SlideShare una empresa de Scribd logo

Phishing Email Examples and How to Identify Them

Descargar como PPTX, PDF
J
Jon Santavy

The biggest challenge of phishing is that technology doesn’t provide a perfect fix. Attackers play on trust and fear to manipulate people to take actions that leave their organization at risk. Stopping phishing attacks starts with identifying the phishing email.  This presentation provides 6 examples of phishing emails and how to identify them to mitigate risk.

Tecnología
1 de 19
6 Examples of Phishing Emails And How to Identify Them Teach Your Employees What to Look for to Identify Phishing Emails
The threat of phishing is increasing both in terms of frequency and sophistication. This trend shows no sign of slowing.
One of the biggest challenges of phishing emails, and social engineering in general, is that technology doesn’t provide a perfect fix.
However, there is one common denominator in all of these phishing attacks. People.
Attackers play on trust and fear to manipulate people to take actions that put them at risk. The risk goes beyond the individual. Employee actions leave organizations vulnerable too.
There’s a common saying that employees are the biggest threat to information security. However, employees can be taught how to recognize phishing emails to keep personal, company, and customer information safe. Untrained employees may be one of the biggest threats to information security, while well trained employees are the best and last line of defense.
This presentation shows 6 examples of phishing emails with pictures. After the presentation, users should: 1. Identify common phishing emails 2. Simulate phishing attacks 3. Raise awareness of phishing threats
The Lookalike Phish 1. Check the actual sender to confirm the sender is who you expect it to be. Employees can view the sender in the Amazon example above is ‘emailservice.com,’ and not Amazon. 2. Hover over links in the email to confirm they are going where you expect. Hovering over the links in this example should show Amazon.com. One common factor in most successful phishing emails is trust. If an attacker can establish trust with the recipient, the likelihood that the recipient performs a desired action increases significantly. Establishing trust is easy if the attacker can look like something the recipient already trusts. For example - Amazon. Almost everyone knows Amazon and has an account, so it’s easy to establish trust quickly with an Amazon lookalike email and trick the recipient into providing their password or confirming their credit card information. Two Best Practices to Identify Be aware that attackers are becoming more sophisticated and improving their craft. While a link may be easy to spot as being fishy, it may be cleverly disguised. For example, by replacing the ‘o’ in Amazon with a zero (Amaz0n), or a similar character, a recipient may miss the slight change.
The Internal Request 1. Raise employee awareness of the information security policy. Employees should be aware that no one in the company will ever ask for their password. The IT department will never require a password to resolve a support ticket. 2. Call the sender to confirm the email and its intent. It’s likely that the company has an extension for each employee so you can quickly contact the sender to confirm that they sent a request for information. Similar to the lookalike, The Internal Phish relies on trust. Internal does not describe the sender, as phishing emails typically come from malicious attackers outside an organization. Rather, internal describes the ‘character’ that the attacker is playing. By playing an internal IT Manager or HR Director, an attacker can quickly gain your trust and encourage dangerous behavior. A common Internal email is a request to reset a password from the IT manager. Two Best Practices to Identify
The Government Threat 1. Raise employee awareness of the information security policy. Employees should be aware that no one in the company will ever ask for their password. The IT department will never require a password to resolve a support ticket. 2. Call the sender to confirm the email and its intent. It’s likely that the company has an extension for each employee so you can quickly contact the sender to confirm that they sent a request for information. Government threats rely on fear rather than trust. Even if the victim is innocent, a call or email from the government increases a heart beat. Passing a police officer while driving down the highway at the speed limit still causes a break tap, two checks of the speedometer, and 3 checks in the rearview mirror - an email from the FBI or IRS will do the same. This can be extremely effective by phone as described in this article about a franchise employee sending thousands of dollars in gift cards to pay for illegal activity by the owner. It’s also effective by email. A common attack has the attacker impersonating the IRS and requesting swift action by the recipient. Two Best Practices to Identify Fear/Trust can be increases when this attack is used during tax season.
Wire Transfer Fraud 1. Raise employee awareness of the information security policy. Employees and buyers should be aware that no one in the company will ever use a free email account. 2. Call the sender to confirm the email and wire transfer details. Creating a manual two factor authentication process will ensure the email was sent by a trusted person and the account information is correct. Note: Do not use the phone number provided in the email. Rather used a trusted phone number that’s already been used to connect with the sender. Wire Transfer Fraud is increasing in the home buying process. It’s the perfect storm in which home buyers are excited, there are multiple parties involved, deadlines, and large amounts of money being transferred. Attackers rely on trust, fear, and time constraints to successfully implement these attacks. The attacker can easily create a free email account similar to the title company or mortgage lenders name, and request that the buyer make a wire transfer to a new account immediately, or risk a delay in closing. Two Best Practices to Identify Sender: MortageLender@yahoo.com Receiver: Home Buyer Message: Hello please the escrow just emailed me that you need to send the funds via wire, They dont want to accept check due to a check check issues they just had, You will need to go to your bank to send the wire tomorrow so they can receive the funds before the closing, Please get back to me now so i can send you the wire information.
Simulate Phishing Attacks on Employees 14 Day Free Trial
The Spear Phishing Attack 1. Raise cybersecurity awareness with the leadership team. Training the leadership team to be aware of the increased risk and sophistication in attacks targeting their position will help them to identify these phishing emails. 2. Call the sender to confirm the email and wire transfer details. Creating a manual two factor authentication process will ensure the email was sent by a trusted person. Spear Phishing is another email that relies on trust. As opposed to a normal phishing email that is sent to many, the spear phishing email is targeted to a specific individual. Typically these attackers are looking to steal confidential information. One common spear phishing targets the CFO. Most CFO’s know that the CEO has a busy schedule, and may require funds to support their business travel. An hacker can take advantage of the CEO/CFO relationship by impersonating the CEO and requesting a wire transfer for a reasonable sum while he’s traveling out of the country. The CFO is likely to trust the request, and make the transfer. Two Best Practices to Identify Sender: CEO Receiver: CFO Message: Hi CFO. Are you busy? I’m out of the office and I need you to process a wire transfer for me today. Please send to XYZ. Thanks. Sent from my iphone
The Spoofing Attack 1. If you are not expecting something, do not open attachments, click links or share information. 2. Call the sender to confirm the email and wire transfer details. Creating a manual two factor authentication process will ensure the email was sent by a trusted person. Spoofing is an attack in which the attacker impersonates a user or device for information or access to an account, network, etc.. Spoofing can be targeted - for example, wire fraud transfer attacks might use spoofing so that the buyer think malicious Two Best Practices to Identify wire fraud request email is actually coming from a trusted source. Spoofing attacks can be used for much wider destruction. For example, attackers targeted Gmail users with the goal of accessing the users entire email history. Their code would then spread itself to all of their contacts. The Gmail user would see a link to share a document. When they clicked the link it would take them to an actual Google page asking to give permission to the attackers fake app.
What is Phishing? Social Engineering is an attack in which an attacker tricks a person into an action desired by the attacker. A well known type of social engineering attack is phishing. Phishing is most commonly associated with email, but can also be done through text messages and instant messages. During a phishing attack, the attacker uses one of these mediums to trick their victim into clicking on a malicious link, opening a malicious attachment, or providing sensitive information. Why Are Hackers Phishing? The goal of phishing varies from broad, shotgun attacks that widely distribute malware to targeted attacks that obtain specific information. Malicious links, attachments, and sites attempt to install malware that is meant to do some harm to you or your company. Malware often aims to collection personal information, interrupt computer operation, or gain access to a computer/network. Attackers may also be looking for very specific information/actions - for example they may perform an attack that dupes a new home buyer into wire transferring funds on the day of closing in which they know the parties involved and the date/time of closing.
One of the biggest challenges of phishing emails, and social engineering in general, is that technology doesn’t provide a perfect fix. The common denominator in all of these attacks are people. Attackers play on trust and fear to manipulate people to take actions that put them at risk. The risk goes beyond the individual. Employee actions leave organizations vulnerable too.
There’s a common saying that employees are the biggest threat to information security. However, employees can be taught how to recognize phishing emails to keep personal, company, and customer information safe.
Employee Awareness Untrained employees may be one of the biggest threats to information security, while well trained employees are the best and last line of defense. Wuvavi Employee Cybersecurity provides an enterprise-grade awareness platform for small and medium sized businesses. Wuvavi makes simulating a phishing attack, training employees on best practices, and tracking completion for compliance requirements easy. Employee Cybersecurity Awareness Best Practices 1. Find a base level to assess results by running a simulated phishing attack. 2. Assign employees training to teach best practices and raise their awareness. 3. Schedule ongoing phishing simulations at least quarterly to keep cybersecurity front of mind. Wuvavi (www.wuvavi.com) is the leader in employee cybersecurity awareness for small and medium sized businesses. 14 Day Free Trial
Make every employee an active participant in cybersecurity.

Recomendados

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 

Recomendados

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 

Más contenido relacionado

Último

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Último (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Destacado

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 

Destacado (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

Phishing Email Examples and How to Identify Them

  • 1. 6 Examples of Phishing Emails And How to Identify Them Teach Your Employees What to Look for to Identify Phishing Emails
  • 2. The threat of phishing is increasing both in terms of frequency and sophistication. This trend shows no sign of slowing.
  • 3. One of the biggest challenges of phishing emails, and social engineering in general, is that technology doesn’t provide a perfect fix.
  • 4. However, there is one common denominator in all of these phishing attacks. People.
  • 5. Attackers play on trust and fear to manipulate people to take actions that put them at risk. The risk goes beyond the individual. Employee actions leave organizations vulnerable too.
  • 6. There’s a common saying that employees are the biggest threat to information security. However, employees can be taught how to recognize phishing emails to keep personal, company, and customer information safe. Untrained employees may be one of the biggest threats to information security, while well trained employees are the best and last line of defense.
  • 7. This presentation shows 6 examples of phishing emails with pictures. After the presentation, users should: 1. Identify common phishing emails 2. Simulate phishing attacks 3. Raise awareness of phishing threats
  • 8. The Lookalike Phish 1. Check the actual sender to confirm the sender is who you expect it to be. Employees can view the sender in the Amazon example above is ‘emailservice.com,’ and not Amazon. 2. Hover over links in the email to confirm they are going where you expect. Hovering over the links in this example should show Amazon.com. One common factor in most successful phishing emails is trust. If an attacker can establish trust with the recipient, the likelihood that the recipient performs a desired action increases significantly. Establishing trust is easy if the attacker can look like something the recipient already trusts. For example - Amazon. Almost everyone knows Amazon and has an account, so it’s easy to establish trust quickly with an Amazon lookalike email and trick the recipient into providing their password or confirming their credit card information. Two Best Practices to Identify Be aware that attackers are becoming more sophisticated and improving their craft. While a link may be easy to spot as being fishy, it may be cleverly disguised. For example, by replacing the ‘o’ in Amazon with a zero (Amaz0n), or a similar character, a recipient may miss the slight change.
  • 9. The Internal Request 1. Raise employee awareness of the information security policy. Employees should be aware that no one in the company will ever ask for their password. The IT department will never require a password to resolve a support ticket. 2. Call the sender to confirm the email and its intent. It’s likely that the company has an extension for each employee so you can quickly contact the sender to confirm that they sent a request for information. Similar to the lookalike, The Internal Phish relies on trust. Internal does not describe the sender, as phishing emails typically come from malicious attackers outside an organization. Rather, internal describes the ‘character’ that the attacker is playing. By playing an internal IT Manager or HR Director, an attacker can quickly gain your trust and encourage dangerous behavior. A common Internal email is a request to reset a password from the IT manager. Two Best Practices to Identify
  • 10. The Government Threat 1. Raise employee awareness of the information security policy. Employees should be aware that no one in the company will ever ask for their password. The IT department will never require a password to resolve a support ticket. 2. Call the sender to confirm the email and its intent. It’s likely that the company has an extension for each employee so you can quickly contact the sender to confirm that they sent a request for information. Government threats rely on fear rather than trust. Even if the victim is innocent, a call or email from the government increases a heart beat. Passing a police officer while driving down the highway at the speed limit still causes a break tap, two checks of the speedometer, and 3 checks in the rearview mirror - an email from the FBI or IRS will do the same. This can be extremely effective by phone as described in this article about a franchise employee sending thousands of dollars in gift cards to pay for illegal activity by the owner. It’s also effective by email. A common attack has the attacker impersonating the IRS and requesting swift action by the recipient. Two Best Practices to Identify Fear/Trust can be increases when this attack is used during tax season.
  • 11. Wire Transfer Fraud 1. Raise employee awareness of the information security policy. Employees and buyers should be aware that no one in the company will ever use a free email account. 2. Call the sender to confirm the email and wire transfer details. Creating a manual two factor authentication process will ensure the email was sent by a trusted person and the account information is correct. Note: Do not use the phone number provided in the email. Rather used a trusted phone number that’s already been used to connect with the sender. Wire Transfer Fraud is increasing in the home buying process. It’s the perfect storm in which home buyers are excited, there are multiple parties involved, deadlines, and large amounts of money being transferred. Attackers rely on trust, fear, and time constraints to successfully implement these attacks. The attacker can easily create a free email account similar to the title company or mortgage lenders name, and request that the buyer make a wire transfer to a new account immediately, or risk a delay in closing. Two Best Practices to Identify Sender: MortageLender@yahoo.com Receiver: Home Buyer Message: Hello please the escrow just emailed me that you need to send the funds via wire, They dont want to accept check due to a check check issues they just had, You will need to go to your bank to send the wire tomorrow so they can receive the funds before the closing, Please get back to me now so i can send you the wire information.
  • 12. Simulate Phishing Attacks on Employees 14 Day Free Trial
  • 13. The Spear Phishing Attack 1. Raise cybersecurity awareness with the leadership team. Training the leadership team to be aware of the increased risk and sophistication in attacks targeting their position will help them to identify these phishing emails. 2. Call the sender to confirm the email and wire transfer details. Creating a manual two factor authentication process will ensure the email was sent by a trusted person. Spear Phishing is another email that relies on trust. As opposed to a normal phishing email that is sent to many, the spear phishing email is targeted to a specific individual. Typically these attackers are looking to steal confidential information. One common spear phishing targets the CFO. Most CFO’s know that the CEO has a busy schedule, and may require funds to support their business travel. An hacker can take advantage of the CEO/CFO relationship by impersonating the CEO and requesting a wire transfer for a reasonable sum while he’s traveling out of the country. The CFO is likely to trust the request, and make the transfer. Two Best Practices to Identify Sender: CEO Receiver: CFO Message: Hi CFO. Are you busy? I’m out of the office and I need you to process a wire transfer for me today. Please send to XYZ. Thanks. Sent from my iphone
  • 14. The Spoofing Attack 1. If you are not expecting something, do not open attachments, click links or share information. 2. Call the sender to confirm the email and wire transfer details. Creating a manual two factor authentication process will ensure the email was sent by a trusted person. Spoofing is an attack in which the attacker impersonates a user or device for information or access to an account, network, etc.. Spoofing can be targeted - for example, wire fraud transfer attacks might use spoofing so that the buyer think malicious Two Best Practices to Identify wire fraud request email is actually coming from a trusted source. Spoofing attacks can be used for much wider destruction. For example, attackers targeted Gmail users with the goal of accessing the users entire email history. Their code would then spread itself to all of their contacts. The Gmail user would see a link to share a document. When they clicked the link it would take them to an actual Google page asking to give permission to the attackers fake app.
  • 15. What is Phishing? Social Engineering is an attack in which an attacker tricks a person into an action desired by the attacker. A well known type of social engineering attack is phishing. Phishing is most commonly associated with email, but can also be done through text messages and instant messages. During a phishing attack, the attacker uses one of these mediums to trick their victim into clicking on a malicious link, opening a malicious attachment, or providing sensitive information. Why Are Hackers Phishing? The goal of phishing varies from broad, shotgun attacks that widely distribute malware to targeted attacks that obtain specific information. Malicious links, attachments, and sites attempt to install malware that is meant to do some harm to you or your company. Malware often aims to collection personal information, interrupt computer operation, or gain access to a computer/network. Attackers may also be looking for very specific information/actions - for example they may perform an attack that dupes a new home buyer into wire transferring funds on the day of closing in which they know the parties involved and the date/time of closing.
  • 16. One of the biggest challenges of phishing emails, and social engineering in general, is that technology doesn’t provide a perfect fix. The common denominator in all of these attacks are people. Attackers play on trust and fear to manipulate people to take actions that put them at risk. The risk goes beyond the individual. Employee actions leave organizations vulnerable too.
  • 17. There’s a common saying that employees are the biggest threat to information security. However, employees can be taught how to recognize phishing emails to keep personal, company, and customer information safe.
  • 18. Employee Awareness Untrained employees may be one of the biggest threats to information security, while well trained employees are the best and last line of defense. Wuvavi Employee Cybersecurity provides an enterprise-grade awareness platform for small and medium sized businesses. Wuvavi makes simulating a phishing attack, training employees on best practices, and tracking completion for compliance requirements easy. Employee Cybersecurity Awareness Best Practices 1. Find a base level to assess results by running a simulated phishing attack. 2. Assign employees training to teach best practices and raise their awareness. 3. Schedule ongoing phishing simulations at least quarterly to keep cybersecurity front of mind. Wuvavi (www.wuvavi.com) is the leader in employee cybersecurity awareness for small and medium sized businesses. 14 Day Free Trial
  • 19. Make every employee an active participant in cybersecurity.