SlideShare ist ein Scribd-Unternehmen logo

Protect Yourself from COVID-19 Phishing Scams

Als PPTX, PDF herunterladen
J
Jennifer Leone Thompson

The document discusses various social engineering techniques used in phishing scams, especially during the COVID-19 pandemic. It notes that over 2 million phishing websites have been registered since the start of 2020. It provides examples of techniques like pretexting, quid pro quo, honeytraps, baiting, phishing, water holing and tailgating. It explains how each technique works and tips on how to avoid being victimized by them, such as verifying requests for information, keeping software updated, and being wary of unsolicited messages. The document seeks to educate users on identifying and reporting phishing attacks during the pandemic.

Internet
1 von 47
COVID-19 Fake Websites and Phishing Scams
Purpose The purpose of this training is to educate users about social engineering with a focus on phishing. ▸ After this training, you will be able to identify and report phishing attacks. ▸ How to protect yourself from potential phishing scams and websites 2
Fake COVID-19 Corona virus related domains 1
According to GOOGLE 2.02 million phishing websites have been registered since the start of 2020 4 www.forbes.com February 02-FEB-20 March 01-MAR-20 April 19-APR-20 May 10-MAY-20 41,320 53,731 55,008 58,538
5 60,000 phishing websites were reported in May 2020 alone!
6 Fraudsters are exploiting the opportunity to steal the Personally Identifiable Information (PII), financial information, and even medical information, of those looking for knowledge, protection, and treatment for the viral infection. “
coincides with the increasing prominence of coronavirus as a global problem 7
8 More than 700 fake websites mimicking Netflix and Disney+ signup pages have been created seeking to harvest personal information from consumers during the coronavirus lockdown streaming boom. “ www.theguardian.com
▸ Cybercriminals are also impersonating official bodies such as HMRC and the World Health Organization in scam text messages and emails in an attempt to exploit the coronavirus outbreak. 9 www.theguardian.com
Deceptive Websites – Fake Site 10 ▸ This fake website url is “uk-covid-19-relieve.com.” www.fullfact.org EXAMPLE
Deceptive Websites – Real Site 11 ▸ The real government’s website has a “gov.uk” URL, not a “.com” url. www.fullfact.org EXAMPLE
Social Engineering Don’t get hooked 2
Top 10 Social Engineering Techniques ▸ Pretexting ▸ Quid Pro Quo ▸ Honeytrap ▸ Baiting ▸ Phishing ▸ Water-Holing ▸ Tailgating ▸ Spear Phishing 13
14 “Hi there, regarding my purchase, I have to go to California, my sister has mental health issues so I'll be there for couple of days, It will be very helpful if you send this item to new address (See attachment). Kind regards.” “
PreTexting Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information, specifically information that the victim would typically not give outside the context of the pretext. 15 www.wikipedia.org
Examples of PreTexting ▸Pretexting is a form of social engineering used to manipulate victims into divulging sensitive information. Pay attention to generic greetings. 16 www.wikipedia.org
How to avoid Pretexting ▸ Avoid sharing personal information on social media. If you have already shared out this information, request to have it pulled down. ▸ Use authorized and trusted channels to verify your email address and phone number in case you receive a suspicious message. ▸ Do not click on links sent via emails, instead use trustworthy websites. ▸ Do not disclose your personal information and passwords to anyone if you are uncertain. ▸ Cancel requests for help from a company if you have not requested assistance. ▸ Find out who has access to your data at work and ensure that it is secure. ▸ Do not open emails from an unknown source. ▸ Secure your computer by installing anti-virus software, email spam filters, firewalls, and always keep them updated. 17 Tip 1 www.osgusa.com
Quid Pro Quo Quid pro quo attacks promise a benefit in exchange for information. This benefit usually assumes the form of a service. 18 www.wikipedia.org
Examples of a Quid Pro Quo ▸Fraudsters contact random individuals, inform them that there’s been a computer problem on their end and ask that those individuals confirm their personal information, all for the purpose of committing identity theft. 19 www.tripwire.com
How to avoid Quid Pro Quo ▸ Invest in modern antivirus and antimalware software that will help prevent and manage potential intrusions. ▸ Evaluate email filtering software that can identify and remove phishing attacks before they make it to an employee’s inbox. ▸ Social engineering attacks rely on either the naivete or gullibility of staff. Provide regular security awareness training that outlines common tactics and strategies that criminals will use. ▸ Conduct frequent penetration tests to gauge how well your employees are prepared to handle these various attacks. ▸ Shred company records or any documentation that includes names or employee information. Consider using trash receptacles or dumpsters with locking mechanisms. 20 Tip 2 www.everfi.com
Honeytrap An investigative practice involving the use of romantic or sexual relationships for interpersonal, political (including state espionage), or monetary purpose. The honey pot or trap involves making contact with an individual who has information or resources required by a group or individual. 21 www.wikipedia.org
Example of a Honeytrap The trapper will seek to entice a target into a false relationship (which may or may not include actual physical involvement) in which they can glean information or influence over the target. 22 www.wikipedia.org | www.independent.co.uk ▸Sarah Cook was overjoyed when she met someone she thought was special on an dating site. Mrs Cook (not her real name), 52, felt she had developed a genuine connection with a US soldier serving in Iraq and was only too happy to help him out when he needed money. But her dreams were shattered when Ghanaian police arrested 31-year-old Maurice Asola Fadola, who they suspected of posing as the soldier and conning Mrs Cook out of £271,000. www.thispersondoesnotexist.com
How to avoid a Honeytrap ▸ You need to have the patience and ability to question yourself. Often scams create a sense of urgency, which tests your ability to take a quick decision and portrays itself as scenario that there may be huge loss of opportunity. ▸ These are sure shot signs of scam in motion, which tempts to in making a wrong decision. ▸ Any offer that sounds too good to be true, but which comes with a sense of urgency is usually a scam. 23 Tip 3 www.opiniown.com
Baiting Baiting attacks use a false promise to pique a victim's greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. 24
Baiting The most reviled form of baiting uses physical media to disperse malware. 25 www.imperva.com ▸Attackers leave the bait—typically malware-infected flash drives—in conspicuous areas where potential victims are certain to see them (e.g., bathrooms, elevators, the parking lot of a targeted company).
How to avoid Baiting ▸ Alertness and awareness will serve you well and protect you against baiting and other social engineering attacks. ▸ Keep your antivirus and antimalware security settings up-to-date so they flag potentially harmful and malicious cyber threats ▸ Can that URL really be trusted and is it secure and have an up-to-date, valid security certificate? For example when you use Google Chrome, check that there is a lock sign in the browser search window. This will allow you to see if your connection is secure, can be trusted and has a valid certificate. ▸ Scan your computer regularly to further protect yourself against these cyber threats and help improve your cybersecurity hygiene. 26 Tip 4 www.keepnetlabs.com
Phishing! A social engineering attack using a fake e-mail, often with a theme, to elicit interaction (clicking a link or opening an attachment) to deposit malware on the target system. 27 www.hhs.gov
Example of Phishing Phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware. 28 www.imperva.com ▸An email sent to users of an online service that alerts them of a policy violation requiring immediate action on their part, such as a required password change. ▸It includes a link to an illegitimate website—nearly identical in appearance to its legitimate version— prompting the unsuspecting user to enter their current credentials and new password. Upon form submittal the information is sent to the attacker.
How to avoid be Phished ▸ Know what a phishing scam looks like ▸ Don’t click on that link ▸ Get free anti-phishing add-ons ▸ Don’t give your information to an unsecured site ▸ Rotate passwords regularly ▸ Don’t ignore those updates ▸ Install firewalls ▸ Don’t be tempted by those pop-ups ▸ Don’t give out important information unless you must ▸ Have a Data Security Platform to spot signs of an attack 29 Tip 5 www.lepide.com
Water Holing is a targeted social engineering strategy that capitalizes on the trust users have in websites they regularly visit. ... This strategy has been successfully used to gain access to some (supposedly) very secure systems. The attacker may set out by identifying a group or individuals to target. 30 www.wikipedia.org
Water Holing This is a social engineering attack that takes advantage of the amount of trust that users give to websites they regularly visit, such as interactive chat forums and exchange boards. 31 www.imperva.com ▸Users on these websites are more likely to act in abnormally careless manners. ▸These websites are referred to as watering holes because hackers trap their victims there just as predators wait to catch their prey at watering holes. ▸Hackers exploit any vulnerabilities on the website, attack them, take charge, and then inject code that infects visitors with malware or that leads clicks to malicious pages. www.ncsc.gov.uk
Water Holing – OceanLotus Example A watering hole campaign targeting several websites in Southeast Asia occurred in 2018 and 2019. This campaign, believed to have been run by the OceanLotus group, was very large in scale and over 20 compromised websites were found, including the Ministry of Defense of Cambodia, the Ministry of Foreign Affairs and International Cooperation of Cambodia, and several Vietnamese news and blog outlets. Attackers added a small piece of malicious code to the compromised websites, which checked visitors’ locations and only visitors from Vietnam and Cambodia received the malware. 32 www.securitytrails.com
How to avoid Water Holing ▸ Keep all your systems, software and OS’s updated to the latest version with all patches offered by vendors applied. ▸ Invest in advanced network security tools, such as solutions that leverage network traffic analysis and perform inspection of suspicious websites in order to spot attackers attempting to move laterally across the network and exfiltrate data. ▸ Practice makes everything perfect — so make sure that security awareness training includes all current threats to your organization, which should definitely include watering hole attacks. 33 Tip 6 www.securitytrails.com
Tailgating Attack is a social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises. 34
Tailgating Attack The attacker seeks entry into a restricted area where access is controlled by software- based electronic devices. 35 www.kratikal.medium.com ▸A social engineer can pretend to be a delivery agent from an e-commerce company or someone from a food delivery service, holding boxes as an excuse to ask employees to open the door. ▸The social engineer would pretend to make it look uneasy for him to open the door and would ask any authorized person to help him as a courtesy to get entry to the restricted premises.
How to avoid Tailgating Attacks ▸ Make sure to lock your system and other devices while leaving the work station. ▸ In order to avoid tailgating attacks, do not let unknown people enter restricted premises of office unless they have appropriate credentials or authority of access. ▸ Never help strangers to access a secured location when they ask to open the door or are from delivery services unless they are permitted. ▸ Always keep your access identity card with you while you are on the premises and make sure to keep it secure from being misused by unauthorized employees. ▸ Never insert stray or idle external devices like USB or memory cards in your system before getting them verified by the security administrator. ▸ Implement cybersecurity practices in your organization to prevent potential cyber risks. ▸ Provide cybersecurity awareness training to employees to make them understand about cyberattacks and how to recognize them. 36 Tip 7 www.kratikal.medium.com
Spear Phishing Spear phishing is a phishing method that targets specific individuals or groups within an organization. 37 www.trendmicro.com
Spear Phishing It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss. 38 www.trendmicro.com ▸Spear phishing attackers perform reconnaissance methods before launching their attacks. One way to do this is to gather multiple out-of-office notifications from a company to determine how they format their email addresses and find opportunities for targeted attack campaigns. ▸Other attackers use social media and other publicly available sources to gather information.
How to avoid Spear Phishing ▸ Educate your employees and conduct training sessions with mock phishing scenarios. ▸ Deploy a SPAM filter that detects viruses, blank senders, etc. ▸ Keep all systems current with the latest security patches and updates. ▸ Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment. ▸ Develop a security policy that includes but isn't limited to password expiration and complexity. ▸ Deploy a web filter to block malicious websites. ▸ Encrypt all sensitive company information. ▸ Convert HTML email into text only email messages or disable HTML email messages. ▸ Require encryption for employees that are telecommuting. 39 Tip 8 www.kratikal.medium.com
Knowledge Checking Abbreviated Key takeaways 3
a) 1.12 Million b) 2.02 Million c) 5.9 Million d) 10 Million e) None of the above ______ million phishing websites have been registered since the start of 2020 ✓
a) Fox News b) Disney c) Amazon d) Netflix e) None of the above More than 700 fake websites mimicked the following companies ✓ ✓
a) a form of social engineering used to manipulate victims into divulging sensitive information. b) a new way to text. c) a pre-filled form. d) all of the above. Pretexting is… ✓
a) a promise or a benefit in exchange for information. b) a new way to text. c) a French desert. d) Latin for hello. e) None of the above Quid Pro Quo is… ✓
a) a way to catch bee honey b) a trap that involves making contact with an individual who has information or resources required by a group or individual. c) A new web app. d) None of the above A Honeytrap is… ✓
Resources www.forbes.com www.trendmicro.com www.kratikal.medium.com www.imperva.com www.thispersondoesnotexist.com www.hhs.gov www.theguardian.com www.osgusa.com www.lepide.com www.wikipedia.org
Thank you Any questions? You can find me at: multimedia.web@outlook.com 47

Empfohlen

Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing
PhishingPhishing
PhishingCarla Morales Vásquez
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 

Empfohlen

Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing
PhishingPhishing
PhishingCarla Morales Vásquez
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hackingMd. Mehadi Hassan Bappy
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on PhishingCreative Technology
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Phishing
PhishingPhishing
PhishingSyeda Javeria
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing TechnologyAvishekMondal15
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaEdureka!
 
Phishing
PhishingPhishing
Phishingdefquon
 
Phishing
PhishingPhishing
PhishingDeepak Kumar (D3)
 
Intro phishing
Intro phishingIntro phishing
Intro phishingSayali Dayama
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Cybercriminals Are Lurking
Cybercriminals Are LurkingCybercriminals Are Lurking
Cybercriminals Are LurkingCharlie Lewis M.S.
 
Cybercrime blog
Cybercrime blogCybercrime blog
Cybercrime blogCharlie Lewis M.S.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaEdureka!
 
Phishing
PhishingPhishing
Phishingdefquon
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 

Was ist angesagt? (20)

Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hacking
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - Kloudlearn
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | Edureka
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 

Ähnlich wie Protect Yourself from COVID-19 Phishing Scams

Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19ArielMcCurdy
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxchrixymae
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2Conf
 
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptxInternet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptxInternet 2Conf
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
Cyber Threat Advisory: Coronavirus Related Scams
Cyber Threat Advisory: Coronavirus Related ScamsCyber Threat Advisory: Coronavirus Related Scams
Cyber Threat Advisory: Coronavirus Related ScamsCTM360
 
Typology of Cyber Crime
Typology of Cyber CrimeTypology of Cyber Crime
Typology of Cyber CrimeGaurav Patel
 
Introduction to Cyber Security-- L01.pptx
Introduction to Cyber Security-- L01.pptxIntroduction to Cyber Security-- L01.pptx
Introduction to Cyber Security-- L01.pptxsomi12
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Why is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital WorldWhy is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital WorldExpeed Software
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftYour Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftElizabeth Dimit
 
Chapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyChapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyAnjan Mahanta
 

Ähnlich wie Protect Yourself from COVID-19 Phishing Scams (20)

Cybercriminals Are Lurking
Cybercriminals Are LurkingCybercriminals Are Lurking
Cybercriminals Are Lurking
 
Cybercrime blog
Cybercrime blogCybercrime blog
Cybercrime blog
 
Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptx
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
 
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptxInternet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
Cyber Threat Advisory: Coronavirus Related Scams
Cyber Threat Advisory: Coronavirus Related ScamsCyber Threat Advisory: Coronavirus Related Scams
Cyber Threat Advisory: Coronavirus Related Scams
 
Users guide
Users guideUsers guide
Users guide
 
Typology of Cyber Crime
Typology of Cyber CrimeTypology of Cyber Crime
Typology of Cyber Crime
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
 
Are you safe enough on Social Media?
Are you safe enough on Social Media?Are you safe enough on Social Media?
Are you safe enough on Social Media?
 
Introduction to Cyber Security-- L01.pptx
Introduction to Cyber Security-- L01.pptxIntroduction to Cyber Security-- L01.pptx
Introduction to Cyber Security-- L01.pptx
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Why is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital WorldWhy is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital World
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftYour Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
 
Chapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyChapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & Safety
 

Kürzlich hochgeladen

Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 

Kürzlich hochgeladen (20)

Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 

Protect Yourself from COVID-19 Phishing Scams

  • 2. Purpose The purpose of this training is to educate users about social engineering with a focus on phishing. ▸ After this training, you will be able to identify and report phishing attacks. ▸ How to protect yourself from potential phishing scams and websites 2
  • 3. Fake COVID-19 Corona virus related domains 1
  • 4. According to GOOGLE 2.02 million phishing websites have been registered since the start of 2020 4 www.forbes.com February 02-FEB-20 March 01-MAR-20 April 19-APR-20 May 10-MAY-20 41,320 53,731 55,008 58,538
  • 5. 5 60,000 phishing websites were reported in May 2020 alone!
  • 6. 6 Fraudsters are exploiting the opportunity to steal the Personally Identifiable Information (PII), financial information, and even medical information, of those looking for knowledge, protection, and treatment for the viral infection. “
  • 7. coincides with the increasing prominence of coronavirus as a global problem 7
  • 8. 8 More than 700 fake websites mimicking Netflix and Disney+ signup pages have been created seeking to harvest personal information from consumers during the coronavirus lockdown streaming boom. “ www.theguardian.com
  • 9. ▸ Cybercriminals are also impersonating official bodies such as HMRC and the World Health Organization in scam text messages and emails in an attempt to exploit the coronavirus outbreak. 9 www.theguardian.com
  • 10. Deceptive Websites – Fake Site 10 ▸ This fake website url is “uk-covid-19-relieve.com.” www.fullfact.org EXAMPLE
  • 11. Deceptive Websites – Real Site 11 ▸ The real government’s website has a “gov.uk” URL, not a “.com” url. www.fullfact.org EXAMPLE
  • 13. Top 10 Social Engineering Techniques ▸ Pretexting ▸ Quid Pro Quo ▸ Honeytrap ▸ Baiting ▸ Phishing ▸ Water-Holing ▸ Tailgating ▸ Spear Phishing 13
  • 14. 14 “Hi there, regarding my purchase, I have to go to California, my sister has mental health issues so I'll be there for couple of days, It will be very helpful if you send this item to new address (See attachment). Kind regards.” “
  • 15. PreTexting Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information, specifically information that the victim would typically not give outside the context of the pretext. 15 www.wikipedia.org
  • 16. Examples of PreTexting ▸Pretexting is a form of social engineering used to manipulate victims into divulging sensitive information. Pay attention to generic greetings. 16 www.wikipedia.org
  • 17. How to avoid Pretexting ▸ Avoid sharing personal information on social media. If you have already shared out this information, request to have it pulled down. ▸ Use authorized and trusted channels to verify your email address and phone number in case you receive a suspicious message. ▸ Do not click on links sent via emails, instead use trustworthy websites. ▸ Do not disclose your personal information and passwords to anyone if you are uncertain. ▸ Cancel requests for help from a company if you have not requested assistance. ▸ Find out who has access to your data at work and ensure that it is secure. ▸ Do not open emails from an unknown source. ▸ Secure your computer by installing anti-virus software, email spam filters, firewalls, and always keep them updated. 17 Tip 1 www.osgusa.com
  • 18. Quid Pro Quo Quid pro quo attacks promise a benefit in exchange for information. This benefit usually assumes the form of a service. 18 www.wikipedia.org
  • 19. Examples of a Quid Pro Quo ▸Fraudsters contact random individuals, inform them that there’s been a computer problem on their end and ask that those individuals confirm their personal information, all for the purpose of committing identity theft. 19 www.tripwire.com
  • 20. How to avoid Quid Pro Quo ▸ Invest in modern antivirus and antimalware software that will help prevent and manage potential intrusions. ▸ Evaluate email filtering software that can identify and remove phishing attacks before they make it to an employee’s inbox. ▸ Social engineering attacks rely on either the naivete or gullibility of staff. Provide regular security awareness training that outlines common tactics and strategies that criminals will use. ▸ Conduct frequent penetration tests to gauge how well your employees are prepared to handle these various attacks. ▸ Shred company records or any documentation that includes names or employee information. Consider using trash receptacles or dumpsters with locking mechanisms. 20 Tip 2 www.everfi.com
  • 21. Honeytrap An investigative practice involving the use of romantic or sexual relationships for interpersonal, political (including state espionage), or monetary purpose. The honey pot or trap involves making contact with an individual who has information or resources required by a group or individual. 21 www.wikipedia.org
  • 22. Example of a Honeytrap The trapper will seek to entice a target into a false relationship (which may or may not include actual physical involvement) in which they can glean information or influence over the target. 22 www.wikipedia.org | www.independent.co.uk ▸Sarah Cook was overjoyed when she met someone she thought was special on an dating site. Mrs Cook (not her real name), 52, felt she had developed a genuine connection with a US soldier serving in Iraq and was only too happy to help him out when he needed money. But her dreams were shattered when Ghanaian police arrested 31-year-old Maurice Asola Fadola, who they suspected of posing as the soldier and conning Mrs Cook out of £271,000. www.thispersondoesnotexist.com
  • 23. How to avoid a Honeytrap ▸ You need to have the patience and ability to question yourself. Often scams create a sense of urgency, which tests your ability to take a quick decision and portrays itself as scenario that there may be huge loss of opportunity. ▸ These are sure shot signs of scam in motion, which tempts to in making a wrong decision. ▸ Any offer that sounds too good to be true, but which comes with a sense of urgency is usually a scam. 23 Tip 3 www.opiniown.com
  • 24. Baiting Baiting attacks use a false promise to pique a victim's greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. 24
  • 25. Baiting The most reviled form of baiting uses physical media to disperse malware. 25 www.imperva.com ▸Attackers leave the bait—typically malware-infected flash drives—in conspicuous areas where potential victims are certain to see them (e.g., bathrooms, elevators, the parking lot of a targeted company).
  • 26. How to avoid Baiting ▸ Alertness and awareness will serve you well and protect you against baiting and other social engineering attacks. ▸ Keep your antivirus and antimalware security settings up-to-date so they flag potentially harmful and malicious cyber threats ▸ Can that URL really be trusted and is it secure and have an up-to-date, valid security certificate? For example when you use Google Chrome, check that there is a lock sign in the browser search window. This will allow you to see if your connection is secure, can be trusted and has a valid certificate. ▸ Scan your computer regularly to further protect yourself against these cyber threats and help improve your cybersecurity hygiene. 26 Tip 4 www.keepnetlabs.com
  • 27. Phishing! A social engineering attack using a fake e-mail, often with a theme, to elicit interaction (clicking a link or opening an attachment) to deposit malware on the target system. 27 www.hhs.gov
  • 28. Example of Phishing Phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware. 28 www.imperva.com ▸An email sent to users of an online service that alerts them of a policy violation requiring immediate action on their part, such as a required password change. ▸It includes a link to an illegitimate website—nearly identical in appearance to its legitimate version— prompting the unsuspecting user to enter their current credentials and new password. Upon form submittal the information is sent to the attacker.
  • 29. How to avoid be Phished ▸ Know what a phishing scam looks like ▸ Don’t click on that link ▸ Get free anti-phishing add-ons ▸ Don’t give your information to an unsecured site ▸ Rotate passwords regularly ▸ Don’t ignore those updates ▸ Install firewalls ▸ Don’t be tempted by those pop-ups ▸ Don’t give out important information unless you must ▸ Have a Data Security Platform to spot signs of an attack 29 Tip 5 www.lepide.com
  • 30. Water Holing is a targeted social engineering strategy that capitalizes on the trust users have in websites they regularly visit. ... This strategy has been successfully used to gain access to some (supposedly) very secure systems. The attacker may set out by identifying a group or individuals to target. 30 www.wikipedia.org
  • 31. Water Holing This is a social engineering attack that takes advantage of the amount of trust that users give to websites they regularly visit, such as interactive chat forums and exchange boards. 31 www.imperva.com ▸Users on these websites are more likely to act in abnormally careless manners. ▸These websites are referred to as watering holes because hackers trap their victims there just as predators wait to catch their prey at watering holes. ▸Hackers exploit any vulnerabilities on the website, attack them, take charge, and then inject code that infects visitors with malware or that leads clicks to malicious pages. www.ncsc.gov.uk
  • 32. Water Holing – OceanLotus Example A watering hole campaign targeting several websites in Southeast Asia occurred in 2018 and 2019. This campaign, believed to have been run by the OceanLotus group, was very large in scale and over 20 compromised websites were found, including the Ministry of Defense of Cambodia, the Ministry of Foreign Affairs and International Cooperation of Cambodia, and several Vietnamese news and blog outlets. Attackers added a small piece of malicious code to the compromised websites, which checked visitors’ locations and only visitors from Vietnam and Cambodia received the malware. 32 www.securitytrails.com
  • 33. How to avoid Water Holing ▸ Keep all your systems, software and OS’s updated to the latest version with all patches offered by vendors applied. ▸ Invest in advanced network security tools, such as solutions that leverage network traffic analysis and perform inspection of suspicious websites in order to spot attackers attempting to move laterally across the network and exfiltrate data. ▸ Practice makes everything perfect — so make sure that security awareness training includes all current threats to your organization, which should definitely include watering hole attacks. 33 Tip 6 www.securitytrails.com
  • 34. Tailgating Attack is a social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises. 34
  • 35. Tailgating Attack The attacker seeks entry into a restricted area where access is controlled by software- based electronic devices. 35 www.kratikal.medium.com ▸A social engineer can pretend to be a delivery agent from an e-commerce company or someone from a food delivery service, holding boxes as an excuse to ask employees to open the door. ▸The social engineer would pretend to make it look uneasy for him to open the door and would ask any authorized person to help him as a courtesy to get entry to the restricted premises.
  • 36. How to avoid Tailgating Attacks ▸ Make sure to lock your system and other devices while leaving the work station. ▸ In order to avoid tailgating attacks, do not let unknown people enter restricted premises of office unless they have appropriate credentials or authority of access. ▸ Never help strangers to access a secured location when they ask to open the door or are from delivery services unless they are permitted. ▸ Always keep your access identity card with you while you are on the premises and make sure to keep it secure from being misused by unauthorized employees. ▸ Never insert stray or idle external devices like USB or memory cards in your system before getting them verified by the security administrator. ▸ Implement cybersecurity practices in your organization to prevent potential cyber risks. ▸ Provide cybersecurity awareness training to employees to make them understand about cyberattacks and how to recognize them. 36 Tip 7 www.kratikal.medium.com
  • 37. Spear Phishing Spear phishing is a phishing method that targets specific individuals or groups within an organization. 37 www.trendmicro.com
  • 38. Spear Phishing It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss. 38 www.trendmicro.com ▸Spear phishing attackers perform reconnaissance methods before launching their attacks. One way to do this is to gather multiple out-of-office notifications from a company to determine how they format their email addresses and find opportunities for targeted attack campaigns. ▸Other attackers use social media and other publicly available sources to gather information.
  • 39. How to avoid Spear Phishing ▸ Educate your employees and conduct training sessions with mock phishing scenarios. ▸ Deploy a SPAM filter that detects viruses, blank senders, etc. ▸ Keep all systems current with the latest security patches and updates. ▸ Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment. ▸ Develop a security policy that includes but isn't limited to password expiration and complexity. ▸ Deploy a web filter to block malicious websites. ▸ Encrypt all sensitive company information. ▸ Convert HTML email into text only email messages or disable HTML email messages. ▸ Require encryption for employees that are telecommuting. 39 Tip 8 www.kratikal.medium.com
  • 41. a) 1.12 Million b) 2.02 Million c) 5.9 Million d) 10 Million e) None of the above ______ million phishing websites have been registered since the start of 2020 ✓
  • 42. a) Fox News b) Disney c) Amazon d) Netflix e) None of the above More than 700 fake websites mimicked the following companies ✓ ✓
  • 43. a) a form of social engineering used to manipulate victims into divulging sensitive information. b) a new way to text. c) a pre-filled form. d) all of the above. Pretexting is… ✓
  • 44. a) a promise or a benefit in exchange for information. b) a new way to text. c) a French desert. d) Latin for hello. e) None of the above Quid Pro Quo is… ✓
  • 45. a) a way to catch bee honey b) a trap that involves making contact with an individual who has information or resources required by a group or individual. c) A new web app. d) None of the above A Honeytrap is… ✓
  • 47. Thank you Any questions? You can find me at: multimedia.web@outlook.com 47

Hinweis der Redaktion

  1. Find more maps at slidescarnival.com/extra-free-resources-icons-and-maps