2. Profile
Stephen Hasford
Cyber Security Engineer, Cybrary TA, BIC Location Ambassador@Ghana
https://www.linkedin.com/in/stephenhasford
Certifications:
• Certified Ethical Hacker
• CCNA Cyber Ops
• Microsoft Certified Systems Engineer
• Qualys Certified Specialist
• CyberArk Certified Trustee
Education:
• BEng, Electrical and Electronics Engineering
• Diploma, Hardware and Networking Engineering
3. What is phishing?
Techniques used by cybercriminals to con you into revealing sensitive information or
installing malware on your computer.
4. Phishing Variants
◦ email phishing - Phishing email will typically direct the user to visit a website where they are
asked to update personal information, such as a password, credit card, social security, or bank
account numbers, that the legitimate organization already has.
◦ smishing - the fraudulent practice of sending text messages purporting to be from reputable
companies in order to induce individuals to reveal personal information, such as passwords or
credit card numbers.
◦ Vishing - the fraudulent practice of making phone calls or leaving voice messages purporting to
be from reputable companies in order to induce individuals to reveal personal information, such
as bank details and credit card numbers.
◦ USBishing - attackers usually try to lure victims to use unknown USB devices on their
laptops/computers. Attackers will leave high-capacity drives in public areas such as restrooms.
When a phish connects the drive with a device, the drive automatically installs a malware onto
the device without the user knowing.
5. Phishing Types
◦ Mass Phishing - emails sent to a group of people with some common interest based on their
brand preferences, demographics, and choices. Example: emails sent to potential victims are
clones of transactional emails like receipts, payment reminders, or gift cards.
◦ Spear Phishing - typically targeted in nature, and the emails are carefully designed to target a
particular user.
◦ Whaling - not very different from spear phishing, but the targeted group becomes more specific
and confined in this type of phishing attack. Targets are CEO, CFO, COO or any other senior
management positions who are considered to be big players in the information chain of any
organization.
6.
7.
8.
9.
10. Phishing Prevention
◦ Two factor authentication should be deployed to prevent hackers who have compromised a
user's credentials from ever gaining access.
◦ Keep all systems current with the latest security patches and updates.
◦ Be sure to look at any hyperlinks by hovering over them before you click. The text of the
hyperlink might look legit but the actual redirect URL could be something bogus.
◦ Encrypt all sensitive company information
◦ Look for misspellings or poor grammar. Many scammers are not native English speakers and
make grammatical mistakes
◦ Think before clicking links
◦ Do NOT click on any attachments from unknown sources. If this is your corporate email, notify
your IT staff.
◦ Never share your email passwords unless you are logging in to your email provider's website
◦ Never click on links in an email - always type the address directly into the address bar.
◦ Always pick up the phone and call to confirm an out-of-band request, even if you think the CEO
may be mad.