Topic: 08 2018 Phishing StaySecure Your monthly dose of cyber security
The human element always was and always will be the most vulnerable part of IT security. Attackers abuse this fact and focus the vast majority of their attacks directly on company employees.
What is phishing? Phishing is a method of stealing personal information that is focused mainly on login credentials. Attackers send fraudulent emails, that seem legitimate at first glance, to their victims, but actually they try to trick users and “force“ them to unintentionally leak sensitive data. Examples of this are requests to change password access to bank systems or requests for login to web pages where the users are registered. However, filled data by users are also sent to the attackers.
Example of a phishing email What are the signs of phishing?
Urgency • something needs to be done quickly
Threatening • a fine if no action is taken From: PayPal
Different sender name and real email address
How may I defend? What should I do when I receive a phishing email? • Investigate URL – spelling, no redirection, shortened URL • Establish multi-factor authentication • In case of a suspicious email, contact the sender (in a different way than responding to the received email, e.g. by a phone) and ask him about the email’s legitimacy • Do not provide any personal information if you are not sure • Notify the IT security department – sending the email to anybody from IT is enough • Do not download and open attachments • Use web browser extensions (e.g. Netcraft Toolbar, ScamBlocker) that detect phishing attacks
Do you need any help? If you are interested in this topic, don’t hesitate to contact me. I will be more than glad to help you in all areas of Cyber Security.
Logo InsertName Surname your[name.surname [email protected]], SecuritydetailsManager here