Email Security Awareness


Published on

Security awareness class I teach with tips to protect yourself from some common email dangers & scams.

Published in: Technology, News & Politics
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Spam email has purpose to scam or go after $$Moved past destructive element of a virus, not just about infecting computer, motivation
  • Example of passphrasesPassword of “football” hacked in secondsPassphrase short sentence “I like to watch football”Add complexity Ilik3towatchf00tball!Use first letter from each word of sentence “For my honeymoon I went to the Bahamas and drank mud slidesFmhiwttbadmsAdd complexity Fmh1wttbAdms!!
  • MS paying it forward, forward for good luck, virus warningsEmail address may have company name in to fool you EX
  • Social networks, scams follow the people, 800 million+ on FBGmail report as spam
  • Open example MED.docxNote the line to Whitelist the email address to receive future offers
  • Open 419scam.docx example
  • Open robinlondon.docx example
  • Hotmail, Gmail, Yahoo offer click here if friends email account has been hacked
  • Open paypal.docx exampleOpen acountverify.docx eample
  • Open paypal.docx exampleOpen acountverify.docx eample
  • Open finance.docx exampleOpen gwmailbox.docx example
  • Scams are moving to more methods of delivery
  • I have filled out survey for Best Buyand other storesI have never given my cell phone number to surveys as contact methodWhy text message? Why not call me to notify?
  • I have reported some phishing emails to Paypal, BOA
  • Some updates may be bundled with internet toolbars or security checking software, browser add-ons, etc…Seen Skype updates in email as wellOpen adobe.jpg exampleOpen msupdate.jpg example
  • Open workfromhome.jpg exampleMay also invlive buying merchandise and shipping it and keeping percentage
  • Email Security Awareness

    1. 1. { Email Security Awareness Tips to protect yourself from some common email dangers & scams
    2. 2.  The driving force is MONEY!  Drive you to a site to sell you something  Scams, advanced fee, lottery  Collect personal information  Fake AV, Scareware! Ransomware!  Stealing login credentials  Key loggers  Attackers are finding ways to compromise computer, passwords, data, accounts  Easier to hack people then find way into company network through perimeter defenses Protect Yourself
    3. 3.  Password may be only line of defense for email account  Don’t reuse passwords for all online accounts  Compromised password could give access to multiple accounts or sites  Avoid common words, names, birthdays  Use passphrase, mix upper and lower case letters, numbers, and special characters  Minimum 14 characters  Never keep passwords on sticky note on monitor  Login page using HTTPS required when using unsecure network (public Hot Spot)  checker.aspx Strong Passwords
    4. 4.  Sense of urgency! Act now, respond now, need help  Don’t think, just click! NOW, NOW, NOW!  Alarmist messages and threats of account closures  Any email requesting personal information, bank account, credit card number, access codes, etc… (Phishing)  Spelling errors, grammatical errors  Promises of money for little or no effort  Work from home (money mule scams)  Generic greeting, Dear Customer  Request for help, related to urgency scams, emotional pull  Sender in foreign county needs help and money Tips to Avoid Scams
    5. 5.  Send money up front to receive prize  Deals that sound too good to be true  Free may have a price tag!  Electronics, iPads, gift cards, lottery scams, inheritance scams etc…  Downloads and attachments  Fake software updates  Holiday scams, ecards (zip file attachment or links)  May lead to unwanted software being loaded on computer, Trojan horse program with key logger, fake AV, bot, rootkit, etc…  Senders email address  Email may claim to be from BOA, but sender address is not related to company, EX Tips to Avoid Scams
    6. 6.  Requests to donate to a charitable organization after a disaster that has been in the news  Shortened links, or confusing links  Redirect to bad guys site  Go directly to company web site if in doubt  Chain letters  May be collecting addresses for spammers  Unsubscribe links, may confirm live email account  Junk Mail in GroupWise  Report as spam or set up filter to block future emails (Gmail, Hotmail, Yahoo, etc…)  Similar scams may arrive as instant messages, Skype, Facebook posts, Twitter DMs  Social networking is a huge target for scams Tips to Avoid Scams
    7. 7.  No! I don’t need cheap meds!  Not malicious  Similar to postal junk mail  Usually selling merchandise or advertisements  Link to ecommerce website  Drive customer to website selling products or offering services Spam
    8. 8.  The number “419” refers to the article of the Nigerian Criminal Code dealing with fraud  Started before email as Spanish prisoner scam  Many variations,  Iraqi gold, blood diamonds, inheritance or investment scams, etc…  Advanced fee scams  Usually involve millions of dollars  Assistance is needed, transfer money to you and you earn percentage, catch is paying fees or taxes up front  Made to believe paying fees or taxes will lead to “bigger” prize! Nigerian 419 Email Scams
    9. 9.  There is no big prize or reward!  Do not respond  Delete message  Junkmail, report as spam Don’t Respond
    10. 10.  URGENCY! Dire need of help!  Receive email from friend or relative that is in foreign county and has been robbed  Needs money to settle bills Robbed in London
    11. 11.  Call person, try to speak to person to verify their location  Never in country that email claims!  Senders email account has been hacked or accessed by unauthorized person  Bad guy sending email to all contacts in address book  Person is unaware account was hacked and “fake” emails are being sent  Person should change password to account immediately  Check for forwarding rules  Contact ISP or email provider for assistance Never Respond
    12. 12.  To obtain information for the purpose of fraud or identity theft  Account may be locked or suspended  Have short time frame to verify  Problem with payment or credit card  Verify login credentials  Email account storage limits  URGRNCY pull is involved Phishing
    13. 13.  Can use company logos  Copy from web site  Look and feel authentic  Links do not go to actual company website  Shortened links,  Redirect to bad guy site  May sign name of actual employee with company  Senders email address is not related to company Phishing
    14. 14.  Phishing Video  office Phishing
    15. 15.  More specific  Targeted audience  Directed at specific company, people at certain levels in company or in certain departments Spear Phishing
    16. 16.  The name is derived from SMS Phishing, SMS (Short Message Service) is the technology used for text messages on cell phones  URGENCY!  (Voice phISHING) it is the voice counterpart to phishing. The caller can ask for personal information or direct user to malicious website.  Support call to download “fake” software update.  Caller ID numbers and names can be spoofed. Smishing
    17. 17. Smishing Example
    18. 18.  Never reply to an email to verify personal information, bank account numbers, credit card numbers, passwords, etc…  Call bank or credit card company directly  Verify if they sent email  Some companies have ways to report suspected fraud emails Don’t Respond
    19. 19.  Microsoft and Adobe never send updates through email  Attachments will not update programs, but load unwanted software  Links will not take to you to company web site or download attachment  Go directly to company website  Microsoft Updates through IE  Check for updates in Adobe Reader  Run PSI or Qualys Browser Check to verify updates are available Software Updates
    20. 20.  Work from home scams  Make money part time, spare time  Have computer you can make thousands of dollars  Open bank account, bad guy deposits money, you transfer, or with draw money and wire it to someone, and keep percentage  No legitimate company works like this! Money Mule Scams
    21. 21.  Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S. (September 2010)  us_Trojan_bust_reveals_sophisticated_money_mules_ operation_in_U.S In the News
    22. 22.  Phishing Game  scams  Scam and Spam Game  scam-slam For Fun
    23. 23.   privacy/phishing-symptoms.aspx  Additional Resources