Phishing Detection and Safe Browsing

Questions and Answers

What is a common trait of phishing emails?

Urgent or threatening language (correct)

Secure HTTPS links

Personalized greetings

Legitimate sender addresses

What is a recommended practice for safe browsing?

Avoiding website contact information verification

Disabling anti-virus software and firewalls

Hovering over links to see the URL (correct)

Using public computers for sensitive activities

What is a password management best practice?

Using the same password across multiple accounts

Storing passwords in plain text

Using a strong, unique password for each account (correct)

Sharing passwords with colleagues

What is a type of social engineering attack?

Pretexting

What is a data protection best practice?

Implementing access controls based on classification

What is a recommended practice for protecting sensitive data?

Implementing secure storage and backup procedures

Study Notes

Phishing Detection

• Red flags:
  • Urgent or threatening language
  • Misspelled URLs or suspicious sender addresses
  • Generic greetings instead of personalized ones
  • Requests for sensitive information
• Verification techniques:
  • Hover over links to see the URL
  • Check for HTTPS and a valid certificate
  • Be cautious of attachments and downloads
  • Verify the sender's identity through other means

Safe Browsing

• Browser security:
  • Keep browsers and plugins up-to-date
  • Use anti-virus software and a firewall
  • Avoid using public computers or networks for sensitive activities
• Website safety:
  • Avoid suspicious or unfamiliar websites
  • Be cautious of pop-ups and ads
  • Look for HTTPS and a valid certificate
  • Use a website's contact information to verify its legitimacy

Password Management

• Password best practices:
  • Use strong, unique passwords for each account
  • Avoid using common words, names, or phrases
  • Use a passphrase or a password manager
  • Avoid sharing passwords or storing them in plain text
• Password hygiene:
  • Regularly change passwords (e.g., every 60-90 days)
  • Avoid using the same password across multiple accounts
  • Use two-factor authentication (2FA) when available

Social Engineering

• Types of social engineering:
  • Phishing (email, phone, or text)
  • Pretexting (creating a fake scenario)
  • Baiting (leaving malware-infected devices or media)
  • Quid pro quo (exchanging sensitive information for a service)
• Protection strategies:
  • Verify the identity of the requester
  • Be cautious of generic greetings or requests
  • Avoid providing sensitive information to unfamiliar individuals
  • Report suspicious activities to the appropriate authorities

Data Protection Best Practices

• Data classification:
  • Identify sensitive data (e.g., personal, financial, or confidential)
  • Classify data based on its level of sensitivity
  • Implement access controls based on classification
• Data handling:
  • Use encryption for sensitive data
  • Implement secure storage and backup procedures
  • Limit access to sensitive data on a need-to-know basis
  • Dispose of sensitive data securely when no longer needed

Phishing Detection

• Red flags in phishing emails include urgent or threatening language, misspelled URLs, suspicious sender addresses, and generic greetings instead of personalized ones.
• Verification techniques include hovering over links to see the URL, checking for HTTPS and a valid certificate, being cautious of attachments and downloads, and verifying the sender's identity through other means.

Safe Browsing

• Browser security measures include keeping browsers and plugins up-to-date, using anti-virus software and a firewall, and avoiding the use of public computers or networks for sensitive activities.
• Website safety tips include avoiding suspicious or unfamiliar websites, being cautious of pop-ups and ads, looking for HTTPS and a valid certificate, and using a website's contact information to verify its legitimacy.

Password Management

• Password best practices include using strong, unique passwords for each account, avoiding common words, names, or phrases, using a passphrase or password manager, and avoiding sharing or storing passwords in plain text.
• Password hygiene involves regularly changing passwords (e.g., every 60-90 days), avoiding the same password across multiple accounts, and using two-factor authentication (2FA) when available.

Social Engineering

• Types of social engineering attacks include phishing (email, phone, or text), pretexting (creating a fake scenario), baiting (leaving malware-infected devices or media), and quid pro quo (exchanging sensitive information for a service).
• Protection strategies include verifying the identity of the requester, being cautious of generic greetings or requests, avoiding providing sensitive information to unfamiliar individuals, and reporting suspicious activities to the appropriate authorities.

Data Protection Best Practices

• Data classification involves identifying sensitive data (e.g., personal, financial, or confidential), classifying data based on its level of sensitivity, and implementing access controls based on classification.
• Data handling best practices include using encryption for sensitive data, implementing secure storage and backup procedures, limiting access to sensitive data on a need-to-know basis, and disposing of sensitive data securely when no longer needed.

Description

Learn how to identify phishing scams and stay safe while browsing the internet. Discover red flags to watch out for and verification techniques to keep you protected.