How to Identify Phishing E-Mails



Similar documents
DON T BE FOOLED BY SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam FREE GUIDE. December 2014 Oliver James Enterprise

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Deter, Detect, Defend

Information Security Field Guide to Identifying Phishing and Scams

Recognizing Spam. IT Computer Technical Support Newsletter

Corporate Account Takeover & Information Security Awareness. Customer Training

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Cybercrime Prevention and Awareness

How to stay safe online

Phishing Scams Security Update Best Practices for General User

Online Security Information. Tips for staying safe online

Payment Fraud and Risk Management

Malware & Botnets. Botnets

Advice about online security

Internet basics 2.3 Protecting your computer

Basic Security Considerations for and Web Browsing

Protecting your business from fraud

3 day Workshop on Cyber Security & Ethical Hacking

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Information Security Awareness

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Business ebanking Fraud Prevention Best Practices

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

Infocomm Sec rity is incomplete without U Be aware,

How to Spot and Combat a Phishing Attack Webinar

Internet threats: steps to security for your small business

Best Practices Guide to Electronic Banking

Social Media and Cyber Safety

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

When visiting online banking's sign-on page, your browser establishes a secure session with our server.

Protection from Fraud and Identity Theft

Don t Fall Victim to Cybercrime:

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!

A new fake Citibank phishing scam using advanced techniques to manipulate users into surrendering online banking access has emerged.

Customer Awareness for Security and Fraud Prevention

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

Protect yourself online

BE SAFE ONLINE: Lesson Plan

High Speed Internet - User Guide. Welcome to. your world.

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about:

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Tips for Banking Online Safely

Information Security. Louis Morgan, CISSP Information Security Officer

Avoid completing forms in messages that ask for personal financial information.

INTERNET SAFETY: VIRUS: a computer program that can copy itself and infect your computer. CAPTCHAS: type the letters to set up an online account

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Security Fort Mac

Quarterly Report: Symantec Intelligence Quarterly

Retail/Consumer Client. Internet Banking Awareness and Education Program

Get Started Guide - PC Tools Internet Security

SEC-GDL-005-Anatomy of a Phishing

Expanded Header: Viewing in Microsoft Outlook

Cybersecurity Best Practices

Market Intelligence Cell. Fighting Financial Crime

Online Cash Manager Security Guide

E-Business, E-Commerce

& INTERNET FRAUD

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Don t Click That Link and other security tips. Laura Perry Jennifer Speegle Mike Trice

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

National Cyber Security Month 2015: Daily Security Awareness Tips

The State of Spam A Monthly Report August Generated by Symantec Messaging and Web Security

Learn to protect yourself from Identity Theft. First National Bank can help.

Scams and Schemes LESSON PLAN UNIT 1. Essential Question What is identity theft, and how can you protect yourself from it?

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

Online Security Tips

Frequently Asked Questions

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Cyber Security. Maintaining Your Identity on the Net

Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos

NC DPH: Computer Security Basic Awareness Training

Transcription:

How to Identify Phishing E-Mails How to recognize fraudulent emails and avoid being phished. Presented by : Miguel Fra, Falcon IT Services (miguel@falconitservices.com) http://www.falconitservices.com Dial In Conference: (305) 433-6663 Option 4 PIN # 0825 For live presentation visit http://presentations.falconitservices.com and enter invitation code Phishing. If you have a group of 10 or more people, please contact me to have this presentation given at your place of business (2 weeks prior notice please). Sources:Wikipedia,OnGuardOnline.gov, US CERT, Kapersky Labs

What Is Phishing? Phishing: Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Spear phishing: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. Whaling: Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.

Phishing Attacks Watch out for the following: Password Reset Requests Account Lockouts Account Termination Account Login Requests Program/Software Installs Hyperlinked Web Sites Information Request

How Viruses and Phishing Relate to Each Other Some viruses inject additional fields into legitimate Web sites in order to obtain sensitive information. Phishing links in e-mails can lead users to infected web pages in order to install spyware on a user s PC. Viruses can harvest e-mails from your address book. Beware of lost USB sticks, they could be virus infected phishing devices. Viruses can alter search results and lead you to fake sites.

How E-Mail Addresses are Harvested Automated programs harvest e- mail addresses that appear in Web sites. Computer and phone viruses can harvest e-mails from an infected user s address book. Chain e-mails are used to collect e-mail addresses. Internal corporate e-mails can be requested from DNS servers that have not been locked down properly.

Don t Let Your Guard Down! I can t get a virus, I have anti-virus! I have a Mac/Linux, they don t get viruses. I have an Anti-Virus program! My IT Department keeps me safe.

E-Mail No-No s Don t open attachments, especially ZIP and RAR files. Even when you receive an attachment from a familiar source, call them and verify that they sent you the attachment. Look for E-mail with attachments that are out of context (businessmeetings.pdf from your child instead of from your boss). Don t follow E-Mail links or click on links. View everything with suspicion.

Avoid Being Phished! Phishing is an attempt to acquire sensitive information by masquerading as a trustworthy entity. Phishing can come in the form of email, postal mail and social media. Beware of e-mails that are out of context. Don t open files from chat, e-mail or social media transfers. Be weary of zip files in e-mail. Be weary of e-mails from UPS, Fedex, IRS, Banks, Credit Cards Risky attachment file types: ZIP, RAR, EXE, PIF, BAT, VBS, COM

Anatomy of a Typical Phishing E-Mail Look for grammatical errors and misspelled words. Check the sender s E-Mail address for a match. Look for generalized salutations (i.e. dear customer). Real providers usually know your full name and will include it in their e-mail. Hover over links to see if the linked URL matched the hyperlink. Watch our for scare tactics! Look out for requests to visit a password reset or login site that you have not requested.

Anatomy of a Typical Phishing E-Mail Hovering over hyper links will reveal the true destination either in a hover message or at the bottom of your browser.

Anatomy of a Typical Phishing E-Mail Hovering over hyper links will reveal the true destination of the hyperlink. Look for fake URL s

Social Media Phishing This social media phishing site tricks you into thinking you need a special program in order to view the attached video. Notice the link URL. In this case it s facebookapp.com. Don t link/friend/connect to unknown people. Seriously, you know this person?

Anatomy of a Phishing site Look at the URL carefully and make sure it matches. The real URL is highlighted in black. Type in the URL yourself, don t follow links! Look for spelling and grammatical errors in Web sites. Look for inconsistencies, broken links and broken image links. Look for HTTPS as well as a secure site certificate that is valid.

Phishing is not Just E-Mail Based. Phishing Sites are Indexed on many Search Engines This site came up when I Google searched the term: Sharp Error 3332. There are several clues that identify this as a malicious site: 1. When I called the toll free number, the agent requested access to my computer without even asking me who I was. They told me they had to run a utility to test my computer for connection errors. 2. The fix shown here is completely unrelated to the problem. This error is e-mail related error for a Sharp photocopier, nothing to do with Windows. 3. The site has several links to a fix and even tried to automatically download a program to my PC as shown at the bottom as soon as I opened the page. 4. When I asked the phone agent the name of their company, they stated they were from Microsoft. 5. Registry fix programs usually are junk ware and will typically cause further complications and problems.

Unified Threat Management If your router supports UTM (Unified Threat Management), enable the UTM features. UTM anti-virus and anti-malware gateway scans all incoming traffic for malware before it gets a chance to enter your network. Enable the URL filter to block known phishing sites, known virus distribution sites and known infected servers. It s also a good idea to block P2P sites, Proxies and other sites commonly associated with malware infections. Use the UTM s SMTP filter to block SPAM as well as ZIP, RAR, EXE, COM and SCR files from coming in through your E-Mail.

Common Phishing Scams Lottery: E-mail or letter stating that you have won a foreign lottery asking for bank information or up front fees to cover taxes, shipping costs or wire transfer costs. Fake Check: Scams hat answer to on-line posts from EBay, Craig's list, etc. The scammer will show up with a fake cashiers check for a greater amount, claim it s an error and request the difference in cash. The Nigerian E-mail: An oil magnate in Nigeria has a large amount of money they need to transfer to the US and are seeking assistance in exchange for a percentage. Relative in Foreign Country: A relative in a foreign country is in trouble and needs you to wire money ASAP. This is a type of spear phishing attack that relies on stolen identities and address books. Password Reset/Account Verification: Your credit card, financial service, hosting or other on-line service will stop working unless you verify your account and/or reset your password.

What Should I do If I Suspect Having Been Phished? If you suspect that you have been phished, immediately change your passwords and monitor your credit cards/bank accounts or whatever type of service you suspect may have been compromised by the phishing attach. Contact us for a consultation or research on-line to seek out further advice and recommended action.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information