2. BANKOLE BOLAJI JAMES | CYBER FORENSIC AND SECURITY EXPERT |CISCO CYBER SECURITY
EXPERT: CCSE |CERTIFIED ETHICAL HACKER: CEH |MCSA, MCSE, MCP, MCITP, MCTS | CISCO
CERTIFIED NETWORK ASSOCIATE: CCNA|
EMAIL: BOLAJICISCO@YAHOO.COM|+2347035654727|+2348027042202
A CALL FOR WAR AGAINST IDENTITY THEFT
AND
PHISHING ATTACK
The rate at which employee’s fall victim of Identity Theft and Phishing attack.
Promote the education of employees and conduct training sessions with mock
phishing scenarios.
The fact that organizations have Information Technology/Information Security
Team who could help establish and continuously create awareness
Cyber security has risen to become a national concern as threats
Concerning it now need to be taken more seriously.
• To help people reduce the vulnerability of their Information and
Communication Technology (ICT) systems and networks.
• To help individuals and institutions develop and nurture a
Culture of cyber security.
• To work collaboratively with public, private and international
Experts to secure cyberspace.
• To help understand the current trends in IT/cybercrime, and
Develop effective solutions.
• Availability.
• Integrity, which may include authenticity and non-repudiation.• Confidentiality.
3. BANKOLE BOLAJI JAMES | CYBER FORENSIC AND SECURITY EXPERT |CISCO CYBER SECURITY
EXPERT: CCSE |CERTIFIED ETHICAL HACKER: CEH |MCSA, MCSE, MCP, MCITP, MCTS | CISCO
CERTIFIED NETWORK ASSOCIATE: CCNA|
EMAIL: BOLAJICISCO@YAHOO.COM|+2347035654727|+2348027042202
Is the fraudulent practice of using another person's name and personal
information in order to obtain credit, loans.
Every 2 seconds, someone becomes a victim of identity theft, that means by
the time you finish reading this sentence, the next victim could be you.
Identity theft is categorized in two ways: true name and account takeover.
True name identity theft means that the thief uses personal information to
open new accounts. The thief might open a new credit card account, establish
cellular phone service, or open a new checking account in order to obtain
blank checks.
Account takeover identity theft means the imposter uses personal information
to gain access to the person's existing accounts. Typically, the thief will change
the mailing address on an account and run up a huge bill before the person
whose identity has been stolen realizes there is a problem. The Internet has
made it easier for an identity thief to use the information they've stolen
because transactions can be made without any personal interaction.
4. BANKOLE BOLAJI JAMES | CYBER FORENSIC AND SECURITY EXPERT |CISCO CYBER SECURITY
EXPERT: CCSE |CERTIFIED ETHICAL HACKER: CEH |MCSA, MCSE, MCP, MCITP, MCTS | CISCO
CERTIFIED NETWORK ASSOCIATE: CCNA|
EMAIL: BOLAJICISCO@YAHOO.COM|+2347035654727|+2348027042202
Your best defense starts with educating yourself about the threat, the risk you
are facing as an Internet player or a Technology owner or user.
Understanding the threat and the types of attack
Internet connectivity and email system is an Important integral part of every
business that need attention professionals in which such Infrastructure is to be
managed by concerns experts in each field of practice. there is no guaranteed way
to stop a determined intruder from accessing a business network, Reliance on
email and the internet brings vulnerabilities which must be recognized and
addressed appropriately.
The IT security community has assessed that Spear Phishing is a remarkably
effective cyber-attack technique and its use to gain access to business systems is
unlikely to decline in the near future.
Spear Phishing attack is a lunched to successfully deceive the users so as to gain
access to confidential information..
There is a great increase in the rate at which phishing attack is been lunched
against an organizations.
Spear Phishing has a high success rate and its use as a means of attack looks set
to continue.
Successful attacks can result in exploitation or compromise of individual devices
and organizational networks. This can have significant implications for an
organization.
5. BANKOLE BOLAJI JAMES | CYBER FORENSIC AND SECURITY EXPERT |CISCO CYBER SECURITY
EXPERT: CCSE |CERTIFIED ETHICAL HACKER: CEH |MCSA, MCSE, MCP, MCITP, MCTS | CISCO
CERTIFIED NETWORK ASSOCIATE: CCNA|
EMAIL: BOLAJICISCO@YAHOO.COM|+2347035654727|+2348027042202
The risk from Spear Phishing can be reduced through good
educational awareness and effective technical controls.
6. BANKOLE BOLAJI JAMES | CYBER FORENSIC AND SECURITY EXPERT |CISCO CYBER SECURITY
EXPERT: CCSE |CERTIFIED ETHICAL HACKER: CEH |MCSA, MCSE, MCP, MCITP, MCTS | CISCO
CERTIFIED NETWORK ASSOCIATE: CCNA|
EMAIL: BOLAJICISCO@YAHOO.COM|+2347035654727|+2348027042202
The purpose of phishing is to collect sensitive information with the intention of
using that information to gain access to otherwise protected data, networks, etc.
A phisher's success is contingent upon establishing trust with its victims. We live
in a digital age, and gathering information has become much easier as we are well
beyond the dumpster diving days.
There are various phishing techniques used by attackers:
Embedding a link in an email that redirects your employee to an unsecure
website that requests sensitive information
Installing a Trojan via a malicious email attachment or ad which will allow
the intruder to exploit loopholes and obtain sensitive information
Spoofing the sender address in an email to appear as a reputable source and
request sensitive information
Attempting to obtain company information over the phone by impersonating
a known company vendor or IT department
7. BANKOLE BOLAJI JAMES | CYBER FORENSIC AND SECURITY EXPERT |CISCO CYBER SECURITY
EXPERT: CCSE |CERTIFIED ETHICAL HACKER: CEH |MCSA, MCSE, MCP, MCITP, MCTS | CISCO
CERTIFIED NETWORK ASSOCIATE: CCNA|
EMAIL: BOLAJICISCO@YAHOO.COM|+2347035654727|+2348027042202
They must keep a pulse on the current phishing strategies and confirm their
security policies and solutions can eliminate threats as they evolve.
It is equally as important to make sure that their employees understand the types of
attacks they may face, the risks, and how to address them. Informed employees and
properly secured systems are key when protecting your company from phishing
attacks.
What to do if you’re a victim
How to protect yourself
Here are a few steps a company can take to
protect itself against phishing:
Educate your employees and conduct training sessions with mock phishing
scenarios.
Deploy a SPAM filter that detects viruses, blank senders, etc.
Keep all systems current with the latest security patches and updates.
Install an antivirus solution, schedule signature updates, and monitor the
antivirus status on all equipment.
Develop a security policy that includes but isn't limited to password
expiration and complexity.
Deploy a web filter to block malicious websites.
Encrypt all sensitive company information.
Convert HTML email into text only email messages or disable HTML email
messages.
Require encryption for employees that are telecommuting.
8. BANKOLE BOLAJI JAMES | CYBER FORENSIC AND SECURITY EXPERT |CISCO CYBER SECURITY
EXPERT: CCSE |CERTIFIED ETHICAL HACKER: CEH |MCSA, MCSE, MCP, MCITP, MCTS | CISCO
CERTIFIED NETWORK ASSOCIATE: CCNA|
EMAIL: BOLAJICISCO@YAHOO.COM|+2347035654727|+2348027042202
This plans to steal PayPal Information and credential
If this becomes successful they will Impersonate as the owner of account information and
credential and the link below will simply allow them have your confidential information on
their server without stress.
10. BANKOLE BOLAJI JAMES | CYBER FORENSIC AND SECURITY EXPERT |CISCO CYBER SECURITY
EXPERT: CCSE |CERTIFIED ETHICAL HACKER: CEH |MCSA, MCSE, MCP, MCITP, MCTS | CISCO
CERTIFIED NETWORK ASSOCIATE: CCNA|
EMAIL: BOLAJICISCO@YAHOO.COM|+2347035654727|+2348027042202
PROPOSED MITIGATION PLAN
Develop an effective Information security awareness
training for all employee alongside the Implementation of
effective technical/system control for the organization
This document is developed for educational purposes in other to help bring to
mind current threats, proffer ways to mitigate attacks ,Inspire someone to
develop proactive approach to combat cyber crime with proven security solutions
and services that protect systems, networks, and mobile devices for business
and personal use around the world and give everyone the confidence to live and
work safely and securely in the digital world