 scam, malware, credential phishing, phishing training, propaganda, social engineering,

DigiCert Phishing White Paper: A Primer on What Phishing ... · or 419 scam. These scams are ... • Ensure implementation of protection . against phishing, spam, viruses and

Spim, ransomware, spam, phishing y scam

Scam Block Plus Chrome Extension Anti Phishing Scams

Investigación 3 -pc zombie, spim, ransomware, spam, phishing y scam

Xorian Infotech Scam Alert - Avoid Phishing Email Fraud

D:\Pc Zombie, Spim, Ransomware, Spam, Phishing Y Scam

Presentacion PC Zombie, Smpim, Ramsomware, Spam, Phishing y Scam

Phishing and Online Scam in China - DEF CON · Characteristics of Chinese Phishing Websites Lottery scam is targeted to a few branded websites which are then faked: QQ, Taobao, CCTV

Presentación pc zombie, phishing, spim, spear phishing, ransomware, spam, scam