Phishing explained



Cybersecurity?is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term?security?implies cybersecurity.Understanding SecurityWhy is security important?Helps protect individuals from being victims of security incidents.Provides an understanding of steps to follow in the event of a security incident.Helps to understand levels of responsibility.The first step in Security Awareness is to recognize a security threat.What is a virus?A program that is secretly installed onto your computer and makes copies of itself which consumes your computer resources.Social EngineeringSocial engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.How do I prevent Social Engineering?Do not give out computer or network information.Do not complete confidential company tasks in an unsecure setting.Secure sensitive documents and media.Email SecurityHow to avoid an email virus?Delete an unexpected or unsolicited message.Use anti-virus software to scan attachments before opening.Delete similar messages that appear more than once in your Inbox.Email TipsEmail is the most common delivery method for viruses.Never email personal information. Delete an email if you are not sure of the sender or content.Sending an occasional personal email is acceptable.Never reply to a message that you are unsure of.Password ManagementWhat makes a good password?It should be easy to remember (You don’t want to write it down.)Use at least 8 characters (the longer the more secure)Use a mixture of characters (most are case sensitive):Upper case letters (A – Z)Lower case letters (a – z)One or more numbersAt least one or two special characters, such as a $ or * or !What to avoid in creating a passwordNames of any kind.?These include your login name, your own or a family member’s name, a pet’s name, or any proper name.Any kind of personal information, specifically your phone number, address, birthday, license plate number, or anything else someone could guess or look up about you. It also includes sensitive information such as your ATM PIN, or social security number or credit card number.Words contained in the dictionary or foreign language dictionary.?By all means, never, ever use the word password or Password and avoid words that can be found in the dictionary.Sequences or repeated characters.?Avoid sequences or repeated characters such as 22222 or 12345 or abc123 or asdfg.Other good safety practicesNever write your password on a sticky and put it on your monitor or under your keyboard.Don’t ever share your password with anyone.Don’t use the same password for all the sites you visit.Change your password periodically. The more important the information you are protecting, the more frequently you should change the password.Always change the default system password. Never leave it as the default.If you think you password has been compromised, change your password, report the incident to the proper authorities & check your other passwords for other accounts.Make it memorableNow that you know how to make a good, strong password, how do you remember it without writing it down? One favorite trick is to use a pass phrase. You can take a favorite quote, a line from a song, or a Bible verse and use the first letter of each word and possibly change a few of the letters with characters.For example, you could take the first part of a Bible verse such as John 3:16 “For God so loved the world that He gave His only begotten son” and make it: j316fGsLtw*. Or Benjamin Franklin’s quote “A penny saved is a penny earned.” That password would be ApsiApe*BF.Phishing ScamsPhishing?is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.Phishing explainedA malicious user can rely on email or webpage to launch a Phishing attack, Virus attack or spyware. Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your university, your?Internet service provider, your bank). These messages usually direct you to a spoofed website or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.One type of phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to "click here" to verify your information.Phishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.Specific types of phishingPhishing scams vary widely in terms of their complexity, the quality of the forgery, and the attacker's objective. Several distinct types of phishing have emerged.Spear phishingPhishing attacks directed at specific individuals, roles, or organizations are referred to as "spear phishing". Since these attacks are so pointed, attackers may go to great lengths to gather specific personal or institutional information in the hope of making the attack more believable and increasing the likelihood of its success.The best defense against spear phishing is to carefully, securely discard information (i.e., using a cross-cut shredder) that could be used in such an attack. Further, be aware of data that may be relatively easily obtainable (e.g., your title at work, your favorite places, or where you bank), and think before acting on seemingly random requests via email or phone.WhalingThe term "whaling" is used to describe phishing attacks (usually spear phishing) directed specifically at executive officers or other high-profile targets within a business, government, or other organization.Avoiding phishing scamsTo guard against phishing scams, consider the following:Reputable organizations will never use email to request that you reply with your password, full Social Security number, or confidential personal information.?Be suspicious of any email message that asks you to enter or verify personal information, through a website or by replying to the message itself. Never reply to or click the links in such a message. If you think the message may be legitimate, go directly to the company's website (i.e., type the real?URL?into your?browser) or contact the company to see if you really do need to take the action described in the email message.The safest practice is to read your email as plain text.Phishing messages often contain clickable images that look legitimate; by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your?mail client?to read?HTML?or other non-text-only formatting, attackers can take advantage of your mail client's ability to execute code, which leaves your computer vulnerable to?viruses, worms, and Trojans.When you recognize a phishing message, first?report it, and then delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the websites it points to.Lock Your Computer Screen or DeviceWhy should you lock your screen when you’re away?To prevent others from viewing or using your device when you are away.To prevent unauthorized access to PHI (Protected Health Information).Comply with the latest HIPPA and NIST standards and laws.What should you do?Shut down, lock, log off, start screensaver, or put your device to sleep before leaving it unattended <ctrl><alt><delete> or <Windows key><L> on a Windows PCApple menu or power button on a MacSet your device to "lock," "sleep," "auto log-off", or go to screensaver when you're not using it (max. 20 minutes of inactivity, max. 10 minutes for HIPAA workstations).Make sure you have to enter a strong password to start up or wake-up your computer.FOR MOBILE DEVICES: Set your device to require a strong password/PIN to start up or resume activity and to automatically lock when not in use--but still don't store anything you're not willing to lose.Some devices can be set to be erased remotely, or to erase themselves if the password/PIN is entered incorrectly too many times. Consider turning these on to protect information in the case of theft or loss.Portable Media SecurityWhat is portable media?Any device that contains data that can be easily transported.External hard drives, USB Flash drives, CD/DVD disks and cell phones are some examples. Should I use portable media?Use of portable media is discouraged in the Healthcare sector.Strong encryption and authentication procedures should always be used on portable media devices. Lost or Stolen devicesWhat if an electronic device is lost or stolen?Report to your supervisor or director immediately.Notify IS as soon as possible.Security TipsNever wear your security badge outside of work.Remember that End Users are the biggest vulnerability.Do not ignore unusual computer functioning. It might be a sign of malware.Phishing is a way to obtain secure information illegally. Report anything suspicious to your system administrator. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download