SlideShare a Scribd company logo

Phishing Email Examples and How to Identify Them

The biggest challenge of phishing is that technology doesn’t provide a perfect fix. Attackers play on trust and fear to manipulate people to take actions that leave their organization at risk. Stopping phishing attacks starts with identifying the phishing email.  This presentation provides 6 examples of phishing emails and how to identify them to mitigate risk.

1 of 19
Download to read offline
6 Examples of
Phishing Emails
And How to Identify Them
Teach Your Employees
What to Look for to
Identify Phishing Emails
The threat of phishing is increasing both in terms of frequency and
sophistication. This trend shows no sign of slowing.
One of the biggest challenges of phishing emails, and social engineering in
general, is that technology doesn’t provide a perfect fix.
However, there is one common denominator in all of these phishing attacks.
People.
Attackers play on trust and fear to manipulate people to take actions that put
them at risk. The risk goes beyond the individual. Employee actions leave
organizations vulnerable too.
There’s a common saying that employees are the biggest threat to information
security. However, employees can be taught how to recognize phishing emails
to keep personal, company, and customer information safe.
Untrained employees may be one of the biggest threats to information
security, while well trained employees are the best and last line of defense.
Ad

Recommended

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 

More Related Content

Recently uploaded

"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor FesenkoFwdays
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVARobert McDermott
 
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
Zi-Stick UBS Dongle ZIgbee from  Aeotec manualZi-Stick UBS Dongle ZIgbee from  Aeotec manual
Zi-Stick UBS Dongle ZIgbee from Aeotec manualDomotica daVinci
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxVotarikari Shravan
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfSafe Software
 
"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys VasylievFwdays
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?MENGSAYLOEM1
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsEvangelia Mitsopoulou
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceSusan Ibach
 
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERNRonnelBaroc
 
Breaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologyBreaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologySafe Software
 
My self introduction to know others abut me
My self  introduction to know others abut meMy self  introduction to know others abut me
My self introduction to know others abut meManoj Prabakar B
 
Artificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfArtificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfIsidro Navarro
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1Inbay UK
 
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...DianaGray10
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellencePrecisely
 
Importance of magazines in education ppt
Importance of magazines in education pptImportance of magazines in education ppt
Importance of magazines in education pptsafnarafeek2002
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17Ana-Maria Mihalceanu
 
My sample product research idea for you!
My sample product research idea for you!My sample product research idea for you!
My sample product research idea for you!KivenRaySarsaba
 
M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____Aathiraju
 

Recently uploaded (20)

"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVA
 
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
Zi-Stick UBS Dongle ZIgbee from  Aeotec manualZi-Stick UBS Dongle ZIgbee from  Aeotec manual
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
 
"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applications
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data science
 
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
 
Breaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologyBreaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI Technology
 
My self introduction to know others abut me
My self  introduction to know others abut meMy self  introduction to know others abut me
My self introduction to know others abut me
 
Artificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfArtificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdf
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1
 
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center Excellence
 
Importance of magazines in education ppt
Importance of magazines in education pptImportance of magazines in education ppt
Importance of magazines in education ppt
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
 
My sample product research idea for you!
My sample product research idea for you!My sample product research idea for you!
My sample product research idea for you!
 
M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____
 

Featured

Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...Palo Alto Software
 
9 Tips for a Work-free Vacation
9 Tips for a Work-free Vacation9 Tips for a Work-free Vacation
9 Tips for a Work-free VacationWeekdone.com
 
I Rock Therefore I Am. 20 Legendary Quotes from Prince
I Rock Therefore I Am. 20 Legendary Quotes from PrinceI Rock Therefore I Am. 20 Legendary Quotes from Prince
I Rock Therefore I Am. 20 Legendary Quotes from PrinceEmpowered Presentations
 
How to Map Your Future
How to Map Your FutureHow to Map Your Future
How to Map Your FutureSlideShop.com
 
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...AccuraCast
 
Read with Pride | LGBTQ+ Reads
Read with Pride | LGBTQ+ ReadsRead with Pride | LGBTQ+ Reads
Read with Pride | LGBTQ+ ReadsKayla Martin-Gant
 
Exploring ChatGPT for Effective Teaching and Learning.pptx
Exploring ChatGPT for Effective Teaching and Learning.pptxExploring ChatGPT for Effective Teaching and Learning.pptx
Exploring ChatGPT for Effective Teaching and Learning.pptxStan Skrabut, Ed.D.
 
How to train your robot (with Deep Reinforcement Learning)
How to train your robot (with Deep Reinforcement Learning)How to train your robot (with Deep Reinforcement Learning)
How to train your robot (with Deep Reinforcement Learning)Lucas García, PhD
 

Featured (20)

Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
 
9 Tips for a Work-free Vacation
9 Tips for a Work-free Vacation9 Tips for a Work-free Vacation
9 Tips for a Work-free Vacation
 
I Rock Therefore I Am. 20 Legendary Quotes from Prince
I Rock Therefore I Am. 20 Legendary Quotes from PrinceI Rock Therefore I Am. 20 Legendary Quotes from Prince
I Rock Therefore I Am. 20 Legendary Quotes from Prince
 
How to Map Your Future
How to Map Your FutureHow to Map Your Future
How to Map Your Future
 
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
 
Read with Pride | LGBTQ+ Reads
Read with Pride | LGBTQ+ ReadsRead with Pride | LGBTQ+ Reads
Read with Pride | LGBTQ+ Reads
 
Exploring ChatGPT for Effective Teaching and Learning.pptx
Exploring ChatGPT for Effective Teaching and Learning.pptxExploring ChatGPT for Effective Teaching and Learning.pptx
Exploring ChatGPT for Effective Teaching and Learning.pptx
 
How to train your robot (with Deep Reinforcement Learning)
How to train your robot (with Deep Reinforcement Learning)How to train your robot (with Deep Reinforcement Learning)
How to train your robot (with Deep Reinforcement Learning)
 

Phishing Email Examples and How to Identify Them

  • 1. 6 Examples of Phishing Emails And How to Identify Them Teach Your Employees What to Look for to Identify Phishing Emails
  • 2. The threat of phishing is increasing both in terms of frequency and sophistication. This trend shows no sign of slowing.
  • 3. One of the biggest challenges of phishing emails, and social engineering in general, is that technology doesn’t provide a perfect fix.
  • 4. However, there is one common denominator in all of these phishing attacks. People.
  • 5. Attackers play on trust and fear to manipulate people to take actions that put them at risk. The risk goes beyond the individual. Employee actions leave organizations vulnerable too.
  • 6. There’s a common saying that employees are the biggest threat to information security. However, employees can be taught how to recognize phishing emails to keep personal, company, and customer information safe. Untrained employees may be one of the biggest threats to information security, while well trained employees are the best and last line of defense.
  • 7. This presentation shows 6 examples of phishing emails with pictures. After the presentation, users should: 1. Identify common phishing emails 2. Simulate phishing attacks 3. Raise awareness of phishing threats
  • 8. The Lookalike Phish 1. Check the actual sender to confirm the sender is who you expect it to be. Employees can view the sender in the Amazon example above is ‘emailservice.com,’ and not Amazon. 2. Hover over links in the email to confirm they are going where you expect. Hovering over the links in this example should show Amazon.com. One common factor in most successful phishing emails is trust. If an attacker can establish trust with the recipient, the likelihood that the recipient performs a desired action increases significantly. Establishing trust is easy if the attacker can look like something the recipient already trusts. For example - Amazon. Almost everyone knows Amazon and has an account, so it’s easy to establish trust quickly with an Amazon lookalike email and trick the recipient into providing their password or confirming their credit card information. Two Best Practices to Identify Be aware that attackers are becoming more sophisticated and improving their craft. While a link may be easy to spot as being fishy, it may be cleverly disguised. For example, by replacing the ‘o’ in Amazon with a zero (Amaz0n), or a similar character, a recipient may miss the slight change.
  • 9. The Internal Request 1. Raise employee awareness of the information security policy. Employees should be aware that no one in the company will ever ask for their password. The IT department will never require a password to resolve a support ticket. 2. Call the sender to confirm the email and its intent. It’s likely that the company has an extension for each employee so you can quickly contact the sender to confirm that they sent a request for information. Similar to the lookalike, The Internal Phish relies on trust. Internal does not describe the sender, as phishing emails typically come from malicious attackers outside an organization. Rather, internal describes the ‘character’ that the attacker is playing. By playing an internal IT Manager or HR Director, an attacker can quickly gain your trust and encourage dangerous behavior. A common Internal email is a request to reset a password from the IT manager. Two Best Practices to Identify
  • 10. The Government Threat 1. Raise employee awareness of the information security policy. Employees should be aware that no one in the company will ever ask for their password. The IT department will never require a password to resolve a support ticket. 2. Call the sender to confirm the email and its intent. It’s likely that the company has an extension for each employee so you can quickly contact the sender to confirm that they sent a request for information. Government threats rely on fear rather than trust. Even if the victim is innocent, a call or email from the government increases a heart beat. Passing a police officer while driving down the highway at the speed limit still causes a break tap, two checks of the speedometer, and 3 checks in the rearview mirror - an email from the FBI or IRS will do the same. This can be extremely effective by phone as described in this article about a franchise employee sending thousands of dollars in gift cards to pay for illegal activity by the owner. It’s also effective by email. A common attack has the attacker impersonating the IRS and requesting swift action by the recipient. Two Best Practices to Identify Fear/Trust can be increases when this attack is used during tax season.
  • 11. Wire Transfer Fraud 1. Raise employee awareness of the information security policy. Employees and buyers should be aware that no one in the company will ever use a free email account. 2. Call the sender to confirm the email and wire transfer details. Creating a manual two factor authentication process will ensure the email was sent by a trusted person and the account information is correct. Note: Do not use the phone number provided in the email. Rather used a trusted phone number that’s already been used to connect with the sender. Wire Transfer Fraud is increasing in the home buying process. It’s the perfect storm in which home buyers are excited, there are multiple parties involved, deadlines, and large amounts of money being transferred. Attackers rely on trust, fear, and time constraints to successfully implement these attacks. The attacker can easily create a free email account similar to the title company or mortgage lenders name, and request that the buyer make a wire transfer to a new account immediately, or risk a delay in closing. Two Best Practices to Identify Sender: MortageLender@yahoo.com Receiver: Home Buyer Message: Hello please the escrow just emailed me that you need to send the funds via wire, They dont want to accept check due to a check check issues they just had, You will need to go to your bank to send the wire tomorrow so they can receive the funds before the closing, Please get back to me now so i can send you the wire information.
  • 12. Simulate Phishing Attacks on Employees 14 Day Free Trial
  • 13. The Spear Phishing Attack 1. Raise cybersecurity awareness with the leadership team. Training the leadership team to be aware of the increased risk and sophistication in attacks targeting their position will help them to identify these phishing emails. 2. Call the sender to confirm the email and wire transfer details. Creating a manual two factor authentication process will ensure the email was sent by a trusted person. Spear Phishing is another email that relies on trust. As opposed to a normal phishing email that is sent to many, the spear phishing email is targeted to a specific individual. Typically these attackers are looking to steal confidential information. One common spear phishing targets the CFO. Most CFO’s know that the CEO has a busy schedule, and may require funds to support their business travel. An hacker can take advantage of the CEO/CFO relationship by impersonating the CEO and requesting a wire transfer for a reasonable sum while he’s traveling out of the country. The CFO is likely to trust the request, and make the transfer. Two Best Practices to Identify Sender: CEO Receiver: CFO Message: Hi CFO. Are you busy? I’m out of the office and I need you to process a wire transfer for me today. Please send to XYZ. Thanks. Sent from my iphone
  • 14. The Spoofing Attack 1. If you are not expecting something, do not open attachments, click links or share information. 2. Call the sender to confirm the email and wire transfer details. Creating a manual two factor authentication process will ensure the email was sent by a trusted person. Spoofing is an attack in which the attacker impersonates a user or device for information or access to an account, network, etc.. Spoofing can be targeted - for example, wire fraud transfer attacks might use spoofing so that the buyer think malicious Two Best Practices to Identify wire fraud request email is actually coming from a trusted source. Spoofing attacks can be used for much wider destruction. For example, attackers targeted Gmail users with the goal of accessing the users entire email history. Their code would then spread itself to all of their contacts. The Gmail user would see a link to share a document. When they clicked the link it would take them to an actual Google page asking to give permission to the attackers fake app.
  • 15. What is Phishing? Social Engineering is an attack in which an attacker tricks a person into an action desired by the attacker. A well known type of social engineering attack is phishing. Phishing is most commonly associated with email, but can also be done through text messages and instant messages. During a phishing attack, the attacker uses one of these mediums to trick their victim into clicking on a malicious link, opening a malicious attachment, or providing sensitive information. Why Are Hackers Phishing? The goal of phishing varies from broad, shotgun attacks that widely distribute malware to targeted attacks that obtain specific information. Malicious links, attachments, and sites attempt to install malware that is meant to do some harm to you or your company. Malware often aims to collection personal information, interrupt computer operation, or gain access to a computer/network. Attackers may also be looking for very specific information/actions - for example they may perform an attack that dupes a new home buyer into wire transferring funds on the day of closing in which they know the parties involved and the date/time of closing.
  • 16. One of the biggest challenges of phishing emails, and social engineering in general, is that technology doesn’t provide a perfect fix. The common denominator in all of these attacks are people. Attackers play on trust and fear to manipulate people to take actions that put them at risk. The risk goes beyond the individual. Employee actions leave organizations vulnerable too.
  • 17. There’s a common saying that employees are the biggest threat to information security. However, employees can be taught how to recognize phishing emails to keep personal, company, and customer information safe.
  • 18. Employee Awareness Untrained employees may be one of the biggest threats to information security, while well trained employees are the best and last line of defense. Wuvavi Employee Cybersecurity provides an enterprise-grade awareness platform for small and medium sized businesses. Wuvavi makes simulating a phishing attack, training employees on best practices, and tracking completion for compliance requirements easy. Employee Cybersecurity Awareness Best Practices 1. Find a base level to assess results by running a simulated phishing attack. 2. Assign employees training to teach best practices and raise their awareness. 3. Schedule ongoing phishing simulations at least quarterly to keep cybersecurity front of mind. Wuvavi (www.wuvavi.com) is the leader in employee cybersecurity awareness for small and medium sized businesses. 14 Day Free Trial
  • 19. Make every employee an active participant in cybersecurity.