April 2022 Show
Awareness series ITSAP.00.100 April 2022 | Awareness series Organizations and their networks are frequently targeted by threat actors who are looking to steal information. Threat actors are technology savvy, vulnerability conscious, and aggressively agile; a successful intrusion can quickly lead to data and privacy breaches. As an employee, you may have access to sensitive company information, and you should be wary of malicious emails, which threat actors use to infect devices and systems and access information. By learning about malicious emails and phishing attacks, you can help protect and secure your organization’s information. Phishing is the act of sending communications that appear to be legitimate but are fraudulent. Phishing emails often contain malicious attachments or links to
malicious websites. Threat actors carry out phishing attacks to trick you into disclosing sensitive information, such as credit card numbers, social insurance numbers, or banking credentials. Phishing attacks can take the form of emails, texts, or phone calls, but this document focuses on malicious emails. While some phishing emails may be generic, threat actors can also carefully craft emails that look more convincing or legitimate:
An effective method of attackPhishing attacks are effective because threat actors can be highly skilled at creating emails that look legitimate. These emails contain company logos or trademark information. The subject lines are relevant, and the messages are pertinent. Given our desire to trust (and the number of emails we receive daily), it can be easy to believe the content we read in these emails, click on embedded links, or open attachments. However, the attachments may contain malicious software, and the links may direct you to malicious websites. Even if an email comes from someone you know, you should always think twice before clicking links or opening attachments. No one is immuneAlthough anyone can be the target of phishing and spear phishing emails, the following individuals are more commonly targeted:
Beware of quishing—a phishing attack using malicious “quick response” (QR) codes in emails that re-directs you to phishing websites when the QR code is scanned. Check the website URL to make sure it is the intended site. Identifying malicious emailsMalicious emails can be difficult to identify, but there are some steps you should take to determine whether emails are legitimate or fake:
Handling malicious emailsHandle suspicious emails with care. When in doubt, avoid opening suspicious emails and contact the sender by another means (e.g. phone call) to confirm they contacted you. Do not click on links, attachments or QR codes provided in emails. If you are being asked to log in to an account for an unsolicited reason, do not click the link. Do not open attached files and avoid scanning QR codes. Instead, visit the company’s website by manually entering the URL in your web browser or search for the website through a search engine. Report suspicious emails. If you receive a suspicious email or suspect malicious activity on a work device or a work account, report the incident to your organization’s IT and security teams. Follow their instructions and avoid forwarding the email to coworkers. You can also report phishing emails to us (cyber.gc.ca) or the Canadian Anti-Fraud Centre. If you receive an offensive, abusive, or potentially criminal message, inform your local police. Save the message as authorities may ask you to provide a copy to help with any subsequent investigations. Do not send the message to anyone else. Interacting with a malicious emailIf you accidently interact with a malicious email, remain calm and begin by taking the following actions:
What is the act of fraudulently using email to try to get the recipient to reveal personal data?What is Phishing? Phishing refers to different types of online scams that 'phish' for your personal and financial information (e.g., your passwords, Social Security Number, bank account information, credit card numbers, or other personal information).
Is an attempt to trick a person into disclosing private information to someone who is not authorized to have it?Vishing (short for voice phishing) occurs when a fraudster attempts to trick a victim into disclosing sensitive information or giving them access to the victim's computer over the telephone.
Is a form of malware in which malicious code is hidden inside a seemingly harmless program?Trojan horses: programs in which malicious code is contained inside an seemingly harmless program. Worms: replicating programs that use a computer network to spread to other computers without attaching to an existing program.
What is phishing quizlet?phishing. a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent e-mail.
|