Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing Don’t take the bait! Dave Beauvais Andrew Sloan

Published byMorgan Cummings Modified over 6 years ago

Similar presentations

Presentation on theme: "Phishing Don’t take the bait! Dave Beauvais Andrew Sloan"— Presentation transcript:

1 Phishing Don’t take the bait! Dave Beauvais Andrew Sloan
Catmail and Office 365 Services Senior Technical Account Manager Ohio University Office of Information Technology Microsoft Premier Support

2 What is phishing? Phishing messages try to convince you to give up personal info. Messages from someone pretending to be a trustworthy source such as your bank or your friendly Information Technology staff. Stolen information often used to access other accounts. Uses your account to send more phish that appears to come from you. Access your employee info to modify payroll direct deposit account. Access W2 or other tax information to file fraudulent returns or steal your ID. Nobody is going to give you millions of dollars just for helping them move a shipment through customs. Sender information is easily falsified or spoofed.

3 What about spear phishing?
A targeted attack against specific individuals who have access to large amounts of sensitive information. HR and payroll staff Executive level staff Uses these peoples’ elevated access or position to obtain business or personal info for hundreds or thousands of people. February & March 2016: Snapchat and Seagate Technology released W2s of all current and former employees after falling victim to spear phishing. In February of this year, popular messaging service Snapchat compromised by spear phishing claiming to be from Snapchat CEO, who requested the W2s of all current and former employees. In March, Seagate Technology, a hard drive manufacturer, fell victim to the same thing and disclosed the W2s of all current and former employees. Those companies and many others sustain major financial losses and suffer damage to their reputation. The damage is often hard to quantify and those whose information was disclosed can face years of dealing with the side effects of identity theft. Reference for Snapchat hack: Reference for Seagate Technology hack:

4 Phishing is a technological medium to exploit human weaknesses.[1]
Despite advances in spam filters and so-called machine learning, it is still very difficult for a computer to look at any given message and determine whether it is legitimate or not. The attackers know this, and design their messages to trigger a reaction from you. They want you to feel a sense of panic or worry, because you’re more likely to react if you think that something bad will happen by not reacting. So what can you do to eliminate that human weakness and learn to recognize a bogus message? Reference: 1 Joseph Steinberg, Forbes, “Why You Are At Risk Of Phishing Attacks (And Why JP Morgan Chase Customers Were Targeted Last Week)”, August 25, 2014.

5 Recognizing phishing messages
Asking for username, password, or other personal information. Threat of a penalty if no action is taken. Poor grammar and awkward sentence structure. Commonly refer to recent world events. Hurricane Matthew phish claiming to solicit donations to aid victims really just steals usernames, passwords, and banking information. Links to sites claiming to provide information about bombing victims if you provide personal and family information. OU would never disable your mailbox simply because you didn’t click on a link. No legitimate bank, university, or other organization will ask you to provide personal information in an . Proper spelling and grammar are not indications of an authentic message; plenty of phish looks very well written.

6 Misleading links to bad sites
Links that do not take you where they appear to go. Hover over links with your mouse, or press and hold links on your phone to see the true destination of a link. Click here to log in

7 Demonstration: Identifying phishing messages
Show examples User account/mailbox problem Bank account problem Hurricane Matthew phish Fake shared documents Meeting invites Ask audience to point out things about the messages which are phishy. How do you determine what to reel in and what to throw back?

8 Handling phishing messages
If in doubt, check before you click! If you doubt the authenticity of a message, the OIT Security or IT Service Desk staff can help. Forward the message to OIT Security or the IT Service Desk or call Report phish to Microsoft. Reporting to Microsoft helps to improve the automatic detection of future messages. Demonstrate phish reporting using OWA.

9 How does OU combat phishing?
Constant monitoring of reported and detected threats. Daily adjustments to filters to block many phishing messages. Blocking specific file types in . Multi-factor or two-factor authentication Stay for the next session coming up at 3:00 PM for info about multi-factor authentication at Ohio University! Education to help teach you how to recognize and handle phish!

10 What is Microsoft doing about phishing?
Catmail is a hosted service provided by Microsoft Office 365. Anti-spam and anti-phishing service is known as Microsoft Exchange Online Protection, or EOP. EOP Advanced Threat Protection (ATP) provides enhanced tools to help combat new and emerging threats.

11 Don’t take the bait! Technology cannot prevent every phishing message from getting to you, but you can prevent yourself from becoming a victim by not taking the bait!

12 Before you click, ask yourself...
Who is this person and why are they contacting me? Would this person actually have a need for the information they are requesting? This really sounds too good to be true. Am I expecting this attachment?

13 Questions? Thank you for attending this session!

Download ppt "Phishing Don’t take the bait! Dave Beauvais Andrew Sloan"

Similar presentations

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.

Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.

Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.
Scams & Schemes Common Sense Media.

Scams & Schemes Common Sense Media.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

Similar presentations

Ads by Google