SlideShare a Scribd company logo

Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices

Download as PPTX, PDF
O
Oluwatobi Olowu

Senior Citizens are hot targets for hackers. A number of factors come into play. First, unlike many younger users online, they may have savings built up over their lifetimes. Physically they are susceptible to giving their personal banking information without knowing the consequences. There is a high probability of Trust and susceptibility while interacting online.

Technology
1 of 30
CYBER SECURITY ATTACK ON RETIRED PERSONNEL, MITIGATION AND BEST PRACTICES
INTRODUCTION Senior Citizens are hot targets for hackers. A number of factors come into play. First, unlike many younger users online, they may have savings built up over their lifetimes. Physically they are susceptible to giving their personal banking information without knowing the consequences. There is a high probability of Trust and susceptibility while interacting online. Perhaps older adults who haven’t spent much time online are easier to trick. Majorly, older citizens are susceptible to personal information attacks or identity theft. The information collected by attackers can include names, BVN, date of birth, as well as bank account information, Passport Numbers, NIN and so on. Attackers can use social engineering methods (Phone calls, Text messages), Rouge access devices (Free Wifi), Public Email (Yahoo, Gmail, Outlook etc) Social media Sites (Facebook, Instagram, Twitter, Tiktok, Ads etc) to get this information from unsuspecting victims.
TYPE OF ATTACKS These kinds of attack spread across various industries which include Social media, Financial systems, Pension funds and so on. Some of the methods of attacks include the following;  Social Engineering methods 1. Phishing (via Email) 2. Spear Phishing (via Emails) 3. Vishing (via Phone calls) 4. Smishing (via Text messages) 5. Pretexting (Via Text messages and Emails) 6. Baiting (Via Text messages, Social media messaging and Emails)  Rouge Free Wifi  Physical Threats  Cyber Blackmail
PHISHING ATTACKS VIA EMAIL This technique in which an attacker sends fraudulent emails, claiming to be from a reputable and trusted source. For example, an attacker might send an email that appears to come from a customer representative of your bank. They could claim to have important information about your account but require you to reply with your full name, birth date, BVN and account number first so that they can verify your identity. Scenario: Receiving a link in your email stating something potentially wrong with your bank account. When the user clicks on the link they see a similar page to login to their Internet banking. This kind of page is mostly fake, setup to harvest your bank account and password for fraudulent purposes. Ultimately, the person emailing is not a bank employee; it's a person trying to steal private data or personal information or perform a fraudulent transaction.
PHISHING This screenshot properly depicts a phishing attack to a Bank Customer. The sections marked red shows where to watch out for when this kind of mail is received.
SPEAR PHISHING VIA EMAIL This is a type of targeted email phishing. In a spear phishing attack, the attacker will have done their research and set their sights on a particular user. By looking through the target's public social media profiles and using Google to find information about them. Scenario: In this case, the attacker could create a spear phishing email that appears to come from his/her bank’s relationship officer or familiar office. This kind of attack is very specific and the victim is more likely to fall for the scam since she recognized her relationship officer as the supposed sender. The user clicks on the link and sees a similar page to their Internet Banking to fill in banking transaction details. This can also be done to confirm fraudulent transaction where the victim is not present
SPEAR PHISHING
VISHING & SMISHING Vishing short for voice phishing occurs when a fraudster attempts to trick a victim into disclosing sensitive information or giving them access to the victim's account over the telephone. Scenario: One popular Vishing scheme involves the attacker calling victims and pretending to be from their Bank. The caller ask for sensitive information like Card PAN numbers, 3 digit CVV and soft token while they try to complete fraudulent transactions with the users details online. Vishing scams like this one often target older-individuals, but anyone can fall for a Vishing scam if they are not adequately trained. Smishing short for SMS phishing is similar to and incorporates the same techniques as email phishing and Vishing, but it is done through SMS/text messaging.
VISHING & SMISHING
VISHING & SMISHING Example of Vishing & Smishing Smishing Vishing Play Audio
PRETEXTING This is a type of social engineering technique where the attacker creates a scenario where the victim feels compelled to comply under false pretenses. Typically, the attacker will impersonate someone in a powerful position to persuade the victim to follow their orders. During this type of social engineering attack, a bad actor may impersonate police officers, higher-ups within the society, Auditors, investigators or any other persona they believe will help them get the information they seek. Scenario: A vivid scenario will be an attempt from a fake CBN official asking you to fill a form online before a certain period in order to avoid your BVN being blocked. This can be done either through emails, text or phone calls.
PRETEXTING Example of Pretexting
BAITING This method puts something enticing or curious in front of the victim to lure them into the social engineering trap. This is mostly used to distribute malware on devices to steal personal information. A baiting scheme could offer a free airtime, bonus credit or gift card in an attempt to trick the user into providing credentials. This is more prevalent on social media platform, Facebook and WhatsApp. Most times baiting could originate from personal contact whom their identity has been stolen online. The attacker uses this stolen identity to trick other members on the individuals contact, spreading the
BAITING Example of Baiting attempts on WhatsApp
PHYSICAL THREAT Attackers with malicious intent are always present physically, they could be close friends, family members or strangers wanting to gain access to our information for malicious purpose. A Scenario will be an attacker shoulder surfing your Card transaction PIN over the ATM Counter, Internet Banking or Even Mobile Banking to later gain access and withdraw funds. Another scenario will be carelessly leaving physical card, Mobile devices, tokens and others for people to see and use, this could be used to perform card not present transactions and transfer.
PHYSICAL THREAT Examples of Physical Threat Shoulder Surfing Card Theft
CYBER BLACKMAIL This kind of attack Is usually done through emails. In this situation an attacker informs the victims that they have sensitive private information and would share them to the public, friends or family unless being paid a ransom fee. These information could be in a text, picture , audio or video form. If you fall a victim never send money to attackers and report the incident to the Police immediately. Also report the attacker thought the corresponding section at the social medial site or report the email address. In most case the claims of the attack could be a lie as they use fear to extort from victims without having any real information to expose.
CYBER BLACKMAIL Example of Cyber Blackmail
CYBER BLACKMAIL Example of Cyber Blackmail
HOW TO IDENTIFY VARIOUS SOCIAL ENGINEERING ATTACKS  An Email, Text or Phone call asking for immediate assistance  An Email, Text or Phone call asking you to donate to a charitable cause  An Email, Text or Phone call asking you to "verify" your information  An Email, Text or Phone call responding to a question you didn't ask
ASKING FOR IMMEDIATE ASSISTANCE Attackers will use language that instills a sense of urgency and emotional tactics on their victims to try to pressure the victim to rush into action without thinking about it. If someone asks you to make an urgent to your BVN number or bank details via a link sent to your mail, you should slow down and ensure that the transaction you'll be conducting is legitimate.
ASKING TO DONATE TO A CHARITABLE CAUSE Social engineers will exploit our generosity with phony requests for donations to charitable causes which includes payment instructions on how to send money to the hacker. By researching you on social media, a social engineer can figure out what charitable causes, disaster relief efforts, or political campaigns that you are likely to support. They will use this information to craft messages aligned with your ideals.
ASKING TO VERIFY YOUR INFORMATION Another approach social engineers will take is presenting a problem that can only be resolved by you verifying your information. Included in their message will be a link that brings you to a form to provide your information. These messages and forms can look legitimate with the right logos and branding, which can lull you into believing the sender and the message are legitimate. An example will be getting a mail from an attacker asking you to update or verify you banking information. This is mostly done through Phishing &Vishing.
RESPONDING TO A QUESTION YOU DIDN'T ASK Social engineers will pose as s customer service agent from your bank and send you a message "responding" to a request for help. Though you never sent a request for help, you might decide that since you already have a rep contacting you, this would be an opportune time to receive support for an issue you've been experiencing. Inevitably the attacker will request specific information from you to "authenticate your identity." In reality, they're just stealing your information.
RESPONDING TO A QUESTION YOU DIDN'T ASK Social engineers will pose as s customer service agent from your bank and send you a message "responding" to a request for help. Though you never sent a request for help, you might decide that since you already have a rep contacting you, this would be an opportune time to receive support for an issue you've been experiencing. Inevitably the attacker will request specific information from you to "authenticate your identity." In reality, they're just stealing your information.
PROTECTING YOURSELVES AGAINST ATTACKS Use stronger account authentication: Enact 2-factor authentication whenever possible, which requires you to both enter your username and password, and then confirm it is actually you seeking to access the account, commonly via text, phone call, or mobile app. Use stronger passwords: The longer and more complex the better. Don’t use a common password across multiple accounts. Password managers can be a good way to save and store multiple strong passwords. Be mindful of how you access your accounts: Whether you use a smartphone, laptop, desktop, or other device, make sure you are up to date with system updates and security software. Don’t access your retirement or bank accounts on public computers. Also don’t use other individuals’ device to access your banking applications. Security awareness: Subscribe to security news websites to get new trends on attacks pertaining to you. Continuous learning of ways to avert social engineers is important.
PROTECTING YOURSELVES AGAINST ATTACKS CONTD. Be skeptical, and trust your instinct: If an email or phone call looks or seems suspicious, assume it is. Don’t respond to a suspicious email that appears to be from your plan administrator. Instead, call them directly to confirm whether the email is legitimate. Be mindful of what you share online: The more personal information you share online, the more likely that information can be used in attempts to gain access to your accounts. Avoid sharing too much information (Date of birth, Pet Names, Street Address etc) and sensitive information on Facebook, Twitter and Instagram. Use security software: Install security software on your devices from a reliable source and keep it updated. It is best to run the anti-virus and anti- spyware software regularly. Be wary of security updates from pop-up ads or emails. They may actually be malware that could infect your computer. Be mindful how you handle Payment and Devices: Do not share your Card PIN with anyone, do not leave your card hanging around, always cover the PIN Pad when inputing your Card PIN in public ATMS
PROTECTING YOURSELVES AGAINST ATTACKS CONTD. Avoid Rouge (Free Wifi): Attacker can set a free hotspot to monitor connection of people that connect to it. Always avoid connecting to Free Wifi in public places
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices

Recommended

Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
123.pptx
123.pptx123.pptx
123.pptxashokkumar860094
 
Cyber Crime Identity Theft
Cyber Crime Identity Theft Cyber Crime Identity Theft
Cyber Crime Identity Theft Rahmat Inggi
 
Unit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxUnit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxssuserb73103
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Okan YILDIZ
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
cot-2022.pptx
cot-2022.pptxcot-2022.pptx
cot-2022.pptxangelosoriano12
 
cybercrime_presentation - Copy.ppt
cybercrime_presentation - Copy.pptcybercrime_presentation - Copy.ppt
cybercrime_presentation - Copy.pptbcanawakadalcollege
 

Recommended

Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
123.pptx
123.pptx123.pptx
123.pptxashokkumar860094
 
Cyber Crime Identity Theft
Cyber Crime Identity Theft Cyber Crime Identity Theft
Cyber Crime Identity Theft Rahmat Inggi
 
Unit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxUnit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxssuserb73103
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Okan YILDIZ
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
cot-2022.pptx
cot-2022.pptxcot-2022.pptx
cot-2022.pptxangelosoriano12
 
cybercrime_presentation - Copy.ppt
cybercrime_presentation - Copy.pptcybercrime_presentation - Copy.ppt
cybercrime_presentation - Copy.pptbcanawakadalcollege
 
Fraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsFraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsShred Station
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Thefthewie
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringVinay Bhargav
 
Cyber crime
Cyber crime Cyber crime
Cyber crime srishtig993
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
Identity Theft: How to Avoid It
Identity Theft: How to Avoid ItIdentity Theft: How to Avoid It
Identity Theft: How to Avoid Ithewie
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Internet Fraud
Internet FraudInternet Fraud
Internet FraudVasundhara Singh Gautam
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology- Mark - Fullbright
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Phish Phry- Analysis paper
Phish Phry- Analysis paper Phish Phry- Analysis paper
Phish Phry- Analysis paper Joydeep Banerjee
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxErrorError22
 
Identity Privacy 101 - Quicken Loans Zing Blog
Identity Privacy 101 - Quicken Loans Zing BlogIdentity Privacy 101 - Quicken Loans Zing Blog
Identity Privacy 101 - Quicken Loans Zing BlogQuicken Loans Zing Blog
 
Abusing the Internet of Things.pdf
Abusing the Internet of Things.pdfAbusing the Internet of Things.pdf
Abusing the Internet of Things.pdfM. R.
 
Phishing
PhishingPhishing
PhishingSyeda Javeria
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2Conf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

More Related Content

Similar to Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices

Fraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsFraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsShred Station
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Thefthewie
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
Identity Theft: How to Avoid It
Identity Theft: How to Avoid ItIdentity Theft: How to Avoid It
Identity Theft: How to Avoid Ithewie
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology- Mark - Fullbright
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Phish Phry- Analysis paper
Phish Phry- Analysis paper Phish Phry- Analysis paper
Phish Phry- Analysis paper Joydeep Banerjee
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxErrorError22
 
Identity Privacy 101 - Quicken Loans Zing Blog
Identity Privacy 101 - Quicken Loans Zing BlogIdentity Privacy 101 - Quicken Loans Zing Blog
Identity Privacy 101 - Quicken Loans Zing BlogQuicken Loans Zing Blog
 
Abusing the Internet of Things.pdf
Abusing the Internet of Things.pdfAbusing the Internet of Things.pdf
Abusing the Internet of Things.pdfM. R.
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2Conf
 

Similar to Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices (20)

Fraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsFraud Awareness Guide for Individuals
Fraud Awareness Guide for Individuals
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Theft
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
 
Identity Theft: How to Avoid It
Identity Theft: How to Avoid ItIdentity Theft: How to Avoid It
Identity Theft: How to Avoid It
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
Phishing
PhishingPhishing
Phishing
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Phish Phry- Analysis paper
Phish Phry- Analysis paper Phish Phry- Analysis paper
Phish Phry- Analysis paper
 
phishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptxphishing-awareness-powerpoint [Autosaved].pptx
phishing-awareness-powerpoint [Autosaved].pptx
 
Identity Privacy 101 - Quicken Loans Zing Blog
Identity Privacy 101 - Quicken Loans Zing BlogIdentity Privacy 101 - Quicken Loans Zing Blog
Identity Privacy 101 - Quicken Loans Zing Blog
 
Abusing the Internet of Things.pdf
Abusing the Internet of Things.pdfAbusing the Internet of Things.pdf
Abusing the Internet of Things.pdf
 
Phishing
PhishingPhishing
Phishing
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices

  • 1. CYBER SECURITY ATTACK ON RETIRED PERSONNEL, MITIGATION AND BEST PRACTICES
  • 2. INTRODUCTION Senior Citizens are hot targets for hackers. A number of factors come into play. First, unlike many younger users online, they may have savings built up over their lifetimes. Physically they are susceptible to giving their personal banking information without knowing the consequences. There is a high probability of Trust and susceptibility while interacting online. Perhaps older adults who haven’t spent much time online are easier to trick. Majorly, older citizens are susceptible to personal information attacks or identity theft. The information collected by attackers can include names, BVN, date of birth, as well as bank account information, Passport Numbers, NIN and so on. Attackers can use social engineering methods (Phone calls, Text messages), Rouge access devices (Free Wifi), Public Email (Yahoo, Gmail, Outlook etc) Social media Sites (Facebook, Instagram, Twitter, Tiktok, Ads etc) to get this information from unsuspecting victims.
  • 3. TYPE OF ATTACKS These kinds of attack spread across various industries which include Social media, Financial systems, Pension funds and so on. Some of the methods of attacks include the following;  Social Engineering methods 1. Phishing (via Email) 2. Spear Phishing (via Emails) 3. Vishing (via Phone calls) 4. Smishing (via Text messages) 5. Pretexting (Via Text messages and Emails) 6. Baiting (Via Text messages, Social media messaging and Emails)  Rouge Free Wifi  Physical Threats  Cyber Blackmail
  • 4. PHISHING ATTACKS VIA EMAIL This technique in which an attacker sends fraudulent emails, claiming to be from a reputable and trusted source. For example, an attacker might send an email that appears to come from a customer representative of your bank. They could claim to have important information about your account but require you to reply with your full name, birth date, BVN and account number first so that they can verify your identity. Scenario: Receiving a link in your email stating something potentially wrong with your bank account. When the user clicks on the link they see a similar page to login to their Internet banking. This kind of page is mostly fake, setup to harvest your bank account and password for fraudulent purposes. Ultimately, the person emailing is not a bank employee; it's a person trying to steal private data or personal information or perform a fraudulent transaction.
  • 5. PHISHING This screenshot properly depicts a phishing attack to a Bank Customer. The sections marked red shows where to watch out for when this kind of mail is received.
  • 6. SPEAR PHISHING VIA EMAIL This is a type of targeted email phishing. In a spear phishing attack, the attacker will have done their research and set their sights on a particular user. By looking through the target's public social media profiles and using Google to find information about them. Scenario: In this case, the attacker could create a spear phishing email that appears to come from his/her bank’s relationship officer or familiar office. This kind of attack is very specific and the victim is more likely to fall for the scam since she recognized her relationship officer as the supposed sender. The user clicks on the link and sees a similar page to their Internet Banking to fill in banking transaction details. This can also be done to confirm fraudulent transaction where the victim is not present
  • 8. VISHING & SMISHING Vishing short for voice phishing occurs when a fraudster attempts to trick a victim into disclosing sensitive information or giving them access to the victim's account over the telephone. Scenario: One popular Vishing scheme involves the attacker calling victims and pretending to be from their Bank. The caller ask for sensitive information like Card PAN numbers, 3 digit CVV and soft token while they try to complete fraudulent transactions with the users details online. Vishing scams like this one often target older-individuals, but anyone can fall for a Vishing scam if they are not adequately trained. Smishing short for SMS phishing is similar to and incorporates the same techniques as email phishing and Vishing, but it is done through SMS/text messaging.
  • 10. VISHING & SMISHING Example of Vishing & Smishing Smishing Vishing Play Audio
  • 11. PRETEXTING This is a type of social engineering technique where the attacker creates a scenario where the victim feels compelled to comply under false pretenses. Typically, the attacker will impersonate someone in a powerful position to persuade the victim to follow their orders. During this type of social engineering attack, a bad actor may impersonate police officers, higher-ups within the society, Auditors, investigators or any other persona they believe will help them get the information they seek. Scenario: A vivid scenario will be an attempt from a fake CBN official asking you to fill a form online before a certain period in order to avoid your BVN being blocked. This can be done either through emails, text or phone calls.
  • 13. BAITING This method puts something enticing or curious in front of the victim to lure them into the social engineering trap. This is mostly used to distribute malware on devices to steal personal information. A baiting scheme could offer a free airtime, bonus credit or gift card in an attempt to trick the user into providing credentials. This is more prevalent on social media platform, Facebook and WhatsApp. Most times baiting could originate from personal contact whom their identity has been stolen online. The attacker uses this stolen identity to trick other members on the individuals contact, spreading the
  • 14. BAITING Example of Baiting attempts on WhatsApp
  • 15. PHYSICAL THREAT Attackers with malicious intent are always present physically, they could be close friends, family members or strangers wanting to gain access to our information for malicious purpose. A Scenario will be an attacker shoulder surfing your Card transaction PIN over the ATM Counter, Internet Banking or Even Mobile Banking to later gain access and withdraw funds. Another scenario will be carelessly leaving physical card, Mobile devices, tokens and others for people to see and use, this could be used to perform card not present transactions and transfer.
  • 16. PHYSICAL THREAT Examples of Physical Threat Shoulder Surfing Card Theft
  • 17. CYBER BLACKMAIL This kind of attack Is usually done through emails. In this situation an attacker informs the victims that they have sensitive private information and would share them to the public, friends or family unless being paid a ransom fee. These information could be in a text, picture , audio or video form. If you fall a victim never send money to attackers and report the incident to the Police immediately. Also report the attacker thought the corresponding section at the social medial site or report the email address. In most case the claims of the attack could be a lie as they use fear to extort from victims without having any real information to expose.
  • 18. CYBER BLACKMAIL Example of Cyber Blackmail
  • 19. CYBER BLACKMAIL Example of Cyber Blackmail
  • 20. HOW TO IDENTIFY VARIOUS SOCIAL ENGINEERING ATTACKS  An Email, Text or Phone call asking for immediate assistance  An Email, Text or Phone call asking you to donate to a charitable cause  An Email, Text or Phone call asking you to "verify" your information  An Email, Text or Phone call responding to a question you didn't ask
  • 21. ASKING FOR IMMEDIATE ASSISTANCE Attackers will use language that instills a sense of urgency and emotional tactics on their victims to try to pressure the victim to rush into action without thinking about it. If someone asks you to make an urgent to your BVN number or bank details via a link sent to your mail, you should slow down and ensure that the transaction you'll be conducting is legitimate.
  • 22. ASKING TO DONATE TO A CHARITABLE CAUSE Social engineers will exploit our generosity with phony requests for donations to charitable causes which includes payment instructions on how to send money to the hacker. By researching you on social media, a social engineer can figure out what charitable causes, disaster relief efforts, or political campaigns that you are likely to support. They will use this information to craft messages aligned with your ideals.
  • 23. ASKING TO VERIFY YOUR INFORMATION Another approach social engineers will take is presenting a problem that can only be resolved by you verifying your information. Included in their message will be a link that brings you to a form to provide your information. These messages and forms can look legitimate with the right logos and branding, which can lull you into believing the sender and the message are legitimate. An example will be getting a mail from an attacker asking you to update or verify you banking information. This is mostly done through Phishing &Vishing.
  • 24. RESPONDING TO A QUESTION YOU DIDN'T ASK Social engineers will pose as s customer service agent from your bank and send you a message "responding" to a request for help. Though you never sent a request for help, you might decide that since you already have a rep contacting you, this would be an opportune time to receive support for an issue you've been experiencing. Inevitably the attacker will request specific information from you to "authenticate your identity." In reality, they're just stealing your information.
  • 25. RESPONDING TO A QUESTION YOU DIDN'T ASK Social engineers will pose as s customer service agent from your bank and send you a message "responding" to a request for help. Though you never sent a request for help, you might decide that since you already have a rep contacting you, this would be an opportune time to receive support for an issue you've been experiencing. Inevitably the attacker will request specific information from you to "authenticate your identity." In reality, they're just stealing your information.
  • 26. PROTECTING YOURSELVES AGAINST ATTACKS Use stronger account authentication: Enact 2-factor authentication whenever possible, which requires you to both enter your username and password, and then confirm it is actually you seeking to access the account, commonly via text, phone call, or mobile app. Use stronger passwords: The longer and more complex the better. Don’t use a common password across multiple accounts. Password managers can be a good way to save and store multiple strong passwords. Be mindful of how you access your accounts: Whether you use a smartphone, laptop, desktop, or other device, make sure you are up to date with system updates and security software. Don’t access your retirement or bank accounts on public computers. Also don’t use other individuals’ device to access your banking applications. Security awareness: Subscribe to security news websites to get new trends on attacks pertaining to you. Continuous learning of ways to avert social engineers is important.
  • 27. PROTECTING YOURSELVES AGAINST ATTACKS CONTD. Be skeptical, and trust your instinct: If an email or phone call looks or seems suspicious, assume it is. Don’t respond to a suspicious email that appears to be from your plan administrator. Instead, call them directly to confirm whether the email is legitimate. Be mindful of what you share online: The more personal information you share online, the more likely that information can be used in attempts to gain access to your accounts. Avoid sharing too much information (Date of birth, Pet Names, Street Address etc) and sensitive information on Facebook, Twitter and Instagram. Use security software: Install security software on your devices from a reliable source and keep it updated. It is best to run the anti-virus and anti- spyware software regularly. Be wary of security updates from pop-up ads or emails. They may actually be malware that could infect your computer. Be mindful how you handle Payment and Devices: Do not share your Card PIN with anyone, do not leave your card hanging around, always cover the PIN Pad when inputing your Card PIN in public ATMS
  • 28. PROTECTING YOURSELVES AGAINST ATTACKS CONTD. Avoid Rouge (Free Wifi): Attacker can set a free hotspot to monitor connection of people that connect to it. Always avoid connecting to Free Wifi in public places