Presentation is loading. Please wait.

Presentation is loading. Please wait.

PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

Published byArabella McDonald Modified over 8 years ago

Similar presentations

Presentation on theme: "PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,"— Presentation transcript:

1

2 PHISHING AND SPAM EMAIL

3 INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank, a vendor, or other online site. Hopefully, you have realized that many of these emails are not what they proclaim to be – they are not legitimate emails, but “phishing.” 2014 DHS IT Security & Privacy Training 2

4 INTRODUCTION In other words, the sender of the emails (phisher) wants you to click on a link in the email and go to a fake website which you may think is the legitimate website. On the phishers’ website, they hope to obtain your user account and passwords, financial, credit, and/or identity information. They do this by asking you to enter passwords or other identifying information that unlocks your information; They do this by recording your keystrokes while you are visiting their website; and They do this by surreptitiously downloading malware on your computer while you are on their website. 2014 DHS IT Security & Privacy Training 3

5 SOCIAL ENGINEERING “Phishing” is one form of social engineering. Social engineering is the practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security, either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The targets of social engineering may never realize they have been victimized. 2014 DHS IT Security & Privacy Training 4

6 PHISHING Phishing uses e-mail messages that supposedly come from legitimate businesses you might have dealings with: Banks such as Bank of America or Citibank; Online organizations such as eBay or PayPal; Internet service providers such as AOL, MSN, or Yahoo; Online retailers such as Best Buy; and insurance agencies. The messages may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages. 2014 DHS IT Security & Privacy Training 5

7 PHISHING Typically, phishers ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes. Identity theft is the name of the game. And because these e-mails look so official, up to 20% of unsuspecting recipients may respond to them, resulting in financial losses, identity theft and other fraudulent activity. 2014 DHS IT Security & Privacy Training 6

8 HOW DO YOU KNOW IF IT'S REAL OR FAKE? 2014 DHS IT Security & Privacy Training 7 Fake email:  Often contains a generic greeting (it does not call you by name, but as “customer,” “friend,” etc.).  Often claims your personal information has been corrupted, lost, or has expired.  Directs you to a real-looking but counterfeit web site. Almost every company that has your personal information will have a policy that forbids the company from sending email attachments or pop-up windows asking for personal information from you and its other customers.

9 WHAT TO DO WITH A SUSPECT EMAIL 2014 DHS IT Security & Privacy Training 8 If you get an email requesting private information:  Verify it really came from where it says before giving out any information.  Call the sender and verify the email is authentic.  Delete the email. If it is important, the sender will send it again.

10 SPAM V PHISHING EMAIL Not every junk or spam email is a phishing email. The word "Spam" as applied to email means "Unsolicited Bulk Email". Unsolicited means the recipient has not granted permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having essentially identical content. A message is spam only if it is both unsolicited and bulk. Unsolicited email is normal email such as first contact enquiries, job enquiries, sales enquiries, etc. Bulk email is normal email such as subscriber newsletters, customer communications, discussion lists. 2014 DHS IT Security & Privacy Training 9

11 SPAM V PHISHING EMAIL So, spam is unsolicited e-mail, usually from someone trying to sell something. The difference between spam and phishing emails is that spammers do not attempt to acquire sensitive information. 2014 DHS IT Security & Privacy Training 10

12 WHAT TO DO WITH SPAM EMAIL If you use email, you will get spam on your computer. DHS uses a spam filter called the User Quarantine Release that uses a formula to identify email suspected of being spam and filters it out. 2014 DHS IT Security & Privacy Training 11

13 USING THE USER QUARANTINE RELEASE The User Quarantine Release (UQR) is the DHS Outlook spam filter. It collects email suspected to be spam. That email does not go to your Outlook inbox. You will receive an auto-generated email once a day or on days you have suspect email notifying you of any email message addressed to you that was quarantined because the system determined it might be spam. From within this notification, you may release messages that you believe are valid emails. The UQR deletes the email it holds after a 7 days. The next slide gives an example of what the UQR looks like. 2014 DHS IT Security & Privacy Training 12

14 USING THE USER QUARANTINE RELEASE 2014 DHS IT Security & Privacy Training 13 Click here to approve or release email.

15 WHAT TO DO WITH SPAM EMAIL The best way to deal with spam email is to delete it. You need to file a Security Incident Report for spam email only if your DHS computer is being overrun by spam email not being caught by the UQR. Receiving an occasional spam email in your inbox does not need to be reported. 2014 DHS IT Security & Privacy Training 14

16 DHS POLICY 5006 EMAIL USAGE 2014 DHS IT Security & Privacy Training 15 A User:  Accepts responsibility for any email created by that user, and for revisions in email messages that are forwarded or replied to.  Accepts responsibility for any email he or she stores or saves.  Does not have responsibility for messages received but not created by the user as long as those messages are deleted, not stored, from the user’s mailbox. These are the primary guidelines of the policy:

17 DHS POLICY 5006 EMAIL USAGE 2014 DHS IT Security & Privacy Training 16  Inappropriately modifying an email message or printing inappropriate email has negative consequences.  Evidence of misuse of the system may result in termination of access to the DHS network without notice.  DHS cannot guarantee protection from email containing viruses, worms, or malicious attachments. Suspicious email should be reported on the IT Security Incident Report form.

Download ppt "PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,"

Similar presentations

THE DHS PHISHING IQ TEST PART 2 LEGITIMATE EMAIL V PHISHING EMAIL How do you know if an email is legitimate, or is a phony, phishing email? Take the.

THE DHS PHISHING IQ TEST PART 2 LEGITIMATE V PHISHING How do you know if an is legitimate, or is a phony, phishing ? Take the.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Victoria ISD Common Sense Media Grade 6: Scams and schemes

Victoria ISD Common Sense Media Grade 6: Scams and schemes
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
EMAIL AND SPAM BY OLUWATOBI BAKARE 098611.

AND SPAM BY OLUWATOBI BAKARE
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
How It Applies In A Virtual World

How It Applies In A Virtual World
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Issues Raised by ICT.

Issues Raised by ICT.

Similar presentations

Ads by Google