Phishing awareness


Published on

Slideshare that can be use as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.

Published in: Education

Phishing awareness

  1. 1. Phishing Awareness
  2. 2. What is Phishing?
  3. 3. Phishing Is A Fake Email The long definition is that phishing is the act of attempting to acquire information such as usernames and passwords by masquerading as a trustworthy entity in an electronic communication.
  4. 4. Is Phishing A Threat?
  5. 5. 29% of security breaches involve social tactics, such as phishing
  6. 6. Source: 2013 Verizon Data Breach Investigations Report 71% Phishing Is The Most Used Social Tactic
  7. 7. 91% of targeted attacks use spear-phishing emails. Spear-Phishing is when detailed information about the recipient, company or others is used to make the email look more credible.
  8. 8. And It’s Getting Worse
  9. 9. The total number of phishing attacks increased 59 percent from 2011 to 2012
  10. 10. In 2012-2013, 37.3 million users worldwide were subjected to phishing.
  11. 11. Phishing In The News
  12. 12. A single victim of a phishing attack can impact on millions.
  13. 13. The attack on the AP Twitter Account ha a serious impact on the stock market.
  14. 14. Impact of the attack on the stock market
  15. 15. No Company Is Immune! Even security companies can fall victim.
  16. 16. What Can You Do?
  17. 17. 1. Know the signs of a phishing attack 2. Report phishing attacks
  18. 18. 1. Generic greeting 2. Invokes fear 1 2 3. Requires action 3 4. Threating language 4 5 5. Grammar Issues Common Phishing Traits 6. Generic Closing 6
  19. 19. DO hover over links verify its location DO NOT click on unknown links DO report the suspected attack DO NOT reply to suspicious requests 4 What To Do
  20. 20. There’s More: DO NOT rely on the “from” and “reply to” email addresses as these can be faked BE SUSPICIOUS of unsolicited attachments CONFIRM information out of band. That is, contact the sender on a known line, email, website, or other method. DO NOT use information in the email.
  21. 21. Phishing attacks are only limited to the creativity of the attacker. When In Doubt, Ask Your Security Office. DO NOT CLICK, RESPOND, OR DOWNLOAD!