2016 Social Engineering Training
-
Upload
rob-valdez-cpa-cisa -
Category
Technology
-
view
69 -
download
0
Transcript of 2016 Social Engineering Training
![Page 1: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/1.jpg)
The following is for your education, so please continue through this exercise. You will learn about the risks of phishing and some common traits to help identify phishing attacks. Please read each slide carefully and completely.
The link you clicked on was part of a phishing awareness campaign.
![Page 2: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/2.jpg)
What is Phishing?( hint: it’s tricking an end user via a fake email! )
![Page 3: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/3.jpg)
“Phishing” refers to fake emails sent by attackers. If they can get one person to click on a link or download an attachment, they
can gain access.
![Page 4: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/4.jpg)
Phishing Emails Work
50%open emails and click on phishing links within the
first hour
11%click on
attachments
![Page 5: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/5.jpg)
Source: 2016 Verizon Data Breach Investigations Report
89%
Most phishing is done by organized crime syndicates.
![Page 6: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/6.jpg)
85% of targeted attacks use spear-phishing emails.
![Page 7: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/7.jpg)
What can be done?
Improved e-mail filtering (technology)
Human sensor network(YOU!)
A NETWORK OF HUMAN SENSORS ARE MORE EFFECTIVE AT DETECTING PHISHING ATTACKS THAN ALMOST ANY TECHNOLOGY
Source: 2015 Verizon Data Breach Investigations Report
![Page 8: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/8.jpg)
Phishing in the News
![Page 9: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/9.jpg)
Phishing in the News
A single victim of a phishing attack can impact on millions.
![Page 10: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/10.jpg)
Phishing AttacksLook Real
![Page 11: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/11.jpg)
Phishing AttacksLook Real
![Page 12: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/12.jpg)
Phishing AttacksLook Real
![Page 13: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/13.jpg)
What can you do?
Know the signs of a phishing
attack
Report phishing attacks to the IT
Department
![Page 14: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/14.jpg)
How to detect a Phishing email
![Page 15: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/15.jpg)
Common Phishing Traits
1
2
3
4
5
6
1. Generic greeting2. Invokes fear3. Requires action4. Threatening language5. Grammar issues6. Generic closing
![Page 16: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/16.jpg)
DO NOT click on unknown links
DO NOT reply to suspicious requests
DO hover over links verify its location
DO report the suspected attack
What to do?
![Page 17: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/17.jpg)
What to do?
DO Be suspicious of unsolicited attachments.DO Confirm information through other channels of communication. That is, contact the sender on a known line, email, website, or other method.
DO NOT give information in the email.DO NOT download any files.DO NOT rely on the “from” and “reply to” email addresses, which can be faked.
![Page 18: 2016 Social Engineering Training](https://reader034.fdocuments.us/reader034/viewer/2022051706/58f07aff1a28ab11308b45e9/html5/thumbnails/18.jpg)
When in doubt, contact the I.T. department or Your Supervisor
DO NOT CLICK, RESPOND OR DOWNLOAD!
Courtesy: Action Fraud and the National Fraud Intelligence Bureau