Presentation is loading. Please wait.

Presentation is loading. Please wait.

PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing email circulated last week that led to.

Published byMichael Austin Modified over 6 years ago

Similar presentations

Presentation on theme: "PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing email circulated last week that led to."— Presentation transcript:

1 PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to a number of compromised accounts. Phishing is a form of identity theft where victims are lured into giving away sensitive information, usually through (although users can also be targeted by phone or text). Messages are designed to look like they are coming from trusted businesses, like banks, government agencies or even from within Queen's University. Often they are trying to steal your identity or login credentials to gain access to your accounts and use them to commit other crimes.

2 Here’s how phishing works:
When you click or open the link, a number of scenarios may play out. Malicious software (a virus or botnet) may be embedded in your computer that searches for banking information, credit cards, passwords and/or personal details, sending them back to the crooks. Your computer may be hi-jacked with all of your files being encrypted. Ransomware. You may be presented a login window that appears to be a legitimate Queen’s login page that mirrors a service that you are familiar with. Logins will fail, but after the first attempt, the real authentication page may appear, allowing you to successfully login. The “Phisher” will get in touch via , text, chat, etc with a message that seems to be from a trustworthy source and is for appearances sake meant just for you ( Spearing – they have looked up information about you and have targeted a topic that will likely result in a reaction ). The message will include a link for you to click or an attachment to open. When you click or open the link, a number of scenarios may play out.

3 What to look for? Is this for real?
The best defense is to be skeptical of everything Are you expecting the ? Is it from a contact of yours ( be aware of Spoofing, or whether the user you know could be compromised and the request is out of the ordinary ) When hovering over the link, does it display a recognized site that is secure. Review Examples -

4 Effect to the end user. The quick thinker will know immediately and may only need to change their password to protect against additional malicious activity. The lucky individual may have a phisher who plays nice and your account will only be used to send out SPAM. Bounce backs will be received and the user will initially be puzzled. The phisher has not mined your accounts for information. The unlucky individual may have to deal with stolen identity, a breach of confidential information or they may become the sender of additional Spear Phishing attempts within Queen’s. To the keen individual, they will sense that something was not just right and will immediately change their password. To the lucky individual, the account will simply be used to send out additional SPAM. Lucky because they usually learn quit quickly via bounce backs, colleagues or from ITS that their account has been compromised. BUT did the phisher simply send out more spam? Or have they searched the users for Credit Card Numbers Have they mined Personal information that can be used to apply for loans Do they now have the Confidential information of others If lucky, the user affected simply has to deal with the embarrassment of spaming others and a mess of bounce backs. But in some cases, full investigations need to take place and others who may have been affected need to be notified of a possible data breach.

5 Effects to Queen’s University
Affects our mail reputation Results in lost time in dealing with issue at multiple levels user level departmental level within ITS Puts business and personal data at risk User and department need to determine scope of data that may be affected. Action is required to follow up with colleagues and customers that may be adversely affected by the account being compromised.

6 What is being done? Awareness campaigns Security Training
Monitoring suspicious changes to account settings Continuous Tweaking of filters on Monitoring access from multiple locations What Can you Do as an End User? Learn more about phishing and safe computing practices: In most cases, you can simply delete the message.( You know it is phishing and it was obvious) If you have acted on the phishing attempt, change your password and contact ITS Forward messages you wish to report to Call ITS if you want confirmation as whether the is legit

Download ppt "PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing email circulated last week that led to."

Similar presentations

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Breaking Trust On The Internet

Breaking Trust On The Internet
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Phishing, Pharming, and Spam Margaret StewartTuesday, Oct. 21, 2006.

Phishing, Pharming, and Spam Margaret StewartTuesday, Oct. 21, 2006.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
How It Applies In A Virtual World

How It Applies In A Virtual World
Information Security Phishing Update CTC

Information Security Phishing Update CTC
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.

Cyber Crimes.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

Similar presentations

Ads by Google