SlideShare a Scribd company logo

Spear phishing attacks

A tutorial to prevent and resolve a spear phishing attack to a journalist at risk.

1 of 6
Download to read offline
How to prevent
spear phishing attacks
Jorge Luis Sierra
Knight International Journalism Fellow
What is a spear phishing attack?
  Spear phishing is a type of cyberattack carefully crafted to
deceive a person and steal online personal information.
  Spear phishing attacks tend to be personalized with features
that tempt journalists to click on a link or open a document
that, in fact, are malicious programs.
  Journalists can lose not only private information, but also
contact lists, research plans, confidential documents, names
and contact information of sensitive sources.
Preventative steps
  Always keep your computer
and mobile devices updated.
  Install robust antivirus
software. You can use Avira,
Clam AV, Immunet, Avast,
Symantec, AVG or
Kaspersky. Other tools are:
Spybot and Prozen software.
  Do a diligence process
before before clicking any
link or opening any file.
  Use your common sense to
identify a smear phishing
attack: look for misspellings,
fake email addresses, any
signal of something weird in
the message.
  Avoid plugging in your
devices to charge batteries in
unreliable offices.
Preventive steps
  Avoid using WiFi networks
controlled by non reliable
people.
  Use your own mobile
hotspots or mobile modems
to connect to the internet or
to send data.
  Always use several layers of
encryption to share sensitive
information.
  You can use
PGP for Mac OSXor
Windows.
Add a password to open and
change your documents.
  Always use email services
that offer end-to-end
encryption.
  Lear how to avoid phishing
attacks here and here.
What if your device is infected?
  Keep a copy of the infecting
message and send a copy to
the Citizen Lab of the
University of Toronto.
  Check information logs and
analyze all traffic to the
attacker’s IP.
  Update your antivirus
program and run a full scan.
  Back up your information,
encrypt it and store it in a
safe place.
  Reformat your computer to
erase any trace of malware.
  Alert your network of this
attack and change
vulnerable practices.
  Use Windows appropriately,
change to a Mac computer
or try Linux.
Jorge Luis Sierra
jsierra@icfj.org
@latinointx
2016

Recommended

More Related Content

What's hot

Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018jubke
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 

What's hot (20)

Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Phishing
PhishingPhishing
Phishing
 
Phishing and prevention
Phishing and preventionPhishing and prevention
Phishing and prevention
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing
PhishingPhishing
Phishing
 

Similar to Spear phishing attacks

Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
SAMPLE ATTACKS PRESENTATION.pdf
SAMPLE ATTACKS PRESENTATION.pdfSAMPLE ATTACKS PRESENTATION.pdf
SAMPLE ATTACKS PRESENTATION.pdfssusera0b94b
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awarenessKanishk Raj
 
cyber safety.pdf
cyber safety.pdfcyber safety.pdf
cyber safety.pdfMILANOP1
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
Amenazas Informática
Amenazas InformáticaAmenazas Informática
Amenazas InformáticaDani Díaz
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptxTapan Khilar
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catchiYogi
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptxTapan Khilar
 
Security Awareness 9 10 09 V4 Viruses
Security Awareness 9 10 09 V4 VirusesSecurity Awareness 9 10 09 V4 Viruses
Security Awareness 9 10 09 V4 VirusesCatherine MacAllister
 
Cybersecurity awareness session.pptx
Cybersecurity awareness session.pptxCybersecurity awareness session.pptx
Cybersecurity awareness session.pptxUmaraZahidLecturer
 
Security Awareness 9 10 09 V4 Virus Trojan
Security Awareness 9 10 09 V4 Virus TrojanSecurity Awareness 9 10 09 V4 Virus Trojan
Security Awareness 9 10 09 V4 Virus TrojanMegan Bell
 
Internet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwalInternet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwalVaishnaviKhandelwal6
 
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxCYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxDhruvsinhbhati
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfSoo Chin Hock
 

Similar to Spear phishing attacks (20)

Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
SAMPLE ATTACKS PRESENTATION.pdf
SAMPLE ATTACKS PRESENTATION.pdfSAMPLE ATTACKS PRESENTATION.pdf
SAMPLE ATTACKS PRESENTATION.pdf
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awareness
 
cyber safety.pdf
cyber safety.pdfcyber safety.pdf
cyber safety.pdf
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Amenazas Informática
Amenazas InformáticaAmenazas Informática
Amenazas Informática
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
security issues
security issuessecurity issues
security issues
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
Security Awareness 9 10 09 V4 Viruses
Security Awareness 9 10 09 V4 VirusesSecurity Awareness 9 10 09 V4 Viruses
Security Awareness 9 10 09 V4 Viruses
 
Cybersecurity awareness session.pptx
Cybersecurity awareness session.pptxCybersecurity awareness session.pptx
Cybersecurity awareness session.pptx
 
Security Awareness 9 10 09 V4 Virus Trojan
Security Awareness 9 10 09 V4 Virus TrojanSecurity Awareness 9 10 09 V4 Virus Trojan
Security Awareness 9 10 09 V4 Virus Trojan
 
Internet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwalInternet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwal
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxCYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
 

More from Jorge Luis Sierra

Manual para pgp con gpg suite para computadoras mac y mailvelope para chrome
Manual para pgp con gpg suite para computadoras mac y mailvelope para chromeManual para pgp con gpg suite para computadoras mac y mailvelope para chrome
Manual para pgp con gpg suite para computadoras mac y mailvelope para chromeJorge Luis Sierra
 
Manual con pantallas para pgp con kleopatra y mailvelope version 1.0
Manual con pantallas para pgp con kleopatra y mailvelope version 1.0Manual con pantallas para pgp con kleopatra y mailvelope version 1.0
Manual con pantallas para pgp con kleopatra y mailvelope version 1.0Jorge Luis Sierra
 
Manual de seguridad digital y móvil
Manual de seguridad digital y móvilManual de seguridad digital y móvil
Manual de seguridad digital y móvilJorge Luis Sierra
 
Cómo encriptar tu celular Android
Cómo encriptar tu celular AndroidCómo encriptar tu celular Android
Cómo encriptar tu celular AndroidJorge Luis Sierra
 
Caja de herramientas de seguridad digital
Caja de herramientas de seguridad digitalCaja de herramientas de seguridad digital
Caja de herramientas de seguridad digitalJorge Luis Sierra
 
Protege tu comunicación digital
Protege tu comunicación digitalProtege tu comunicación digital
Protege tu comunicación digitalJorge Luis Sierra
 
Bulletproofing digital newsrooms
Bulletproofing digital newsroomsBulletproofing digital newsrooms
Bulletproofing digital newsroomsJorge Luis Sierra
 
Evaluación de Riesgos para Periodistas en Guerrero
Evaluación de Riesgos para Periodistas en GuerreroEvaluación de Riesgos para Periodistas en Guerrero
Evaluación de Riesgos para Periodistas en GuerreroJorge Luis Sierra
 
Evaluación de Riesgos para Periodistas en Veracruz
Evaluación de Riesgos para Periodistas en VeracruzEvaluación de Riesgos para Periodistas en Veracruz
Evaluación de Riesgos para Periodistas en VeracruzJorge Luis Sierra
 
Policías y agresores de civil agreden a periodistas de Veracruz
Policías y agresores de civil agreden a periodistas de VeracruzPolicías y agresores de civil agreden a periodistas de Veracruz
Policías y agresores de civil agreden a periodistas de VeracruzJorge Luis Sierra
 
Protege tus comunicaciones con Jitsi meet
Protege tus comunicaciones con Jitsi meet Protege tus comunicaciones con Jitsi meet
Protege tus comunicaciones con Jitsi meet Jorge Luis Sierra
 
Cómo encriptar tu computadora con FileVault
Cómo encriptar tu computadora con FileVaultCómo encriptar tu computadora con FileVault
Cómo encriptar tu computadora con FileVaultJorge Luis Sierra
 
Cómo abrir una cuenta de hushmail
Cómo abrir una cuenta de hushmailCómo abrir una cuenta de hushmail
Cómo abrir una cuenta de hushmailJorge Luis Sierra
 
Protección de la privacidad y navegación anónima en internet
Protección de la privacidad y navegación anónima en internetProtección de la privacidad y navegación anónima en internet
Protección de la privacidad y navegación anónima en internetJorge Luis Sierra
 
Protección de equipos, documentos y contraseñas
Protección de equipos, documentos y contraseñasProtección de equipos, documentos y contraseñas
Protección de equipos, documentos y contraseñasJorge Luis Sierra
 

More from Jorge Luis Sierra (20)

Manual para pgp con gpg suite para computadoras mac y mailvelope para chrome
Manual para pgp con gpg suite para computadoras mac y mailvelope para chromeManual para pgp con gpg suite para computadoras mac y mailvelope para chrome
Manual para pgp con gpg suite para computadoras mac y mailvelope para chrome
 
Manual con pantallas para pgp con kleopatra y mailvelope version 1.0
Manual con pantallas para pgp con kleopatra y mailvelope version 1.0Manual con pantallas para pgp con kleopatra y mailvelope version 1.0
Manual con pantallas para pgp con kleopatra y mailvelope version 1.0
 
Manual de seguridad digital y móvil
Manual de seguridad digital y móvilManual de seguridad digital y móvil
Manual de seguridad digital y móvil
 
Cómo encriptar tu celular Android
Cómo encriptar tu celular AndroidCómo encriptar tu celular Android
Cómo encriptar tu celular Android
 
Caja de herramientas de seguridad digital
Caja de herramientas de seguridad digitalCaja de herramientas de seguridad digital
Caja de herramientas de seguridad digital
 
Protege tu comunicación digital
Protege tu comunicación digitalProtege tu comunicación digital
Protege tu comunicación digital
 
How to use anonymox
How to use anonymoxHow to use anonymox
How to use anonymox
 
Bulletproofing digital newsrooms
Bulletproofing digital newsroomsBulletproofing digital newsrooms
Bulletproofing digital newsrooms
 
Evaluación de Riesgos para Periodistas en Guerrero
Evaluación de Riesgos para Periodistas en GuerreroEvaluación de Riesgos para Periodistas en Guerrero
Evaluación de Riesgos para Periodistas en Guerrero
 
Evaluación de Riesgos para Periodistas en Veracruz
Evaluación de Riesgos para Periodistas en VeracruzEvaluación de Riesgos para Periodistas en Veracruz
Evaluación de Riesgos para Periodistas en Veracruz
 
Policías y agresores de civil agreden a periodistas de Veracruz
Policías y agresores de civil agreden a periodistas de VeracruzPolicías y agresores de civil agreden a periodistas de Veracruz
Policías y agresores de civil agreden a periodistas de Veracruz
 
Protege tus comunicaciones con Jitsi meet
Protege tus comunicaciones con Jitsi meet Protege tus comunicaciones con Jitsi meet
Protege tus comunicaciones con Jitsi meet
 
Cómo usar peerio
Cómo usar peerioCómo usar peerio
Cómo usar peerio
 
Cómo encriptar tu computadora con FileVault
Cómo encriptar tu computadora con FileVaultCómo encriptar tu computadora con FileVault
Cómo encriptar tu computadora con FileVault
 
Jitsi meet
Jitsi meetJitsi meet
Jitsi meet
 
Cómo abrir una cuenta de hushmail
Cómo abrir una cuenta de hushmailCómo abrir una cuenta de hushmail
Cómo abrir una cuenta de hushmail
 
Cómo encriptar emails
Cómo encriptar emailsCómo encriptar emails
Cómo encriptar emails
 
Protección de la privacidad y navegación anónima en internet
Protección de la privacidad y navegación anónima en internetProtección de la privacidad y navegación anónima en internet
Protección de la privacidad y navegación anónima en internet
 
Protege tu móvil
Protege tu móvilProtege tu móvil
Protege tu móvil
 
Protección de equipos, documentos y contraseñas
Protección de equipos, documentos y contraseñasProtección de equipos, documentos y contraseñas
Protección de equipos, documentos y contraseñas
 

Spear phishing attacks

  • 1. How to prevent spear phishing attacks Jorge Luis Sierra Knight International Journalism Fellow
  • 2. What is a spear phishing attack?   Spear phishing is a type of cyberattack carefully crafted to deceive a person and steal online personal information.   Spear phishing attacks tend to be personalized with features that tempt journalists to click on a link or open a document that, in fact, are malicious programs.   Journalists can lose not only private information, but also contact lists, research plans, confidential documents, names and contact information of sensitive sources.
  • 3. Preventative steps   Always keep your computer and mobile devices updated.   Install robust antivirus software. You can use Avira, Clam AV, Immunet, Avast, Symantec, AVG or Kaspersky. Other tools are: Spybot and Prozen software.   Do a diligence process before before clicking any link or opening any file.   Use your common sense to identify a smear phishing attack: look for misspellings, fake email addresses, any signal of something weird in the message.   Avoid plugging in your devices to charge batteries in unreliable offices.
  • 4. Preventive steps   Avoid using WiFi networks controlled by non reliable people.   Use your own mobile hotspots or mobile modems to connect to the internet or to send data.   Always use several layers of encryption to share sensitive information.   You can use PGP for Mac OSXor Windows. Add a password to open and change your documents.   Always use email services that offer end-to-end encryption.   Lear how to avoid phishing attacks here and here.
  • 5. What if your device is infected?   Keep a copy of the infecting message and send a copy to the Citizen Lab of the University of Toronto.   Check information logs and analyze all traffic to the attacker’s IP.   Update your antivirus program and run a full scan.   Back up your information, encrypt it and store it in a safe place.   Reformat your computer to erase any trace of malware.   Alert your network of this attack and change vulnerable practices.   Use Windows appropriately, change to a Mac computer or try Linux.