Security Awareness: Phishing

SECURITY AWARENESS : PHISHING THIS COULD BE YOU The term "phishing" actually originated from the word fishing because the manner of attack resembled fishing ever since its early invention. 25% Theft or Loss Hackers of Computer or Drive 36% TOP CAUSES OF 5% Unknown DATA BREACHES IN 2013 (SO FAR) 3% Fraud Accidentally Made Public 30% 2% Insider Theft 23 HOURS AND 77,996,740 10 MINUTES KASPERSKY SAYS: The Average Lifespan For Phishing Websites in 2012 Phishing has Become the Preferred Method for Cybercriminals Number of Identities Exposed in 2013 (so far) Symbol of Early Phishers Before the Name was Crafted As Apple's popularity grows, so does the desire among fraudsters to make money from the people who own the company's devices. The cybercriminals are aiming to steal Apple ID data which provides access to users' personal information stored in iCloud, like: Photos, Contacts, Email and Documents... As well as purchases made in the company's iTunes Store. TRUE OR FALSE Attackers have been targeting the websites and social media accounts of well-regarded organizations to exploit the vulnerability of the account holders. 1. TRUE 2. The number of fraudulent websites and servers used in attacks has more than TRUE tripled since 2012. 3. FALSE Nickelback is the best band of all time. Humans are the weakest link in information security defense program because of their susceptibility in phishing emails highlighting topics that spark interest or fear of account being hacked. 4. TRUE CYBERCRIMINALS WHAT THEY DO WHY THEY WORK Cybercriminals continue to use spear-phishing attacks to compromise computer networks and exploit access to: In spear-phishing attacks, cyber criminals target victims because of their involvement in an industry or organization. Often, the e-mails contain accurate information about victims usually obtained via social networking sites, blogs, or other websites. This information adds a • Creating Fake Identities • Stealing Intellectual Property eneer of to the message, • Compromise Financial Credentials (user name & passwords) to Steal Money From Victims' Accounts increasing the chances the victims will open the e-mail and respond as directed. THESE GUYS (OR GALS) HOW THEY WORK Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated. The e-mail contains a link for completing the update. If victims click the link, they are taken to a fraudulent website through which malicious software (malware) harvests details such as the victim's user names and passwords, bank account details, credit card numbers, and other personal information. MOST POPULAR TARGETED COMPANIES (2012) PAYPAL AOL FACEBOOK MASTERCARD TIPS TO AVOID BECOMING A VICTIM SIGNS OF A PHISHING ATTACK: UNCLEAR LINK IN EMAIL WHEN HOVERING OVER UNEXPECTED EMAIL POOR SPELLING EMAIL FROM UNKNOWN SENDER OR NON-BUSINESS OR GRAMMAR IN EMAIL RELATED TO AVOID BECOMING A VICTIM OF PHISHING ATTACKS, KEEP IN MIND: Most businesses will not ask for personal information, such as user names and passwords, via e-mail. Start assuming that 100% of unexpected emails with a call to action 2 (link, button or download document) to confirm information are phishing emails... Delete them! Keep your computer's anti-virus software and firewalls updated. 3 Many of the latest browsers have a built-in phishing filter that should be enabled for additional protection. Sources: www.japantimes.co www.securelist.com | www.scmagazine.com | www.mashable.com www.symantec.com | resources.infosecinstitute.com | www.symantec.com