Objectives Define phishing and identify various types of phishing scams Recognize common baiting tactics used in phishing scams Examine real phishing messages.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Today’s Agenda… Knowledge Check What is Cyber Crime? Identity Theft Phishing Common Scams inc. online and mobile phone scams Prevention Methods.
What is identity theft, and how can you protect yourself from it?
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber Crimes.
Matthew Hardaway CSCI101 Thursday 3:30pm.  Fishing (Encyclopedia Britannica): ◦ Sport of catching fish—freshwater or saltwater— typically with rod, line,
Scams & Schemes Common Sense Media.
IT security By Tilly Gerlack.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Information Security Sharon Welna Information Security Officer.
How Phishing Works Prof. Vipul Chudasama.
SCAMS & SCHEMES PROTECTING YOUR IDENTITY. SCAMS WHAT IS A SCAM? ATTEMPT TO TRICK SOMEONE, USUALLY WITH THE INTENTION OF STEALING MONEY OR PRIVATE INFORMATION.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Cyber Security and Staying Safe Online Mark D. Riley College of Health Sciences and Professions.
Activity 4 Catching Phish. Fishing If I went fishing what would I be doing? On the Internet fishing (phishing) is similar!
Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.
INTRODUCTION & QUESTIONS.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
Catching Phish. If I went fishing what would I be doing? On the Internet fishing (phishing) is similar! On the internet people might want to get your.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.
PHISHING A Melbourne Athenaeum Library Cybersafety Information Guide
Important Information Provided by Information Technology Center
Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC
Protecting Your Assets By Preventing Identity Theft
Digital Security Identity theft Copyright Laws Plagiarism, and More.
Phishing awareness Phil Kraemer
Phishing, identity theft, and more
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.
Learn how to protect yourself against common attacks
Unit 4 IT Security.
Social Engineering Charniece Craven COSC 316.
Don’t get phished!, recognize the bait
Lesson 3 Safe Computing.
Information Security and Privacy Pertaining to Phishing and Internet Scams Brian Corl COSC 316 Information Security and Privacy.
Unit 4 IT Security.
I S P S loss Prevention.
Phishing, what you should know
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
Staying Austin College
Cybersecurity Awareness
Practice Safe Computing
4 ways to stay safe online 1. Avoid viruses and phishing scams
Information Security Session October 24, 2005
Personal IT Security Cyber Security – Basic Steps
Phishing.
Protecting Yourself from Fraud including Identity Theft
HOW DO I KEEP MY COMPUTER SAFE?
9 ways to avoid viruses and spyware
Protecting Yourself from Fraud including Identity Theft
What is Phishing? Pronounced “Fishing”
Protecting Yourself from Fraud including Identity Theft
Cybersecurity Simplified: Phishing
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
Presentation transcript:

Objectives Define phishing and identify various types of phishing scams Recognize common baiting tactics used in phishing scams Examine real phishing messages Understand how to protect yourself from being hooked by a phishing scam

Phishing: What is it? Phishing – Cybercriminal attempts to steal personal and financial information or infect computers and other devices with malware and viruses Designed to trick you into clicking a link or providing personal or financial information Often in the form of emails and websites May appear to come from legitimate companies, organizations or known individuals Take advantage of natural disasters, epidemics, health scares, political elections or timely events

Types of Phishing Mass Phishing – Mass, large-volume attack intended to reach as many people as possible Spear Phishing – Targeted attack directed at specific individuals or companies using gathered information to personalize the message and make the scam more difficult to detect Whaling – Type of spear phishing attack that targets “big fish,” including high-profile individuals or those with a great deal of authority or access Clone Phishing – Spoofed copy of a legitimate and previously delivered email, with original attachments or hyperlinks replaced with malicious versions, which is sent from a forged email address so it appears to come from the original sender or another legitimate source Advance-Fee Scam: Requests the target to send money or bank account information to the cybercriminal

Common Baiting Tactics Notification from a help desk or system administrator Asks you to take action to resolve an issue with your account (e.g., email account has reached its storage limit), which often includes clicking on a link and providing requested information. Advertisement for immediate weight loss, hair growth or fitness prowess Serves as a ploy to get you to click on a link that will infect your computer or mobile device with malware or viruses. Attachment labeled “invoice” or “shipping order” Contains malware that can infect your computer or mobile device if opened. May contain what is known as “ransomware,” a type of malware that will delete all files unless you pay a specified sum of money. Notification from what appears to be a credit card company Indicates someone has made an unauthorized transaction on your account. If you click the link to log in to verify the transaction, your username and password are collected by the scammer. Fake account on a social media site Mimics a legitimate person, business or organization. May also appear in the form of an online game, quiz or survey designed to collect information from your account.

Phishing Lure Claims to come from the NDSU IT Help Desk and system administrators References NDSU and North Dakota State University Calls for immediate action using threatening language Includes hyperlink that points to fraudulent site

Phishing Lure Claims to come from the NDSU Human Resources Timely call for action during annual review season From address includes NDSU, but not .edu address (@ndsu.com) Includes hyperlink that points to fraudulent site

Phishing Lure Claims to come from PayPal Includes PayPal logo, but from address is not legitimate (@ecomm360.net) Calls for immediate action using threatening language Includes hyperlink that points to fraudulent site

Phishing Lure Likely an advanced-fee scam Takes advantage of ongoing humanitarian crisis If it sounds too good to be true, it likely is

Detect a Phishing Scam Spelling errors (e.g., “pessward”), lack of punctuation or poor grammar Hyperlinked URL differs from the one displayed, or it is hidden Threatening language that calls for immediate action Requests for personal information Announcement indicating you won a prize or lottery Requests for donations

Can you detect a phishing scam?

Is the name of the staff mailing list correct? Use the “hover” technique. Does the displayed URL match the actual URL? Examine the spelling, grammar and punctuation.

Examine the login page – is the logo familiar? Look at the subtitles on the logo, is anything unusual? Who is requesting this information? Is it someone who would normally request it? Check for spelling errors

Do you know the sender? There is no greeting There is no salutation or signature Are you expecting an attachment from this person or company?

Protect Yourself: Refuse the Bait STOP. THINK. CONNECT. Before you click, look for common baiting tactics If the message looks suspicious or too good to be true, treat it as such Install and maintain antivirus software on your electronic devices Use email filters to reduce spam and malicious traffic

Protect Yourself: Refuse the Bait Be wary of messages asking for passwords or other personal information No one from NDSU will ask for your password Most reputable businesses and organizations will not ask for this information via email Never send passwords, bank account numbers or other private information in an email Do not reply to requests for this information Verify by contacting the company or individual, but do not use the contact information included in the message

Protect Yourself: Refuse the Bait Do not click on any hyperlinks in the email User your computer mouse to hover over each link to verify its actual destination, even if the message appears to be from a trusted source Pay attention to the URL and look for a variation in spelling or different domain (e.g., ndsu.edu vs. ndsu.com) Consider navigating to familiar sites on your own instead of using links within messages Examine websites closely Malicious websites may look identical to legitimate sites Look for “https://” or a lock icon in the address bar before entering any sensitive information on a website

Protect Yourself: Report a Phish If you have received a phishing message Forward it directly to ndsu.reportaphish@ndsu.edu, which keeps intact important information that may help IT staff identify the source of the scam. Then delete the message.

Got Hooked? Protect Yourself: Take Action Now If you suspect… You should… You interacted with or replied to a phishing scam using your NDSU email account Immediately contact the NDSU IT Help Desk: ndsu.helpdesk@ndsu.edu or 701-231-8685 You might have revealed or shared personal or financial information Immediately change the password(s) for your account(s). If you use the same password for multiple accounts and sites, change it for each account. Do not reuse that password in the future. Watch for signs of identity theft by reviewing your bank and credit card statements for unauthorized charges and activity. If you notice anything unusual, immediately contact your credit card or bank. Consider reporting the attack to the police, and file a report with the Federal Trade Commission: www.ftc.gov.

More Information Credible Online Resources: Stay Safe Online: https://staysafeonline.org/stay-safe-online/keep-a-clean-machine/spam-and-phishing Federal Trade Commission: https://www.consumer.ftc.gov/articles/0003-phishing United States Computer Emergency Readiness Team: https://www.us-cert.gov/report-phishing NDSU Information Security Office ndsu.itso@ndsu.edu Theresa Semmens, chief information security officer 701-231-5870 or theresa.semmens@ndsu.edu Jeff Gimbel, senior security analyst 701-231-6730 or jeff.gimbel@ndsu.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.