7
SUSPICIOUS ACTIVITY REPORTING Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network Enterprise Center (NEC)

Beware of Phishing Scams

Embed Size (px)

DESCRIPTION

The cyber threat to our Army and Nation is pervasive and most often target, human behavior through social engineering. The best mitigation measure for this risk is to increase cyber awareness by educating our Soldiers, Family Members, Government Civilians, and Contractors. HQDA has directed Army Antiterrorism Quarterly Theme Cyber Threat Awareness (2Q/FY13). For more information on Cyber Security, visit http://www.staysafeonline.org/stay-safe-online/

Citation preview

Page 1: Beware of Phishing Scams

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

•Weareeasilyenticed—wetrustknownbrands/logos

•Lackofusereducationandawareness

•LackofInformationAssuranceknowledgeandwarningindicators

•Visuallydeceptivetext

•Imagemasking

•ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

• Changeyourpasswordimmediatelyattherealwebsite:

• Typethewebsitenameinyourbrowser’saddressbar.

• Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

• Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

• Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

• Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)

Page 2: Beware of Phishing Scams

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

• Weareeasilyenticed—wetrustknownbrands/logos

• Lackofusereducationandawareness

• LackofInformationAssuranceknowledgeandwarningindicators

• Visuallydeceptivetext

• Imagemasking

• ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

•Changeyourpasswordimmediatelyattherealwebsite:

•Typethewebsitenameinyourbrowser’saddressbar.

•Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

•Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

•Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

•Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)

Page 3: Beware of Phishing Scams

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

• Weareeasilyenticed—wetrustknownbrands/logos

• Lackofusereducationandawareness

• LackofInformationAssuranceknowledgeandwarningindicators

• Visuallydeceptivetext

• Imagemasking

• ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

•Changeyourpasswordimmediatelyattherealwebsite:

•Typethewebsitenameinyourbrowser’saddressbar.

•Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

•Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

•Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

•Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)

Page 4: Beware of Phishing Scams

User Awareness•Mostphishingattemptsareforidentitytheft,butphishingisalsobeingusedtogainaccesstoonlinebanking,federal,andDoDinformation

• PhishingAttackscanbegearedtocollectpersonalinformationsuchas:SSN,mother’smaidenname,dateofbirth,passwords,creditcardnumbers,etc.

• Phishingemailsnotonlyattempttotrickyouintogivingoutsensitiveinformation,butalsocanincludemalicioussoftware

•MalicioussoftwarecanbevirusesandothercomputercodedesignedtoallowahackertouseyourcomputerforillegalInternetactivity,ortoaccessyourunit’snetworktogatherDoDinformation

•Maliciouscodemaycaptureyourkeystrokesorcaptureyourpersonalandworkfilesandsendthemtopeoplewithoutyourknowledge

How Phishing Works

Protect Yourself and Your Organization

DO

• Watchoutforphishing

• Deletesuspiciousemails

• ContactyourInformationAssuranceOfficeroryourservicingNetworkEnterpriseCenter(NEC)ifyouhavequestionsaboutemails

• Reportanypotentialincidents

DO NOT • Opensuspiciousemails

• Clickonsuspiciouslinksinemailsorpop-upwindows

• Calltelephonenumbersprovidedinsuspiciousemails

• Discloseanyinformation

Page 5: Beware of Phishing Scams

User Awareness•Mostphishingattemptsareforidentitytheft,butphishingisalsobeingusedtogainaccesstoonlinebanking,federal,andDoDinformation

• PhishingAttackscanbegearedtocollectpersonalinformationsuchas:SSN,mother’smaidenname,dateofbirth,passwords,creditcardnumbers,etc.

• Phishingemailsnotonlyattempttotrickyouintogivingoutsensitiveinformation,butalsocanincludemalicioussoftware

•MalicioussoftwarecanbevirusesandothercomputercodedesignedtoallowahackertouseyourcomputerforillegalInternetactivity,ortoaccessyourunit’snetworktogatherDoDinformation

•Maliciouscodemaycaptureyourkeystrokesorcaptureyourpersonalandworkfilesandsendthemtopeoplewithoutyourknowledge

How Phishing Works

Protect Yourself and Your Organization

DO

• Watchoutforphishing

• Deletesuspiciousemails

• ContactyourInformationAssuranceOfficeroryourservicingNetworkEnterpriseCenter(NEC)ifyouhavequestionsaboutemails

• Reportanypotentialincidents

DO NOT • Opensuspiciousemails

• Clickonsuspiciouslinksinemailsorpop-upwindows

• Calltelephonenumbersprovidedinsuspiciousemails

• Discloseanyinformation

Page 6: Beware of Phishing Scams

User Awareness•Mostphishingattemptsareforidentitytheft,butphishingisalsobeingusedtogainaccesstoonlinebanking,federal,andDoDinformation

• PhishingAttackscanbegearedtocollectpersonalinformationsuchas:SSN,mother’smaidenname,dateofbirth,passwords,creditcardnumbers,etc.

• Phishingemailsnotonlyattempttotrickyouintogivingoutsensitiveinformation,butalsocanincludemalicioussoftware

•MalicioussoftwarecanbevirusesandothercomputercodedesignedtoallowahackertouseyourcomputerforillegalInternetactivity,ortoaccessyourunit’snetworktogatherDoDinformation

•Maliciouscodemaycaptureyourkeystrokesorcaptureyourpersonalandworkfilesandsendthemtopeoplewithoutyourknowledge

How Phishing Works

Protect Yourself and Your Organization

DO

• Watchoutforphishing

• Deletesuspiciousemails

• ContactyourInformationAssuranceOfficeroryourservicingNetworkEnterpriseCenter(NEC)ifyouhavequestionsaboutemails

• Reportanypotentialincidents

DO NOT • Opensuspiciousemails

• Clickonsuspiciouslinksinemailsorpop-upwindows

• Calltelephonenumbersprovidedinsuspiciousemails

• Discloseanyinformation

Page 7: Beware of Phishing Scams

SUSPICIOUS ACTIVITY REPORTING

Why Phishing Works

•Weareeasilyenticed—wetrustknownbrands/logos

•Lackofusereducationandawareness

•LackofInformationAssuranceknowledgeandwarningindicators

•Visuallydeceptivetext

•Imagemasking

•ImagemimickingWindows

What is Phishing?Phishingisanattemptbyanindividualorgrouptosolicitpersonalinformationfromunsuspectingusersbyemployingsocialengineeringtechniques(i.e.,manipulatingpeopleintoperformingactionsordivulgingconfidentialinformation).Phishingemailsarecraftedtoappearasiftheyweresentfromalegitimateorganizationorknownindividual.Theseemailsoftenattempttoattractuserstoclickonalinkthatwilltaketheusertoafraudulentwebsitethatappearslegitimate.Theuserthenmaybeaskedtoprovidepersonalinformation,suchasaccountusernamesandpasswordsthatcanfurtherexposethem,theirnetwork,andtheirunittofuturecompromises.

Inordertofullyunderstandphishingandhowitcanimpactyouandyourunit,youshouldbeawarethattherearedifferenttypesofphishing:

Phishingisusuallyane-mailsenttoalargegroupofpeoplethatattemptstoscamtherecipients.Thepeoplethemessageissenttooftendonothaveanythingincommon.

Spear phishingisamessagesenttoasmaller,moreselectgroupoftargetedpeopleortoasingleindividual.

Whaling or whale phishingisahighlypersonalizedmessagesenttoseniorexecutives,high-levelofficials,ortheirpersonalexecutivestaffmembers.

Help! I think I’ve been

Phished!Anti Phishing Quick Reaction Drill

• Changeyourpasswordimmediatelyattherealwebsite:

• Typethewebsitenameinyourbrowser’saddressbar.

• Signintoyouraccountandclickthe“userprofile”or“changepassword”link.

• Followthewebsite’sinstructionstochangeyouraccountinformationandpassword.

• Clickthe“contactus”linkfoundonmostwebsitesandinformthemaboutthephishingattackyoujustexperienced.

• Ifyouareusingagovernmentcomputer,contactyourlocalInformationAssuranceOfficerandservicingNetworkEnterpriseCenter(NEC).

Recognizing & Avoiding Email Scams:http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Report Phishing Attacks to Your Local Information Assurance Officer and your servicing Network

Enterprise Center (NEC)


Choose Trusted Moving Service and Beware of Moving and Packing Scams

Choose Trusted Moving Service and Beware of Moving and Packing Scams

Business
Friendly Advice on Privacy, Phishing, Scams and SPAM

Friendly Advice on Privacy, Phishing, Scams and SPAM

Technology
New Increased COVID-19 Payment Scams & Cybersecurity Risks · 2020. 4. 17. · Government and Regulatory High-Level Alerts • Phishing Scams -- The U.S. Department of Homeland Security

New Increased COVID-19 Payment Scams & Cybersecurity Risks · 2020. 4. 17. · Government and Regulatory High-Level Alerts • Phishing Scams -- The U.S. Department of Homeland Security

Documents
Why Do Some People Fall for Phishing Scams and What Do I Do About it?

Why Do Some People Fall for Phishing Scams and What Do I Do About it?

Technology
Build a Secure Cyberspace 2019 “Phishing scams? No more ... · Information Security from Risk Management and Design Build a Secure Cyberspace 2019 “Phishing scams? No more!”

Build a Secure Cyberspace 2019 “Phishing scams? No more ... · Information Security from Risk Management and Design Build a Secure Cyberspace 2019 “Phishing scams? No more!”

Documents
May 2017 Consumer Alert Beware of Tech Scams · Consumer Alert Beware of Tech Scams What to Look Out For A scam artist posing as a tech support person will often attempt to gain access

May 2017 Consumer Alert Beware of Tech Scams · Consumer Alert Beware of Tech Scams What to Look Out For A scam artist posing as a tech support person will often attempt to gain access

Documents
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams

Documents
Recognize phishing scams

Recognize phishing scams

Education
St Ives Thrive Magazine Issue 2 - St Ives Retirement Living€¦ · Beware of ‘phishing’ scams. Phishingbis the attempt to acquire sensitive information such as usernames, passwords,

St Ives Thrive Magazine Issue 2 - St Ives Retirement Living€¦ · Beware of ‘phishing’ scams. Phishingbis the attempt to acquire sensitive information such as usernames, passwords,

Documents
Consumer Alert - Beware of Tech Scams Alert Beware of Tech Scams. What to Look Out For. A scam artist posing as a tech support person will often attempt to gain access to the unwary

Consumer Alert - Beware of Tech Scams Alert Beware of Tech Scams. What to Look Out For. A scam artist posing as a tech support person will often attempt to gain access to the unwary

Documents
Fighting Spam, Phishing and Online Scams at the Network Level

Fighting Spam, Phishing and Online Scams at the Network Level

Documents
Scam Block Plus Chrome Extension Anti Phishing Scams

Scam Block Plus Chrome Extension Anti Phishing Scams

Technology
Scholarship Scams Avoiding Scholarship Scams, Phishing & Identity Theft at All Cost

Scholarship Scams Avoiding Scholarship Scams, Phishing & Identity Theft at All Cost

Documents
Washington Foreclosure Prevention Resource Guide Resource Guide.pdfATTORNEY GENERAL OF WASHINGTON ... BEWARE OF SCAMS – DON’T E A VITIM 41 Warning Signs 42 How Scams Work 42 Common

Washington Foreclosure Prevention Resource Guide Resource Guide.pdfATTORNEY GENERAL OF WASHINGTON ... BEWARE OF SCAMS – DON’T E A VITIM 41 Warning Signs 42 How Scams Work 42 Common

Documents
Beware of Foreclosure Rescue Scams!

Beware of Foreclosure Rescue Scams!

Documents
Phishing scams in banking ppt

Phishing scams in banking ppt

Education
Seven new (and convincing!) phishing scams

Seven new (and convincing!) phishing scams

Documents
How Small Businesses Can Prevent Phishing Scams

How Small Businesses Can Prevent Phishing Scams

Economy & Finance
What is Smishing? EXAMPLES OF SMISHING · 2016. 12. 7. · What is Smishing? Mobile phones are a popular target of phishing scams. A recent trend in phishing is SMS phishing or smishing

What is Smishing? EXAMPLES OF SMISHING · 2016. 12. 7. · What is Smishing? Mobile phones are a popular target of phishing scams. A recent trend in phishing is SMS phishing or smishing

Documents
TAX-TIME PHISHING SCAMS - Cofense · Tax-related phishing occurs when cybercriminals, spoofing emails or impersonating co-workers, executives or authorities, send fraudulent emails

TAX-TIME PHISHING SCAMS - Cofense · Tax-related phishing occurs when cybercriminals, spoofing emails or impersonating co-workers, executives or authorities, send fraudulent emails

Documents
DigiCert Phishing White Paper: A Primer on What Phishing ... · or 419 scam. These scams are ... • Ensure implementation of protection . against phishing, spam, viruses and

DigiCert Phishing White Paper: A Primer on What Phishing ... · or 419 scam. These scams are ... • Ensure implementation of protection . against phishing, spam, viruses and

Documents
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010

Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010

Technology
Freud and Phishing: The Psychology Behind Internet Scams

Freud and Phishing: The Psychology Behind Internet Scams

Documents
Living in a World of Hackers, Phishing, Scams and SPAM

Living in a World of Hackers, Phishing, Scams and SPAM

Education
At School & On-Line: Helping Students Avoid Security ......Phishing, Pharming & Email Scams • "Phishing” - elicits secure information through an e-mail message that appears to

At School & On-Line: Helping Students Avoid Security ......Phishing, Pharming & Email Scams • "Phishing” - elicits secure information through an e-mail message that appears to

Documents
COMBATTING MODERN EMAIL PHISHING ATTACKS · 2016-11-07 · Combatting modern email phishing attacks More effective than traditional phishing scams, spear-phishing attacks are carefully

COMBATTING MODERN EMAIL PHISHING ATTACKS · 2016-11-07 · Combatting modern email phishing attacks More effective than traditional phishing scams, spear-phishing attacks are carefully

Documents
Beware of BAIT! · Beware of BAIT! How to Spot a Phishing Scam “Phishing” emails attempt to trick people into sharing information that helps criminals access an organization’s

Beware of BAIT! · Beware of BAIT! How to Spot a Phishing Scam “Phishing” emails attempt to trick people into sharing information that helps criminals access an organization’s

Documents
How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

Documents
Phishing Scams: 8 Helpful Tips to Keep You Safe

Phishing Scams: 8 Helpful Tips to Keep You Safe

Technology
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010

Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010

Technology