Phishing Attacks and Online Safety

Phishing Attacks

• Phishing attacks involve criminals sending emails with bait that looks like something worthwhile, posing as a legitimate company or service, and requesting that the victim do something urgently.
• The goal is to trick the victim into clicking on a link and filling out requested information, which can be used to steal their identity or access their accounts.
• Phishing attacks can be targeted (spear phishing) or broad, and can use information from social media or other research to make the email appear authentic.

Identifying Phishing Attacks

• Look for red flags, such as:
  • A sender that claims to be a legitimate company or service, but the domain name is not what it seems.
  • Grammatical or spelling errors in the email.
  • A link that does not direct to the expected website when moused over.
• Be cautious when receiving emails from unknown senders, and never click on links or provide personal information.
• Instead, go directly to the company's website by typing in the URL or using a bookmark.

Email Attachments

• Email attachments are a common way to spread malware.
• Avoid opening attachments from unknown senders, even if they appear to be innocuous (e.g., .pdf, .exe, .jpg).
• If you receive an attachment from a known sender, but it seems suspicious, contact the sender to confirm they sent it.
• Be cautious when posting your email address online, as it can attract spam and malware.

Spam Protection

• Use a third-party spam blocker to help filter out unwanted emails.
• Never click, open, or respond to spam emails.
• When posting your email address online, use a format that prevents spam bots from collecting it (e.g., [username] at [domain] dot [com]).

Security Questions

• Be cautious when answering security questions, as they can be used to reset your password.
• Use unrelated answers to security questions, rather than truthful information that can be found online.
• Treat security questions as additional passwords, and keep them confidential.

Password Hygiene

• Create unique, complex passwords for each website and application.
• Avoid using the same password across multiple websites.
• Enable two-factor authentication (2FA) whenever possible.
• Use a password manager to generate and store complex passwords.
• Regularly check for data breaches and update your passwords accordingly.

Malware and Infections

• Malware includes viruses, worms, Trojans, rootkits, ransomware, and spyware.
• Malware can spread through email attachments, infected flash drives, and downloads from the internet.
• Ransomware is a type of malware that encrypts files and demands payment in exchange for decryption.
• Malware can target any operating system, but Windows is the most common target due to its market share.
• Mobile devices are also vulnerable to malware, especially when users do not have antivirus software installed.

Protecting Your Device

• Use antivirus software and keep it up to date.

• Be cautious when downloading software from the internet.

• Avoid plugging in unknown flash drives or other devices.

• Use a password manager to generate and store complex passwords.

• Enable two-factor authentication (2FA) whenever possible.

• Regularly check for data breaches and update your passwords accordingly.### Cyber Security Threats

• Malware can infect mobile devices by downloading apps directly from the internet rather than official stores like Google Play Store and Apple's App Store.

• Top tips to avoid malware:

  • Install endpoint security on all devices
  • Be careful what you plug into devices
  • Be cautious about what you click
  • Get awareness training for yourself and family

Public Wi-Fi

• Public Wi-Fi is a non-secure network that users can connect to for free, often found in hotels, coffee shops, and libraries.
• Be cautious of fake Wi-Fi hotspots set up by malicious actors to intercept sensitive information.
• Top tips for using public Wi-Fi:
  • Verify the Wi-Fi name with the business owner prior to connecting
  • Treat all public Wi-Fi connections as compromised or unsafe
  • Utilize an endpoint security product to prevent cyber attacks

Internet of Things (IoT)

• IoT refers to non-traditional devices connected to the internet, such as thermostats, cameras, and doorbells.
• IoT devices can create security holes if not properly secured, allowing unauthorized access.
• Top tips for staying safe while using IoT:
  • Change default usernames and passwords on all devices, including routers
  • Disable web features on IoT devices if not utilized
  • Keep all IoT devices, including routers, up-to-date with the latest firmware or patches

Secure Websites

• HTTPS is a protocol for secure communication over a computer network, indicated by a green lock in the web address bar.
• HTTPS ensures that traffic is sent securely to the website, protecting sensitive information.
• Top tips regarding secure websites:
  • Be cautious where you enter sensitive information
  • Check if the site is secured by HTTPS
  • Heed browser warnings
  • Verify the website's reputation before entering sensitive information

Web Content Filters

• Web content filters screen web traffic based on preconfigured policies set by the administrator.
• Filters can block access to specific websites, restrict time spent on certain sites, and filter malicious content.
• Top tips about web content filters:
  • Use web content filtering at work to increase employee productivity
  • Use web content filtering at home to protect children's devices from inappropriate content
  • Implement filtering software to protect from malicious content and advertisements

Internet Protection

• Internet users should be cautious when using search engines and social media, as links and advertisements can be malicious.
• Free things, such as music and movies, are often filled with malware.
• Top tips for using search engines:
  • Stick to clicking on sites on the first page of results
  • Be cautious when clicking on non-name recognizable sites
  • Be careful when downloading anything that says it's free

Social Engineering

• Social engineering is the manipulation of people into disclosing confidential or sensitive information.
• Examples of social engineering include phishing emails, phone calls, and in-person requests.
• Top tips regarding social engineering:
  • Be careful with the information you disclose and to whom you disclose it
  • Verify the credentials of all contractors and callers
  • Be cautious of external threats and Insider threats

Insider Threats

• Insider threats refer to individuals with access to an organization's systems or data who can cause harm, including current or former employees, business partners, and contractors.
• Insider threats can occur through malicious access, fishing, or social engineering.
• Top tips to combat Insider threats:
  • Increase employee awareness to cybercriminal tactics
  • Implement a data use policy and security tools to prevent, detect, and respond to security incidents
  • Consider physical security as part of the data protection plan

Phishing Attacks

• Phishing attacks involve criminals sending emails that appear to be from legitimate companies, requesting urgent action, to steal identity or access accounts.
• Phishing attacks can be targeted (spear phishing) or broad, and may use social media research to appear authentic.

Identifying Phishing Attacks

• Look for red flags: sender's domain name doesn't match, grammatical/spelling errors, suspicious links.
• Be cautious with unknown senders, never click on links or provide personal information.
• Instead, go directly to the company's website by typing in the URL or using a bookmark.

Email Attachments

• Email attachments are a common way to spread malware.
• Avoid opening attachments from unknown senders, even if they appear innocuous.
• Verify suspicious attachments from known senders before opening.

Spam Protection

• Use a third-party spam blocker to filter out unwanted emails.
• Never click, open, or respond to spam emails.
• Use a secure email address format when posting online to avoid spam bots.

Security Questions

• Be cautious when answering security questions, as they can be used to reset passwords.
• Use unrelated answers to security questions, rather than truthful information.
• Treat security questions as additional passwords, keeping them confidential.

Password Hygiene

• Create unique, complex passwords for each website and application.
• Avoid using the same password across multiple websites.
• Enable two-factor authentication (2FA) whenever possible.
• Use a password manager to generate and store complex passwords.
• Regularly check for data breaches and update passwords accordingly.

Malware and Infections

• Malware includes viruses, worms, Trojans, rootkits, ransomware, and spyware.
• Malware can spread through email attachments, infected flash drives, and downloads.
• Ransomware encrypts files and demands payment for decryption.
• Malware can target any operating system, but Windows is the most common target.

Protecting Your Device

• Use antivirus software and keep it up to date.
• Be cautious when downloading software from the internet.
• Avoid plugging in unknown flash drives or devices.
• Use a password manager to generate and store complex passwords.
• Enable two-factor authentication (2FA) whenever possible.

Cyber Security Threats

• Malware can infect mobile devices through direct downloads from the internet.
• Top tips to avoid malware: install endpoint security, be cautious with devices, and get awareness training.

Public Wi-Fi

• Public Wi-Fi is a non-secure network that can be intercepted by malicious actors.
• Top tips for using public Wi-Fi: verify the Wi-Fi name, treat all connections as compromised, and use endpoint security.

Internet of Things (IoT)

• IoT refers to non-traditional devices connected to the internet, such as thermostats and cameras.
• IoT devices can create security holes if not properly secured.
• Top tips for staying safe with IoT: change default usernames and passwords, disable unused features, and keep devices up to date.

Secure Websites

• HTTPS ensures secure communication over a computer network.
• HTTPS protects sensitive information, indicated by a green lock in the web address bar.
• Top tips regarding secure websites: be cautious where you enter sensitive information, check for HTTPS, and heed browser warnings.

Web Content Filters

• Web content filters screen web traffic based on preconfigured policies.
• Filters can block access to specific websites, restrict time, and filter malicious content.
• Top tips about web content filters: use them at work to increase productivity, at home to protect children, and to filter malicious content.

Internet Protection

• Internet users should be cautious when using search engines and social media, as links and ads can be malicious.
• Free things, such as music and movies, are often filled with malware.
• Top tips for using search engines: stick to the first page of results, be cautious with unknown sites, and be careful with free downloads.

Social Engineering

• Social engineering is the manipulation of people into disclosing confidential information.
• Examples of social engineering include phishing emails, phone calls, and in-person requests.
• Top tips regarding social engineering: be cautious with disclosed information, verify credentials, and be aware of external and internal threats.

Insider Threats

• Insider threats refer to individuals with access to an organization's systems or data who can cause harm.
• Insider threats can occur through malicious access, phishing, or social engineering.
• Top tips to combat Insider threats: increase employee awareness, implement data use policies and security tools, and consider physical security.