The document provides tips for email security and awareness to protect against common email scams and dangers, emphasizing the importance of strong, unique passwords and recognizing phishing attempts. It outlines various scams including lottery, advanced fee, and money mule scams, and warns against responding to suspicious emails or attachments. Additional resources and practical advice for verifying email legitimacy and securing personal information are also included.

1. {
Email Security
Awareness
Tips to protect yourself from some common email
dangers & scams

2.  The driving force is MONEY!
 Drive you to a site to sell you something
 Scams, advanced fee, lottery
 Collect personal information
 Fake AV, Scareware! Ransomware!
 Stealing login credentials
 Key loggers
 Attackers are finding ways to compromise
computer, passwords, data, accounts
 Easier to hack people then find way into company
network through perimeter defenses
Protect Yourself

3.  Password may be only line of defense for email account
 Don’t reuse passwords for all online accounts
 Compromised password could give access to multiple
accounts or sites
 Avoid common words, names, birthdays
 Use passphrase, mix upper and lower case
letters, numbers, and special characters
 Minimum 14 characters
 Never keep passwords on sticky note on monitor
 Login page using HTTPS required when using unsecure
network (public Hot Spot)
 https://www.microsoft.com/security/pc-security/password-
checker.aspx
Strong Passwords

4.  Sense of urgency! Act now, respond now, need help
 Don’t think, just click! NOW, NOW, NOW!
 Alarmist messages and threats of account closures
 Any email requesting personal information, bank
account, credit card number, access codes, etc… (Phishing)
 Spelling errors, grammatical errors
 Promises of money for little or no effort
 Work from home (money mule scams)
 Generic greeting, Dear Customer
 Request for help, related to urgency scams, emotional pull
 Sender in foreign county needs help and money
Tips to Avoid Scams

5.  Send money up front to receive prize
 Deals that sound too good to be true
 Free may have a price tag!
 Electronics, iPads, gift cards, lottery scams, inheritance
scams etc…
 Downloads and attachments
 Fake software updates
 Holiday scams, ecards (zip file attachment or links)
 May lead to unwanted software being loaded on
computer, Trojan horse program with key logger, fake
AV, bot, rootkit, etc…
 Senders email address
 Email may claim to be from BOA, but sender address is
not related to company, EX johndoe@badguysite.com
Tips to Avoid Scams

6.  Requests to donate to a charitable organization after a
disaster that has been in the news
 Shortened links, or confusing links
 Redirect to bad guys site
 Go directly to company web site if in doubt
 Chain letters
 May be collecting addresses for spammers
 Unsubscribe links, may confirm live email account
 Junk Mail in GroupWise
 Report as spam or set up filter to block future emails
(Gmail, Hotmail, Yahoo, etc…)
 Similar scams may arrive as instant
messages, Skype, Facebook posts, Twitter DMs
 Social networking is a huge target for scams
Tips to Avoid Scams

7.  No! I don’t need cheap meds!
 Not malicious
 Similar to postal junk mail
 Usually selling merchandise or advertisements
 Link to ecommerce website
 Drive customer to website selling products or offering
services
Spam

8.  The number “419” refers to the article of the Nigerian
Criminal Code dealing with fraud
 Started before email as Spanish prisoner scam
 Many variations,
 Iraqi gold, blood diamonds, inheritance or investment
scams, etc…
 Advanced fee scams
 Usually involve millions of dollars
 Assistance is needed, transfer money to you and you
earn percentage, catch is paying fees or taxes up front
 Made to believe paying fees or taxes will lead to
“bigger” prize!
Nigerian 419 Email Scams

9.  There is no big prize or reward!
 Do not respond
 Delete message
 Junkmail, report as spam
Don’t Respond

10.  URGENCY! Dire need of help!
 Receive email from friend or relative that is in foreign
county and has been robbed
 Needs money to settle bills
Robbed in London

11.  Call person, try to speak to person to verify their
location
 Never in country that email claims!
 Senders email account has been hacked or accessed by
unauthorized person
 Bad guy sending email to all contacts in address book
 Person is unaware account was hacked and “fake”
emails are being sent
 Person should change password to account
immediately
 Check for forwarding rules
 Contact ISP or email provider for assistance
Never Respond

12.  To obtain information for the purpose of fraud or
identity theft
 Account may be locked or suspended
 Have short time frame to verify
 Problem with payment or credit card
 Verify login credentials
 Email account storage limits
 URGRNCY pull is involved
Phishing

13.  Can use company logos
 Copy from web site
 Look and feel authentic
 Links do not go to actual company website
 Shortened links, bit.ly
 Redirect to bad guy site
 May sign name of actual employee with company
 Senders email address is not related to company
Phishing

14.  Phishing Video
 http://onguardonline.gov/media/video-0007-phishy-
office
Phishing

15.  More specific
 Targeted audience
 Directed at specific company, people at certain levels in
company or in certain departments
Spear Phishing

16.  The name is derived from SMS Phishing, SMS (Short
Message Service) is the technology used for text
messages on cell phones
 URGENCY!
 (Voice phISHING) it is the voice counterpart to
phishing. The caller can ask for personal information
or direct user to malicious website.
 Support call to download “fake” software update.
 Caller ID numbers and names can be spoofed.
Smishing

17. Smishing Example

18.  Never reply to an email to verify personal
information, bank account numbers, credit card
numbers, passwords, etc…
 Call bank or credit card company directly
 Verify if they sent email
 Some companies have ways to report suspected fraud
emails
Don’t Respond

19.  Microsoft and Adobe never send updates through
email
 Attachments will not update programs, but load
unwanted software
 Links will not take to you to company web site or
download attachment
 Go directly to company website
 Microsoft Updates through IE
 Check for updates in Adobe Reader
 Run PSI or Qualys Browser Check to verify updates are
available
Software Updates

20.  Work from home scams
 Make money part time, spare time
 Have computer you can make thousands of dollars
 Open bank account, bad guy deposits money, you
transfer, or with draw money and wire it to
someone, and keep percentage
 No legitimate company works like this!
Money Mule Scams

21.  Zeus Trojan bust reveals sophisticated 'money
mules' operation in U.S. (September 2010)
 https://www.computerworld.com/s/article/9189038/Ze
us_Trojan_bust_reveals_sophisticated_money_mules_
operation_in_U.S
In the News

22.  Phishing Game
 http://onguardonline.gov/media/game-0011-phishing-
scams
 Scam and Spam Game
 http://onguardonline.gov/media/game-0012-spam-
scam-slam
For Fun

23.  http://ilookbothways.com/spot-the-spam/
 http://www.microsoft.com/security/online-
privacy/phishing-symptoms.aspx
 http://onguardonline.gov/topics/avoid-scams
Additional Resources