PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing email circulated last week that led to.

Slides:



Advertisements
Similar presentations
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Advertisements

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
1 Identity Theft and Phishing: What You Need to Know.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Breaking Trust On The Internet
What is identity theft, and how can you protect yourself from it?
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Internet Phishing Not the kind of Fishing you are used to.
Phishing, Pharming, and Spam Margaret StewartTuesday, Oct. 21, 2006.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
How It Applies In A Virtual World
Information Security Phishing Update CTC
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
BUSINESS B1 Information Security.
Scams & Schemes Common Sense Media.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
How Phishing Works Prof. Vipul Chudasama.
SCAMS & SCHEMES PROTECTING YOUR IDENTITY. SCAMS WHAT IS A SCAM? ATTEMPT TO TRICK SOMEONE, USUALLY WITH THE INTENTION OF STEALING MONEY OR PRIVATE INFORMATION.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
A Matter of Your Personal Security Phishing. Beware of Phishing s Several employees received an that looked legitimate, as if it was being.
Scams and Schemes Essential Question: What is identity theft, and how can you protect yourself from it?
A Matter of Your Personal Security Phishing Revised 11/30/15.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Important Information Provided by Information Technology Center
Objectives Define phishing and identify various types of phishing scams Recognize common baiting tactics used in phishing scams Examine real phishing messages.
Digital Security Identity theft Copyright Laws Plagiarism, and More.
Scams & Schemes Common Sense Media.
Done by… Hanoof Al-Khaldi Information Assurance
how to prevent them from being successful
Phishing Don’t take the bait! Dave Beauvais Andrew Sloan
Learn how to protect yourself against common attacks
Digital Citizenship Middle School
Social Engineering Charniece Craven COSC 316.
Protecting What’s Yours: Your Identity
Information Security.
Phishing, what you should know
Cyber Security Awareness Workshop
How to Protect Yourself from ID Theft and Social Engineering
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
Staying Austin College
Presented by: Brendan Walsh Manager, Security and Access Management
Cybersecurity Awareness
Practice Safe Computing
IT Security awareness Training.
Robert Leonard Information Security Manager Hamilton
Mary Kummer Jim McNall PRIMA Spring Training 2018
What is it? Why do I keep getting from Barracuda? SPAM.
Jeff loses his identity!
Phishing.
Network Security Best Practices
Protecting Senior Citizens from Phishing s
Phishing Don’t fall for fake
Security Hardening through Awareness August 2018
Business Compromise and Cyber Threat
Social Engineering Humans are often the weakest point in security
What is Phishing? Pronounced “Fishing”
Phishing 101.
Cybersecurity Simplified: Phishing
Presentation transcript:

PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing email circulated last week that led to a number of compromised accounts. Phishing is a form of identity theft where victims are lured into giving away sensitive information, usually through email (although users can also be targeted by phone or text). Messages are designed to look like they are coming from trusted businesses, like banks, government agencies or even from within Queen's University. Often they are trying to steal your identity or login credentials to gain access to your accounts and use them to commit other crimes.

Here’s how phishing works: When you click or open the link, a number of scenarios may play out. Malicious software (a virus or botnet) may be embedded in your computer that searches for banking information, credit cards, passwords and/or personal details, sending them back to the crooks. Your computer may be hi-jacked with all of your files being encrypted. Ransomware. You may be presented a login window that appears to be a legitimate Queen’s login page that mirrors a service that you are familiar with. Logins will fail, but after the first attempt, the real authentication page may appear, allowing you to successfully login. The “Phisher” will get in touch via email, text, chat, etc with a message that seems to be from a trustworthy source and is for appearances sake meant just for you ( Spearing – they have looked up information about you and have targeted a topic that will likely result in a reaction ). The message will include a link for you to click or an attachment to open. When you click or open the link, a number of scenarios may play out.

What to look for? Is this for real? The best defense is to be skeptical of everything Are you expecting the email? Is it from a contact of yours ( be aware of Spoofing, or whether the user you know could be compromised and the request is out of the ordinary ) When hovering over the link, does it display a recognized site that is secure. Review Examples - http://queensu.ca/its/security/education-awareness/phishing/phishing-samples

Effect to the end user. The quick thinker will know immediately and may only need to change their password to protect against additional malicious activity. The lucky individual may have a phisher who plays nice and your account will only be used to send out SPAM. Bounce backs will be received and the user will initially be puzzled. The phisher has not mined your accounts for information. The unlucky individual may have to deal with stolen identity, a breach of confidential information or they may become the sender of additional Spear Phishing attempts within Queen’s. To the keen individual, they will sense that something was not just right and will immediately change their password. To the lucky individual, the account will simply be used to send out additional SPAM. Lucky because they usually learn quit quickly via bounce backs, colleagues or from ITS that their account has been compromised. BUT did the phisher simply send out more spam? Or have they searched the users email for Credit Card Numbers Have they mined Personal information that can be used to apply for loans Do they now have the Confidential information of others If lucky, the user affected simply has to deal with the embarrassment of spaming others and a mess of bounce backs. But in some cases, full investigations need to take place and others who may have been affected need to be notified of a possible data breach.

Effects to Queen’s University Affects our mail reputation Results in lost time in dealing with issue at multiple levels user level departmental level within ITS Puts business and personal data at risk User and department need to determine scope of data that may be affected. Action is required to follow up with colleagues and customers that may be adversely affected by the account being compromised.

What is being done? Awareness campaigns Security Training Monitoring suspicious changes to account settings Continuous Tweaking of filters on email Monitoring access from multiple locations What Can you Do as an End User? Learn more about phishing and safe computing practices: http://www.queensu.ca/its/security/education-awareness/phishing In most cases, you can simply delete the message.( You know it is phishing and it was obvious) If you have acted on the phishing attempt, change your password and contact ITS Forward messages you wish to report to abuse@queensu.ca Call ITS if you want confirmation as whether the email is legit

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.