phishing awareness
DESCRIPTION
Slideshare that can be use as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.TRANSCRIPT
Phishing Awareness
What is Phishing?
Phishing Is A Fake Email
The long definition is that phishing is the act of attempting to acquire information such as usernames and passwords by masquerading as a trustworthy entity in an electronic communication.
Is Phishing A Threat?
29%of security breaches involve social tactics, such as phishing
Source: 2013 Verizon Data Breach Investigations Report
71%
Phishing Is The Most Used Social Tactic
91% of targeted attacks use spear-phishing emails.
Spear-Phishing is when detailed information about the recipient, company or others is used to make the email look more credible.
And It’s Getting Worse
Phishing Is On The Rise
The total number of phishing attacksincreased 59 percentfrom 2011 to 2012
In 2012-2013, 37.3 million users worldwide were subjected tophishing.
Phishing In The News
A single victim of a phishing attack can impact on millions.
The attack on the AP Twitter Account has a serious impact on the stock market.
Impact of the attack on the stock market
No Company Is Immune!Even security companies can fall victim.
What Can You Do?
1. Know the signs of a phishing attack
2. Report phishing attacks
1. Generic greeting
2. Invokes fear
1
2
3. Requires action3
4. Threating language4
55. Grammar Issues
Common Phishing Traits
6. Generic Closing6
DO hover over links verify its location
DO NOT click on unknown links
DO report the suspected attack
DO NOT reply to suspicious requests
4
What To Do
There’s More:DO NOT rely on the “from” and “reply to” email addresses as these can be faked
BE SUCPSIOUS of unsolicited attachments
CONFIRM information out of band. That is, contact the sender on a known line, email, website, or other method.
DO NOT use information in the email.
Phishing attacks are only limited to the creativity of the attacker.
When In Doubt, Ask Your Security Office.DO NOT CLICK, RESPOND, OR DOWNLOAD!