1 Division of Information Technology Phishing Awareness By Chad Vantine Information Security Assistant
2 What is Phishing? Phishing messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing malicious software on your computer, tricking you into giving them sensitive information, or outright stealing personal information off of your computer.
3 Types of Phishing Attacks Social Engineering - On your Facebook profile or LinkedIn profile, you can find: Name, Date of Birth, Location, Workplace, Interests, Hobbies, Skills, your Relationship Status, Telephone Number, Address and Favorite Food. This is everything a Cybercriminal needs in order to fool you into thinking that the message or is legitimate. Link Manipulation - Most methods of phishing use some form of deception designed to make a link in an appear to belong to the spoofed organization or person. Misspelled URLs or the use of subdomains are common tricks used by phishers. Many clients or web browsers will show previews of where a link will take the user in the bottom left of the screen or while hovering the mouse cursor over a link.
4 Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information (social engineering) about their targets to increase their probability of success. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks. Clone phishing - A type of phishing attack whereby a legitimate, and previously delivered containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned . The attachment or link within the is replaced with a malicious version and then sent from an address spoofed to appear to come from the original sender.
5 Types of Phishing Attacks Voice Phishing - Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to personal and financial information from the public for the purpose of financial reward. Sometimes referred to as 'vishing, Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.
6 Examples of Phishing Attacks Spear Phishing 1. The first question you have to ask is, Do I know this person? or Am I expecting an from the person? If you answered no to either question, you must take a harder look at other aspects of the 2. A large amount of phishing s will blank out the To: or Cc: fields so that you cannot see that this is a mass to a large group of people. 3. Phishing s will often come with subjects that are in all capitals or have multiple exclamation marks in order for you to think that this is important or that you should take the recommended action within the This is a targeted (Spear Phishing) to VSU, so more than likely, this was sent to everyone at VSU that the sender had in their address book. 5. Hovering your mouse over the link, you can see that this is not taking you to a valdosta.edu address, but rather to an external site. This site would either prompt you for a password, then steal that password, or would download a malicious file infecting your computer.
7 Examples of Phishing Attacks Spear Phishing 1. Looking at the Sender, you can see that this is not from a valdosta.edu address, but rather a ucla.edu address. This should be the first warning that this is not a legitimate since it is talking about a Valdosta upgrade. 2. Once again, the To: and Cc: fields are greyed out so that you can t see this is a mass . Also, as referenced by the Subject line, Valdosta Upgrade, this is a targeted attack to VSU addresses. 3. As you can see, this link is not a part of the valdosta.edu domain, but an external site at jimdo.com. This should be another warning that this is not a legitimate , and more than likely phishing for your credentials.
8 Examples of Phishing Attacks Clone Phishing 1. These s are harder to spot because they look exactly like legitimate s you would normally receive. The first cue that something is not right with this is the sender. It is a generic address, You would never see this from a legitimate , you would see the username of the buyer/seller; e.g.; 2. The question you have to ask yourself is did I buy anything from ebay recently, and if I did, is this what I purchased? If no to these questions, then you more than likely have a phishing The last piece is the most critical in seeing if the is in fact a phishing . If you hover your mouse over the button it is wanting you to press, you see that this is not taking you to an ebay.com site, but rather an external site that will more than likely try to steal your ebay credentials.
9 Examples of Phishing Attacks Clone Phishing 1. Just like in the previous example, this looks like a legit PayPal that you would normally see. So the first thing to do is to see if you recognize the , or if you have done any kind of transaction with this address. Also look through the for spelling and grammatical errors, as Cybercriminals will often leave these errors in the body of the Second, see if the item in question is one that you actually bought or sold. If not, then delete and move on. 3. Look at the circled, if this was an official from paypal, it would end not mail2world.
10 Examples of Phishing Attacks Link manipulation 1. This is actually from a valdosta.edu address, so first you have to ask whether or not this is from someone you know or someone that would be ing you about your account. Remember that only members of I.T. will you about your accounts. 2. One again, cybercriminals will use a subject line trying to get your attention, often using all caps and multiple exclamation marks. A legitimate from I.T. will not do this. 3. The To: and Cc: lines are not shown so that you can t tell this is a mass targeting multiple individuals. 4. Hovering your mouse over the link, you can see that this is not a legitimate valdosta.edu link, but an external one designed to steal your information or install malicious software. 5. The signature often will end in a generic sign off as to not arouse suspicion as to the sender.
11 Examples of Phishing Attacks Link manipulation 1. The sender is not a valid valdosta.edu address, but rather address. The name is also a generic Admin Team which does not match up with the address. 2. The subject line is in all capitals and using multiple exclamation marks trying to get your attention. 3. Hovering your mouse over the link, you can see that this is not a valid valdosta.edu address, but rather an external site trying to steal your credentials or install malicious software.
12 Examples of Phishing Attacks Link manipulation 1. This is a common phishing and looks completely legit, with the name of Verizon Wireless, but if you look at the actual , it is address rather than address. 2. Once again, the To: line is missing, indicating that this is a mass that they want to avoid you seeing. 3. Hovering your mouse over the link, you can see that this does not take you to a Verizon website, but rather to a random website which would more than likely take your login information and take over your account to take your billing information.
13 Examples of Phishing Attacks Social Engineering 1 The example on the left is a targeted social engineering attack. Cybercriminals scan your profile for your likes and then send you a crafted message over social media trying to trick you into clicking the link, which would then steal your social media login and take over your profile sending out more phishing attacks to your friends/contact list. The one on the right is an example of a mass phishing attack through social media. No doubt many of you have seen these in Facebook, from random people in messages, or from your friends through their timelines. Upon clicking the link, it would prompt you to log in again, but this time to a fake Facebook page, and steal your log in information and take over your profile sending out the same or another mass phishing attack to your friends and contacts.
14 Can you spot the tell-tale signs of a phishing ?
15 Can you spot the tell-tale signs of a phishing ? 1. The address is not a valid valdosta.edu address, but rather a Vaderbilt.edu address. This is important because only a valid valdosta.edu address will you about anything or help desk related. 2. The To: and Cc: are missing so that you can tell this is a mass targeted phishing attack. 3. Hovering your mouse over the link, you can see that this is not a valdosta.edu address but rather an external address trying to steal your credentials. 4. The signature is generic as to not alert you to any phishing attempt.
16 Can you spot the tell-tale signs of a phishing ?
17 Can you spot the tell-tale signs of a phishing ? 1. The first thing to ask yourself, do I know this person and should they be ing me about accounts. If you answered no, then more than likely it is a phishing attempt. 2. The To: and Cc: are not showing so that you wont be able to tell this is a mass attempting to get as many people as possible. 3. Hovering your mouse over the link, you can see that this is not a valid valdosta.edu address, but rather an external address attempting to get your credentials or install malicious software. This should be your main Aha moment to let you know that this is indeed a phishing The signature is generic and trying to lull you into a false sense of security by saying this is the Webmail Administrator
18 Tips to protect yourself from Phishing s. I.T. will NEVER ask for your password over . Please be wary of any s asking for passwords. Never send passwords, bank account numbers, or other private information in an . Be cautious about opening attachments and downloading files from s, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security. If you are not expecting an with an attachment from someone, such as a fax or a PDF, please call and ask them if they indeed sent the . If not, let them know they are sending out Phishing s and need to change their password immediately. Never enter private or personal information into a popup window. If there is a link in an , use your mouse to hover over that link to see if it is sending you to where it claims to be, this can thwart many phishing attempts. Look for ' and a lock icon in the address bar before entering any private information on a website. Look for spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have staff that will not allow a mass like this to go out to its users. If you notice mistakes in an , it might be a scam.
19 What to do when you think you received a phishing . First, do not click on any links within the or download any attachment. Forward the to for Information Security to examine and determine if legitimate. If there is an attachment in the , and you recognize the sender but aren't expecting an attachment from them, please call them and ask if it is legitimate.
20 Signs of a Phishing Phone Call: You've been specially selected (for this offer). You'll get a free bonus if you buy our product. You've won one of five valuable prizes. You've won big money in a foreign lottery. This investment is low risk and provides a higher return than you can get anywhere else. You have to make up your mind right away. You trust me, right? You don't need to check our company with anyone. We'll just put the shipping and handling charges on your credit card.
21 Tips to protect yourself from Phishing phone calls. Don t buy from an unfamiliar company. Legitimate businesses understand that you want more information about their company and are happy to comply. Always check out unfamiliar companies with your local consumer protection agency, Better Business Bureau, state attorney general, the National Fraud Information Center, or other watchdog groups. Obtain a salesperson s name, business identity, telephone number, street address, mailing address, and business license number before you transact business. Some con artists give out false names, telephone numbers, addresses, and business license numbers. Verify the accuracy of these items. Don t pay for a free prize. If a caller tells you the payment is for taxes, he or she is violating federal law. Never send money or give out personal information such as credit card numbers and expiration dates, bank account numbers, dates of birth, or social security numbers to unfamiliar companies or unknown persons. If you have been victimized once, be wary of persons who call offering to help you recover your losses for a fee paid in advance.
22 What to do if you think you are receiving a Phishing Call Always look up the phone number in Google. Often times, others have received these calls before and will log the number and the type of scam to different websites. Some of the websites are 800notes.com, callercenter.com, and callercomplaints.com. Users will let you know whether or not this is a scam, and what the caller will ask for. Resist pressure to make a decision immediately. Keep your credit card, checking account, or Social Security numbers to yourself. Don't tell them to callers you don't know even if they ask you to confirm this information. That's a trick. Get all information in writing before you agree to buy. Beware of offers to help you recover money you have already lost. Callers that say they are law enforcement officers who will help you get your money back for a fee are scammers. Report any caller who is rude or abusive, even if you already sent them money. They'll want more. Call FTC-HELP or visit ftc.gov/complaint.
Security Statement The security of your accounts and personal information is Sonabank s highest priority. Regardless of your preferred method of banking in person, by telephone or online you need to know
IT Computer Technical Support Newsletter March 23, 2015 Vol.1, No.22 Recognizing Spam Spam messages are messages that are unwanted. If you have received an e-mail from the Internal Revenue Service or the
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
Online Security Information ProCredit Bank is committed to protecting the integrity of your transactions and bank account details. ProCredit Bank therefore uses the latest security software and procedures
Table of Contents Protection from Fraud & Identity Theft... 1 Simple Steps to Secure Your Devices... 1 Setting Up Your Computer and/or Mobile Device... 2 Adding Security Software... 2 Internet Safety Tips...
A new fake Citibank phishing scam using advanced techniques to manipulate users into surrendering online banking access has emerged. The Citibank scam tricks users into surrendering their online banking
How can I prevent email-based Malware and viruses attacks? Owens IT has multiple systems in place to mitigate the risk of infection from Malware and virus threats; however, information security awareness
Information Security Field Guide to Identifying Phishing and Scams 010001010100101010001010011010101010101010101 01000101010011010010100101001010 1 Contents Introduction Phishing Spear Phishing Scams Reporting
If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining
Phoenix Information Technology Services Julio Cardenas Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic spam involving nearly identical messages sent to numerous
Provided by: December 2014 Oliver James Enterprise DON T BE FOOLED BY EMAIL SPAM FREE GUIDE 1 This guide will teach you: How to spot fraudulent and spam e-mails How spammers obtain your email address How
Online Security Information: Phishing What is phishing? Phishing is the name given to the practice of sending emails at random purporting to come from a genuine company operating on the Internet, in an
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.
Fraud Investigation and Education FIS www.fisglobal.com Phishing What is it? Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e mail messages that
CONTACT: Dan Pittman 714.282.9994 firstname.lastname@example.org AGE WELL SENIOR SERVICES REMINDS SENIORS TO BE ON THE LOOKOUT FOR SCAM ARTISTS LAGUNA WOODS, California, April 11, 2012 Age Well Senior Services, Orange
2016 SYNERGY HomeCare, All Rights Reserved. If you are over 65, you probably grew up in an era when business was done with a firm handshake; unfortunately, crooks today are playing on that trust. The Federal
Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet
UW-Madison Tips to Avoid Phishing Scams What is phishing? Phishing is the use of fraudulent email, websites, text messages and phone calls to trick people into disclosing personal financial or identity
Online Security Protect your identity, your personal information and your family. make it safe make it simple makeitsecure.org Make the most of your Internet experience by surfing wisely The Internet is
Email Security 01-15-09 Fort Mac Most Common Mistakes in Email Security Email Security 1. Using just one email account. 2. Holding onto spammed-out accounts too long. 3. Not closing the browser after logging
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD
Background SPECIAL REPORT ON PHISHING During 2003 and early 2004, law enforcement authorities, businesses, and Internet users have seen a significant increase in the use of phishing. Phishing is a general
Phishing Scams Security Update Best Practices for General User hishing refers to the malicious attack Pmethod by attackers who imitate legitimate companies in sending emails in order to entice people to
Protect Your Personal Information Table of Contents Credit vs. Debit. 3 Tips to Keep Your Information Safe... 3 Shop Safely Online... 4 What to Do About Fraud.. 6 It s a scary world. It seems like every
Page 1 of 6 Email provides us a powerful communication tool. Unfortunately, it also provides scammers an easy means for luring potential victims. The scams they attempt run from old-fashioned bait-and-switch
Conducting an Email Phishing Campaign WMISACA/Lansing IIA Joint Seminar May 26, 2016 William J. Papanikolas, CISA, CFSA Sparrow Health System Estimated cost of cybercrime to the world economy in 2015 was
Estimated time: 45 minutes Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives Overview: Students learn strategies for guarding against
LESSON PLAN Scams and Schemes Essential Question What is identity theft, and how can you protect yourself from it? Lesson Overview Students learn strategies for guarding against identity theft and scams
LESSON PLAN Scams and Schemes Essential Question What is identity theft, and how can you protect yourself from it? Lesson Overview Students learn strategies for guarding against identity theft and scams
Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms
INTERNET FRAUD Online scams and viruses are constantly evolving and they threaten the security of computers worldwide. As criminals evolve their tactics, you need to keep your PC's security software (virus
To p t i p s f o r s a f e o n l i n e b a n k i n g a n d s h o p p i n g The Internet offers the opportunity to bank and shop in safety whenever you want. More than 15 million people in the UK now use
Computer Security Self-Test: Questions & Scenarios Rev. Sept 2015 Scenario #1: Your supervisor is very busy and asks you to log into the HR Server using her user-id and password to retrieve some reports.
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
P a g e 1 Internet Basics ABOUT THIS CLASS This class is designed to provide a basic introduction to accessing and navigating the internet (a.k.a. the world wide web or the web ). Throughout the class,
Protect yourself online Advice from Nottinghamshire Police s Pre Crime Unit Get daily updates: www.nottinghamshire.police.uk www.twitter.com/nottspolice www.facebook.com/nottspolice www.youtube.com/nottinghampolice
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
Could you spot a scammer? Keeping you safe and secure Fraud can affect anyone whatever your background, age or experience And attempts can come in all shapes and sizes over the phone, on the internet or
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
Deter, Detect, Defend Deter Never provide personal information, including social security number, account numbers or passwords over the phone or Internet if you did not initiate the contact Never click
Email Basics Creating your e-mail. WHAT IS THIS CLASS? This class is a beginner s level, introductory course on basic email usage. We will cover topics such as creating an account, sending and receiving
Advance Fee Loans Scam artists can trick you into paying money to qualify for a loan or credit card. Despite their guarantees, you do not receive a loan, credit card, or any money. Never pay money to qualify
3 day Workshop on Cyber Security & Ethical Hacking 1 st day-highlights-hands On Phishing Attack Hammad Mashkoor Lari Freelancer What is Cyber Security? What is Ethical hacking? What is Computer Science?
FRAUD ALERT THESE SCAMS CAN COST YOU MONEY Phishing spear phishing vishing smishing debit card skimming fake check scams THE COMMON SENSE PRECAUTIONS INSIDE CAN KEEP YOU SAFE! SCHEMES SCAMS FRAUDS Criminals
Phishing and Other Schemes Using the IRS Name The IRS periodically alerts taxpayers to schemes that fraudulently use the IRS name, logo or Web site clone to gain access to consumers financial information
Information as an Asset How to Protect your Data May 15 th, 2013 Overview Define Information Security Information Security Risks Information Security Reviews 1 Agenda Information security - what is it?
White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have
Dealing with Spam February 16, 2012 Marc Berger SRJC Information Technology Overview How Information Technology handles E-mail and Spam What you can do about E-mail and Spam Cloud-based E-mail What exactly
Identity Theft Awareness: Don t Fall Victim to these Common Scams We want you to understand what identity theft is, how it happens, and how to protect yourself. Please read and familiarize yourself with
Low-Income Taxpayer Clinic (LITC) Choosing a Tax Return Preparer Choosing a Tax Return Preparer If you plan to pay a preparer, please review the following points to ensure your return is correctly filed
PROTECT YOUR FINANCIAL TRANSACTIONS Caisses populaires acadiennes www.acadie.com/en It s a wealth of ways to strengthen the security of your financial transactions. By implementing simple measures to mitigate
Fraud Prevention Tips The best defense against fraud or identity theft is a proactive approach. Here are a few steps you can take to help protect yourself. Protect your identity Copy the front and back
Entourage - an Introduction to E-mail Version 2004 for Macintosh Table of Contents What is Entourage Starting Entourage The Navigation Pane Getting Help Creating and Sending a Message Using the UI Exchange
The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server. How Encryption
Email it s convenient, free and easy. Today, it is the most rapidly growing means of communication. This is a basic introduction to email and we use a conversational non- technical style to explain how
Protecting your business from some of the current fraud threats This literature provides guidance on fraud prevention and is provided for information purposes only. Where noted the guidance provided has
Cyber Security Guide for NHSmail 2 Version 1.0 This document is available for users during transition. The final version will be published post transition. Copyright 2015 Health and Social Care Information
Phishing, Spoofing, Spamming and Security How To Protect Yourself Dr. Harold L. Bud Cothern Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation, some images from Anti- Phishing
General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking
Email 101 Email Etiquette and Safety Introduction Page 1 Like any form of online communication, it's important to practice good etiquette and safety when using email. Etiquette is a set of rules and guidelines
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
Putting Telephone Scams... On Hold Federal Trade Commission Toll-free 1-877-FTC-HELP Federal Trade Commission Toll-free 1-877-FTC-HELP www.ftc.gov For the Consumer www.ftc.gov For the Consumer Telemarketing
Security guide small businesses and freelancers Security guide 1 1. Introduction 3. The most dangerous types of threats 5. Will you let us protect you? 2. Where is the danger and how can we protect ourselves?
Practical guide for secure Christmas shopping Navid 1 CONTENTS 1. Introduction 3 2. Internet risks: Threats to secure transactions 3 3. What criteria should a secure e-commerce page meet?...4 4. What security
Contents Click on a title below to jump straight to that section. What is credit card fraud? Types of credit card fraud Current scams Keeping your card and card details safe Banking and shopping securely
ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES 01 One must remember that everyone and anyone is a potential target. These cybercriminals and attackers often use different tactics to lure different
Internet Security For Home Users Basic Attacks Malware Social Engineering Password Guessing Physical Theft Improper Disposal Malware Malicious software Computer programs designed to break into and create
DETER OR MINIMIZE YOUR RISK OF IDENTITY THEFT Information copied from Federal Trade Commission Website (www.ftc.gov) Protect your Social Security number Don't carry your Social Security card in your wallet
Reviewer s Guide Kaspersky Internet Security for Mac 1 Protection for Mac OS X The main window shows all key features such as Scan, Update, Safe Money, and Parental Control in a single place. The current
Online Banking User Guide Page 1 of 14 Set Up and Access to Online Banking How do I set up Online Banking? To enroll in Online Banking, complete the following: 1. Go to https://www.cobnks.com. 2. Under
ISSN: 2394 3122 (Online) Volume 2, Issue 9, September 2015 Journal for all Subjects Research Article / Survey Paper / Case Study Published By: SK Publisher (www.skpublisher.com) Novel Method to Protect
25 STEPS TO SAFE ONLINE SHOPPING There exists a tremendous difference between what computer users should do to enhance their cyber security and what they really do. What is the primary reason for this?
Computer Security and Privacy 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Guidelines for Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures
STOP. THINK. CONNECT. Online Safety Quiz Round 1: Safety and Security Kristina is on Facebook and receives a friend request from a boy she doesn t know. What should she do? A. Accept the friend request.
1 PREVENTING HIGH-TECH IDENTITY THEFT Presented by The Monument Group Companies Featured speaker: David Floyd November 19, 2014 2 Introduction Preventing Identity Theft (this session) Monitoring for Theft
Malwarebytes Anti-Malware for Mac User Guide Version 1.2 9 June 2016 Notices Malwarebytes products and related documentation are provided under a license agreement containing restrictions on use and disclosure
Helping you to protect yourself against fraud and financial crime first direct takes fraud & other financial crimes very seriously. Even though we have market-leading fraud detection systems, we want you