Let's Be #CYBERAWARE, DaVIDSON
When it comes to keeping yourself safe on the web, being informed is the most important step. This October is Cybersecurity Awareness Month, and each week we'll release a quick five minute course with knowledge, tips & tricks you can use to become more #CyberAware.
Week ONE: PHISHING BASICS
Phishing is a cybercrime that relies on deception to influence people into performing an action that compromises personal information or digital security.
This could be providing log-in credentials, confidential information, money, or performing an action like inadvertently installing malicious software.
Phishing victims are tricked into performing these actions because they trust the source of the request, or engage with the request without taking a critical look.
REVIEW COMMON PHISHING TYPES
Impersonation Phishes and Gift Card Scams
Goal: To trick the target into believing they are communicating with someone they know in an effort to extract financial information, like gift card codes or other sensitive information.
In Week 2 we'll cover some hallmarks of phishing, but you can spot some of the most common ones in these examples.
Look for copycat email addresses, vague sounding scenarios, co-worker impersonation, and a request for immediate action. Phishing attempts like these may come via email, text or other written communications.
Goal: To trick someone into believing they are entering their credentials into a trusted system. Collected credentials can then be used for data collection, like accessing someone’s email, or to send future phishing attacks from inside an organization.
Google or Sharepoint Redirect
Goal: To make the target believe they’ve received a shared document from someone they know. Links in the phish send the user a document notification with instructions to click on a link. Through this unsafe link, email credentials can be harvested or malicious software installed.
Direct Deposit Scam
Goal: To make it seem like a person is communicating with someone they know, either a work colleague or vendor that deals with payments or banking. This scam attempts to have targets change direct deposit information, in order to divert funds to the bad actor's own bank account.
Goal: To trick a target into believing they are communicating with a trusted entity, either someone they work with, a trusted vendor, or an internal system. If a user clicks on the attachment, malicious software can be installed on the device.