Beware of Phishing Scams

1,024 views

Published on

The cyber threat to our Army and Nation is pervasive and most often target, human behavior through social engineering. The best mitigation measure for this risk is to increase cyber awareness by educating our Soldiers, Family Members, Government Civilians, and Contractors. HQDA has directed Army Antiterrorism Quarterly Theme Cyber Threat Awareness (2Q/FY13). For more information on Cyber Security, visit http://www.staysafeonline.org/stay-safe-online/

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,024
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
77
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Beware of Phishing Scams

  1. 1. Enterprise Center (NEC) Assurance Officer and your servicing Network http://www.us-cert.gov/reading_room/emailscams_0905.pdfReport Phishing Attacks to Your Local Information Recognizing & Avoiding Email Scams:SUSPICIOUS ACTIVITY REPORTING servicing Network Enterprise Center (NEC). your local Information Assurance Officer and • If you are using a government computer, contact just experienced. and inform them about the phishing attack you • Click the “contact us” link found on most websites account information and password. • Follow the website’s instructions to change your or “change password” link. • Sign into your account and click the “user profile” address bar. • Type the website name in your browser’s real website: • Change your password immediately at the Anti Phishing Quick Reaction Drill Phished! I think I’ve been Help! What is Phishing? Why Phishing WorksPhishing is an attempt by an individual or group tosolicit personal information from unsuspecting usersby employing social engineering techniques (i.e., • We are easily enticed —we trust knownmanipulating people into performing actions or divulging brands/logosconfidential information). Phishing emails are crafted toappear as if they were sent from a legitimate organization • Lack of user education and awarenessor known individual. These emails often attempt to attractusers to click on a link that will take the user to a fraudulent • Lack of Information Assurance knowledgewebsite that appears legitimate. The user then may be and warning indicatorsasked to provide personal information, such as accountusernames and passwords that can further expose them,their network, and their unit to future compromises.  • Visually deceptive textIn order to fully understand phishing and how it can impact • Image maskingyou and your unit, you should be aware that there aredifferent types of phishing: • Image mimicking WindowsPhishing is usually an e-mail sent to a large group ofpeople that attempts to scam the recipients. The peoplethe message is sent to often do not have anything incommon.Spear phishing is a message sent to a smaller, moreselect group of targeted people or to a single individual.Whaling or whale phishing is a highly personalizedmessage sent to senior executives, high-level officials ,ortheir personal executive staff members.
  2. 2. Enterprise Center (NEC) Assurance Officer and your servicing Network http://www.us-cert.gov/reading_room/emailscams_0905.pdfReport Phishing Attacks to Your Local Information Recognizing & Avoiding Email Scams:SUSPICIOUS ACTIVITY REPORTING servicing Network Enterprise Center (NEC). your local Information Assurance Officer and • If you are using a government computer, contact just experienced. and inform them about the phishing attack you • Click the “contact us” link found on most websites account information and password. • Follow the website’s instructions to change your or “change password” link. • Sign into your account and click the “user profile” address bar. • Type the website name in your browser’s real website: • Change your password immediately at the Anti Phishing Quick Reaction Drill Phished! I think I’ve been Help! What is Phishing? Why Phishing WorksPhishing is an attempt by an individual or group tosolicit personal information from unsuspecting usersby employing social engineering techniques (i.e., • We are easily enticed —we trust knownmanipulating people into performing actions or divulging brands/logosconfidential information). Phishing emails are crafted toappear as if they were sent from a legitimate organization • Lack of user education and awarenessor known individual. These emails often attempt to attractusers to click on a link that will take the user to a fraudulent • Lack of Information Assurance knowledgewebsite that appears legitimate. The user then may be and warning indicatorsasked to provide personal information, such as accountusernames and passwords that can further expose them,their network, and their unit to future compromises.  • Visually deceptive textIn order to fully understand phishing and how it can impact • Image maskingyou and your unit, you should be aware that there aredifferent types of phishing: • Image mimicking WindowsPhishing is usually an e-mail sent to a large group ofpeople that attempts to scam the recipients. The peoplethe message is sent to often do not have anything incommon.Spear phishing is a message sent to a smaller, moreselect group of targeted people or to a single individual.Whaling or whale phishing is a highly personalizedmessage sent to senior executives, high-level officials ,ortheir personal executive staff members.
  3. 3. Enterprise Center (NEC) Assurance Officer and your servicing Network http://www.us-cert.gov/reading_room/emailscams_0905.pdfReport Phishing Attacks to Your Local Information Recognizing & Avoiding Email Scams:SUSPICIOUS ACTIVITY REPORTING servicing Network Enterprise Center (NEC). your local Information Assurance Officer and • If you are using a government computer, contact just experienced. and inform them about the phishing attack you • Click the “contact us” link found on most websites account information and password. • Follow the website’s instructions to change your or “change password” link. • Sign into your account and click the “user profile” address bar. • Type the website name in your browser’s real website: • Change your password immediately at the Anti Phishing Quick Reaction Drill Phished! I think I’ve been Help! What is Phishing? Why Phishing WorksPhishing is an attempt by an individual or group tosolicit personal information from unsuspecting usersby employing social engineering techniques (i.e., • We are easily enticed —we trust knownmanipulating people into performing actions or divulging brands/logosconfidential information). Phishing emails are crafted toappear as if they were sent from a legitimate organization • Lack of user education and awarenessor known individual. These emails often attempt to attractusers to click on a link that will take the user to a fraudulent • Lack of Information Assurance knowledgewebsite that appears legitimate. The user then may be and warning indicatorsasked to provide personal information, such as accountusernames and passwords that can further expose them,their network, and their unit to future compromises.  • Visually deceptive textIn order to fully understand phishing and how it can impact • Image maskingyou and your unit, you should be aware that there aredifferent types of phishing: • Image mimicking WindowsPhishing is usually an e-mail sent to a large group ofpeople that attempts to scam the recipients. The peoplethe message is sent to often do not have anything incommon.Spear phishing is a message sent to a smaller, moreselect group of targeted people or to a single individual.Whaling or whale phishing is a highly personalizedmessage sent to senior executives, high-level officials ,ortheir personal executive staff members.
  4. 4. How Phishing Works User Awareness Protect Yourself and• Most phishing attempts are for identity theft, but Your Organization phishing is also being used to gain access to online banking, federal, and DoD information DO• Phishing Attacks can be geared to collect personal information such as: SSN, mother’s • Watch out for phishing maiden name, date of birth, passwords, credit card numbers, etc. • Delete suspicious emails• Phishing emails not only attempt to trick you • Contact your Information Assurance Officer into giving out sensitive information, but also or your servicing Network Enterprise Center can include malicious software (NEC) if you have questions about emails• Malicious software can be viruses and other • Report any potential incidents computer code designed to allow a hacker to use your computer for illegal Internet activity,  DO NOT or to access your unit’s network to gather DoD   information • Open suspicious emails• Malicious code may capture your keystrokes or • Click on suspicious links in emails or pop- capture your personal and work files and send up windows them to people without your knowledge • Call telephone numbers provided in suspicious emails • Disclose any information
  5. 5. How Phishing Works User Awareness Protect Yourself and• Most phishing attempts are for identity theft, but Your Organization phishing is also being used to gain access to online banking, federal, and DoD information DO• Phishing Attacks can be geared to collect personal information such as: SSN, mother’s • Watch out for phishing maiden name, date of birth, passwords, credit card numbers, etc. • Delete suspicious emails• Phishing emails not only attempt to trick you • Contact your Information Assurance Officer into giving out sensitive information, but also or your servicing Network Enterprise Center can include malicious software (NEC) if you have questions about emails• Malicious software can be viruses and other • Report any potential incidents computer code designed to allow a hacker to use your computer for illegal Internet activity,  DO NOT or to access your unit’s network to gather DoD   information • Open suspicious emails• Malicious code may capture your keystrokes or • Click on suspicious links in emails or pop- capture your personal and work files and send up windows them to people without your knowledge • Call telephone numbers provided in suspicious emails • Disclose any information
  6. 6. How Phishing Works User Awareness Protect Yourself and• Most phishing attempts are for identity theft, but Your Organization phishing is also being used to gain access to online banking, federal, and DoD information DO• Phishing Attacks can be geared to collect personal information such as: SSN, mother’s • Watch out for phishing maiden name, date of birth, passwords, credit card numbers, etc. • Delete suspicious emails• Phishing emails not only attempt to trick you • Contact your Information Assurance Officer into giving out sensitive information, but also or your servicing Network Enterprise Center can include malicious software (NEC) if you have questions about emails• Malicious software can be viruses and other • Report any potential incidents computer code designed to allow a hacker to use your computer for illegal Internet activity,  DO NOT or to access your unit’s network to gather DoD   information • Open suspicious emails• Malicious code may capture your keystrokes or • Click on suspicious links in emails or pop- capture your personal and work files and send up windows them to people without your knowledge • Call telephone numbers provided in suspicious emails • Disclose any information
  7. 7. Enterprise Center (NEC) Assurance Officer and your servicing Network http://www.us-cert.gov/reading_room/emailscams_0905.pdfReport Phishing Attacks to Your Local Information Recognizing & Avoiding Email Scams:SUSPICIOUS ACTIVITY REPORTING servicing Network Enterprise Center (NEC). your local Information Assurance Officer and • If you are using a government computer, contact just experienced. and inform them about the phishing attack you • Click the “contact us” link found on most websites account information and password. • Follow the website’s instructions to change your or “change password” link. • Sign into your account and click the “user profile” address bar. • Type the website name in your browser’s real website: • Change your password immediately at the Anti Phishing Quick Reaction Drill Phished! I think I’ve been Help! What is Phishing? Why Phishing WorksPhishing is an attempt by an individual or group tosolicit personal information from unsuspecting usersby employing social engineering techniques (i.e., • We are easily enticed —we trust knownmanipulating people into performing actions or divulging brands/logosconfidential information). Phishing emails are crafted toappear as if they were sent from a legitimate organization • Lack of user education and awarenessor known individual. These emails often attempt to attractusers to click on a link that will take the user to a fraudulent • Lack of Information Assurance knowledgewebsite that appears legitimate. The user then may be and warning indicatorsasked to provide personal information, such as accountusernames and passwords that can further expose them,their network, and their unit to future compromises.  • Visually deceptive textIn order to fully understand phishing and how it can impact • Image maskingyou and your unit, you should be aware that there aredifferent types of phishing: • Image mimicking WindowsPhishing is usually an e-mail sent to a large group ofpeople that attempts to scam the recipients. The peoplethe message is sent to often do not have anything incommon.Spear phishing is a message sent to a smaller, moreselect group of targeted people or to a single individual.Whaling or whale phishing is a highly personalizedmessage sent to senior executives, high-level officials ,ortheir personal executive staff members.

×