1 / 23

Email Security Awareness

Email Security Awareness. Tips to protect yourself from some common email dangers & scams. The driving force is MONEY! Drive you to a site to sell you something Scams, advanced fee, lottery Collect personal information Fake AV, S careware ! Ransomware ! Stealing login credentials

dorothyburton
Download Presentation

Email Security Awareness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Email Security Awareness Tips to protect yourself from some common email dangers & scams

  2. The driving force is MONEY! • Drive you to a site to sell you something • Scams, advanced fee, lottery • Collect personal information • Fake AV, Scareware! Ransomware! • Stealing login credentials • Key loggers • Attackers are finding ways to compromise computer, passwords, data, accounts • Easier to hack people then find way into company network through perimeter defenses Protect Yourself

  3. Password may be only line of defense for email account • Don’t reuse passwords for all online accounts • Compromised password could give access to multiple accounts or sites • Avoid common words, names, birthdays • Use passphrase, mix upper and lower case letters, numbers, and special characters • Minimum 14 characters • Never keep passwords on sticky note on monitor • Login page using HTTPS required when using unsecure network (public Hot Spot) • https://www.microsoft.com/security/pc-security/password-checker.aspx Strong Passwords

  4. Sense of urgency! Act now, respond now, need help • Don’t think, just click! NOW, NOW, NOW! • Alarmist messages and threats of account closures • Any email requesting personal information, bank account, credit card number, access codes, etc… (Phishing) • Spelling errors, grammatical errors • Promises of money for little or no effort • Work from home (money mule scams) • Generic greeting, Dear Customer • Request for help, related to urgency scams, emotional pull • Sender in foreign county needs help and money Tips to Avoid Scams

  5. Send money up front to receive prize • Deals that sound too good to be true • Free may have a price tag! • Electronics, iPads, gift cards, lottery scams, inheritance scams etc… • Downloads and attachments • Fake software updates • Holiday scams, ecards (zip file attachment or links) • May lead to unwanted software being loaded on computer, Trojan horse program with key logger, fake AV, bot, rootkit, etc… • Senders email address • Email may claim to be from BOA, but sender address is not related to company, EX johndoe@badguysite.com Tips to Avoid Scams

  6. Requests to donate to a charitable organization after a disaster that has been in the news • Shortened links, or confusing links • Redirect to bad guys site • Go directly to company web site if in doubt • Chain letters • May be collecting addresses for spammers • Unsubscribe links, may confirm live email account • Junk Mail in GroupWise • Report as spam or set up filter to block future emails (Gmail, Hotmail, Yahoo, etc…) • Similar scams may arrive as instant messages, Skype, Facebook posts, Twitter DMs • Social networking is a huge target for scams Tips to Avoid Scams

  7. No! I don’t need cheap meds! • Not malicious • Similar to postal junk mail • Usually selling merchandise or advertisements • Link to ecommerce website • Drive customer to website selling products or offering services Spam

  8. The number “419” refers to the article of the Nigerian Criminal Code dealing with fraud • Started before email as Spanish prisoner scam • Many variations, • Iraqi gold, blood diamonds, inheritance or investment scams, etc… • Advanced fee scams • Usually involve millions of dollars • Assistance is needed, transfer money to you and you earn percentage, catch is paying fees or taxes up front • Made to believe paying fees or taxes will lead to “bigger” prize! Nigerian 419 Email Scams

  9. There is no big prize or reward! • Do not respond • Delete message • Junkmail, report as spam Don’t Respond

  10. URGENCY! Dire need of help! • Receive email from friend or relative that is in foreign county and has been robbed • Needs money to settle bills Robbed in London

  11. Call person, try to speak to person to verify their location • Never in country that email claims! • Senders email account has been hacked or accessed by unauthorized person • Bad guy sending email to all contacts in address book • Person is unaware account was hacked and “fake” emails are being sent • Person should change password to account immediately • Check for forwarding rules • Contact ISP or email provider for assistance Never Respond

  12. To obtain information for the purpose of fraud or identity theft • Account may be locked or suspended • Have short time frame to verify • Problem with payment or credit card • Verify login credentials • Email account storage limits • URGRNCY pull is involved Phishing

  13. Can use company logos • Copy from web site • Look and feel authentic • Links do not go to actual company website • Shortened links, bit.ly • Redirect to bad guy site • May sign name of actual employee with company • Senders email address is not related to company Phishing

  14. Phishing Video • http://onguardonline.gov/media/video-0007-phishy-office Phishing

  15. More specific • Targeted audience • Directed at specific company, people at certain levels in company or in certain departments Spear Phishing

  16. The name is derived from SMS Phishing, SMS (Short Message Service) is the technology used for text messages on cell phones • URGENCY! • (Voice phISHING) it is the voice counterpart to phishing. The caller can ask for personal information or direct user to malicious website. • Support call to download “fake” software update. • Caller ID numbers and names can be spoofed. Smishing

  17. Smishing Example

  18. Never reply to an email to verify personal information, bank account numbers, credit card numbers, passwords, etc… • Call bank or credit card company directly • Verify if they sent email • Some companies have ways to report suspected fraud emails Don’t Respond

  19. Microsoft and Adobe never send updates through email • Attachments will not update programs, but load unwanted software • Links will not take to you to company web site or download attachment • Go directly to company website • Microsoft Updates through IE • Check for updates in Adobe Reader • Run PSI or Qualys Browser Check to verify updates are available Software Updates

  20. Work from home scams • Make money part time, spare time • Have computer you can make thousands of dollars • Open bank account, bad guy deposits money, you transfer, or with draw money and wire it to someone, and keep percentage • No legitimate company works like this! Money Mule Scams

  21. Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S. (September 2010) • https://www.computerworld.com/s/article/9189038/Zeus_Trojan_bust_reveals_sophisticated_money_mules_operation_in_U.S In the News

  22. Phishing Game • http://onguardonline.gov/media/game-0011-phishing-scams • Scam and Spam Game • http://onguardonline.gov/media/game-0012-spam-scam-slam For Fun

  23. http://ilookbothways.com/spot-the-spam/ • http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx • http://onguardonline.gov/topics/avoid-scams Additional Resources

More Related