Is the act of using email fraudulently to try to get the recipient to reveal personal data?

April 2022

Inhaltsverzeichnis Show

Phishing attacks
An effective method of attack
No one is immune
Identifying malicious emails
Handling malicious emails
Interacting with a malicious email
What is the act of fraudulently using email to try to get the recipient to reveal personal data?
Is an attempt to trick a person into disclosing private information to someone who is not authorized to have it?
Is a form of malware in which malicious code is hidden inside a seemingly harmless program?
What is phishing quizlet?

Awareness series

ITSAP.00.100

April 2022 | Awareness series

Organizations and their networks are frequently targeted by threat actors who are looking to steal information. Threat actors are technology savvy, vulnerability conscious, and aggressively agile; a successful intrusion can quickly lead to data and privacy breaches. As an employee, you may have access to sensitive company information, and you should be wary of malicious emails, which threat actors use to infect devices and systems and access information. By learning about malicious emails and phishing attacks, you can help protect and secure your organization’s information.

Phishing attacks

Phishing is the act of sending communications that appear to be legitimate but are fraudulent. Phishing emails often contain malicious attachments or links to malicious websites. Threat actors carry out phishing attacks to trick you into disclosing sensitive information, such as credit card numbers, social insurance numbers, or banking credentials.

Phishing attacks can take the form of emails, texts, or phone calls, but this document focuses on malicious emails.

While some phishing emails may be generic, threat actors can also carefully craft emails that look more convincing or legitimate:

Spear-phishing email: A threat actor sends emails to specific targets, such as an individual, a group, or a company. A spear-phishing email is crafted using the recipient’s personal or professional characteristics and interests. Threat actors often use publicly available information from the individual’s social media accounts. Spear-phishing emails require more effort from threat actors, but recipients are more likely to respond to the email, open attachments, or click on links.
Whaling email: A threat actor sends emails to high profile individuals or senior executives at a company. Threat actors create targeted and convincing emails by using personal information about the individual or the company they work for. Threat actors may use publicly available information from the company’s website or social media accounts.

An effective method of attack

Phishing attacks are effective because threat actors can be highly skilled at creating emails that look legitimate. These emails contain company logos or trademark information. The subject lines are relevant, and the messages are pertinent.

Given our desire to trust (and the number of emails we receive daily), it can be easy to believe the content we read in these emails, click on embedded links, or open attachments. However, the attachments may contain malicious software, and the links may direct you to malicious websites. Even if an email comes from someone you know, you should always think twice before clicking links or opening attachments.

No one is immune

Although anyone can be the target of phishing and spear phishing emails, the following individuals are more commonly targeted:

Senior executives and their assistants
Help desk staff
System administrators
Users who have access to sensitive information
Users who have remote access
Users whose jobs involve interacting with members of the public

Beware of quishing—a phishing attack using malicious “quick response” (QR) codes in emails that re-directs you to phishing websites when the QR code is scanned. Check the website URL to make sure it is the intended site.

Identifying malicious emails

Malicious emails can be difficult to identify, but there are some steps you should take to determine whether emails are legitimate or fake:

Check that the sender’s email address has a valid username and domain name. A suspicious email address could be similar to the one below:
- “John Doe <johndoe.%>”.
Verify that you know the sender of an email and that its tone is consistent with the sender.
Look for grammatical errors or typos in the body of the message. Companies want to maintain a high degree of professionalism and generally do not send out emails that contain these types of errors.
Consider the tone of the email or what is being offered. If the email is threatening or sounds too good to be true, then it is probably a phishing email.
Pay attention to what is being requested. Most companies do not ask for sensitive or personal information in an email.

Handling malicious emails

Handle suspicious emails with care. When in doubt, avoid opening suspicious emails and contact the sender by another means (e.g. phone call) to confirm they contacted you.

Do not click on links, attachments or QR codes provided in emails. If you are being asked to log in to an account for an unsolicited reason, do not click the link. Do not open attached files and avoid scanning QR codes. Instead, visit the company’s website by manually entering the URL in your web browser or search for the website through a search engine.

Report suspicious emails. If you receive a suspicious email or suspect malicious activity on a work device or a work account, report the incident to your organization’s IT and security teams. Follow their instructions and avoid forwarding the email to coworkers. You can also report phishing emails to us (cyber.gc.ca) or the Canadian Anti-Fraud Centre.

If you receive an offensive, abusive, or potentially criminal message, inform your local police. Save the message as authorities may ask you to provide a copy to help with any subsequent investigations. Do not send the message to anyone else.

Interacting with a malicious email

If you accidently interact with a malicious email, remain calm and begin by taking the following actions:

Stop using your device.
Disable Wi-Fi or disconnect network cables so the device cannot communicate with the Internet.
Power off the device.
Contact your IT security department if you are using a corporate device. They can disable accounts and other device features.
Change your password, passphrase, or PIN using a different device.
Scan the device using anti-malware software if possible.
Restore network connections only when you believe you have a clean system.
Perform any available updates and security patches on your device.
Monitor your accounts regularly for suspicious activity.

What is the act of fraudulently using email to try to get the recipient to reveal personal data?

What is Phishing? Phishing refers to different types of online scams that 'phish' for your personal and financial information (e.g., your passwords, Social Security Number, bank account information, credit card numbers, or other personal information).

Is an attempt to trick a person into disclosing private information to someone who is not authorized to have it?

Vishing (short for voice phishing) occurs when a fraudster attempts to trick a victim into disclosing sensitive information or giving them access to the victim's computer over the telephone.

Is a form of malware in which malicious code is hidden inside a seemingly harmless program?

Trojan horses: programs in which malicious code is contained inside an seemingly harmless program. Worms: replicating programs that use a computer network to spread to other computers without attaching to an existing program.