Let's Be #CYBERAWARE, DaVIDSON

When it comes to keeping yourself safe on the web, being informed is the most important step. This October is Cybersecurity Awareness Month, and each week we'll release a quick five minute course with knowledge, tips & tricks you can use to become more #CyberAware.

Image of a red badge with a shield inside of it.

Week ONE: PHISHING BASICS

Phishing is a cybercrime that relies on deception to influence people into performing an action that compromises personal information or digital security.

This could be providing log-in credentials, confidential information, money, or performing an action like inadvertently installing malicious software.

Phishing victims are tricked into performing these actions because they trust the source of the request, or engage with the request without taking a critical look.

REVIEW COMMON PHISHING TYPES

Impersonation Phishes and Gift Card Scams

Goal: To trick the target into believing they are communicating with someone they know in an effort to extract financial information, like gift card codes or other sensitive information.

Screenshot of a phishing email showing someone trying to impersonate a boss or colleague and asking them to complete a task urgently.
Screenshot of a phishing email or text showing someone impersonating a boss or colleague who is in a meeting and needs help completing a task.

In Week 2 we'll cover some hallmarks of phishing, but you can spot some of the most common ones in these examples.

Look for copycat email addresses, vague sounding scenarios, co-worker impersonation, and a request for immediate action. Phishing attempts like these may come via email, text or other written communications.

Screenshot of a phishing email or text showing someone impersonating a boss or colleague who is in a meeting and needs the phishing target to purchase EBay gift cards in the amount of $1,000 to be reimbursed later.

Credential Harvesting

Goal: To trick someone into believing they are entering their credentials into a trusted system. Collected credentials can then be used for data collection, like accessing someone’s email, or to send future phishing attacks from inside an organization.

Screenshot of an email with language about Office 365 password reset, in an attempt to harvest the target's login information.

Google or Sharepoint Redirect

Goal: To make the target believe they’ve received a shared document from someone they know. Links in the phish send the user a document notification with instructions to click on a link. Through this unsafe link, email credentials can be harvested or malicious software installed.

Screenshot of an email that pretends a user asking to update their bank account information with the email recipient.

Direct Deposit Scam

Goal: To make it seem like a person is communicating with someone they know, either a work colleague or vendor that deals with payments or banking. This scam attempts to have targets change direct deposit information, in order to divert funds to the bad actor's own bank account.

Malicious Attachments

Goal: To trick a target into believing they are communicating with a trusted entity, either someone they work with, a trusted vendor, or an internal system. If a user clicks on the attachment, malicious software can be installed on the device.

Screenshot of an email with attachments that pretends to be files sent from an inter-office scanner.