Presentation is loading. Please wait.

Presentation is loading. Please wait.

PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing email circulated last week that led to.

Similar presentations


Presentation on theme: "PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing email circulated last week that led to."— Presentation transcript:

1 PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to a number of compromised accounts. Phishing is a form of identity theft where victims are lured into giving away sensitive information, usually through (although users can also be targeted by phone or text). Messages are designed to look like they are coming from trusted businesses, like banks, government agencies or even from within Queen's University. Often they are trying to steal your identity or login credentials to gain access to your accounts and use them to commit other crimes.

2 Here’s how phishing works:
When you click or open the link, a number of scenarios may play out. Malicious software (a virus or botnet) may be embedded in your computer that searches for banking information, credit cards, passwords and/or personal details, sending them back to the crooks. Your computer may be hi-jacked with all of your files being encrypted. Ransomware. You may be presented a login window that appears to be a legitimate Queen’s login page that mirrors a service that you are familiar with. Logins will fail, but after the first attempt, the real authentication page may appear, allowing you to successfully login. The “Phisher” will get in touch via , text, chat, etc with a message that seems to be from a trustworthy source and is for appearances sake meant just for you ( Spearing – they have looked up information about you and have targeted a topic that will likely result in a reaction ). The message will include a link for you to click or an attachment to open. When you click or open the link, a number of scenarios may play out.

3 What to look for? Is this for real?
The best defense is to be skeptical of everything Are you expecting the ? Is it from a contact of yours ( be aware of Spoofing, or whether the user you know could be compromised and the request is out of the ordinary ) When hovering over the link, does it display a recognized site that is secure. Review Examples -

4 Effect to the end user. The quick thinker will know immediately and may only need to change their password to protect against additional malicious activity. The lucky individual may have a phisher who plays nice and your account will only be used to send out SPAM. Bounce backs will be received and the user will initially be puzzled. The phisher has not mined your accounts for information. The unlucky individual may have to deal with stolen identity, a breach of confidential information or they may become the sender of additional Spear Phishing attempts within Queen’s. To the keen individual, they will sense that something was not just right and will immediately change their password. To the lucky individual, the account will simply be used to send out additional SPAM. Lucky because they usually learn quit quickly via bounce backs, colleagues or from ITS that their account has been compromised. BUT did the phisher simply send out more spam? Or have they searched the users for Credit Card Numbers Have they mined Personal information that can be used to apply for loans Do they now have the Confidential information of others If lucky, the user affected simply has to deal with the embarrassment of spaming others and a mess of bounce backs. But in some cases, full investigations need to take place and others who may have been affected need to be notified of a possible data breach.

5 Effects to Queen’s University
Affects our mail reputation Results in lost time in dealing with issue at multiple levels user level departmental level within ITS Puts business and personal data at risk User and department need to determine scope of data that may be affected. Action is required to follow up with colleagues and customers that may be adversely affected by the account being compromised.

6 What is being done? Awareness campaigns Security Training
Monitoring suspicious changes to account settings Continuous Tweaking of filters on Monitoring access from multiple locations What Can you Do as an End User? Learn more about phishing and safe computing practices: In most cases, you can simply delete the message.( You know it is phishing and it was obvious) If you have acted on the phishing attempt, change your password and contact ITS Forward messages you wish to report to Call ITS if you want confirmation as whether the is legit


Download ppt "PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing email circulated last week that led to."

Similar presentations


Ads by Google