Welcome to the Social Engineering module. It is always good advice to be wary of unexpected emails. If you were not anticipating a message or attachment, you should review the email very carefully. Most phishing emails are designed to send you to a bad website to steal your username and password or to visit a hacked website. However, attackers may also entice you to open an attachment. It is important to not open questionable attachments. Also, be on the lookout for common executable file attachments such as; .exe, .com, .jar, .msi, .bat, .scr and more. These attachments are known for being malicious and containing malware. Documents may also have malicious code embedded within them that take advantage of a weakness on your system such as unpatched software. These attachments may install ransomware or other malicious programs on your computer. Mistakes are bound to happen, and eventually, you may fall for one of these attacks. It is vital that you know your organizations' process for reporting this type of incident, as time is critical to stop the spread and further infection of machines. Spear phishing is a more sophisticated form of phishing. Previously, we discussed phishing that targets a wide audience. Spear phishing targets a more specific audience by pretending to be an entity that the victims know and trust. Company CEO, a common application the company uses, the company's official bank, etc. There is also an extreme version of spear phishing, commonly known as whaling, where an attacker will target a single high-profile target such as a CEO or CFO. Spear phishing can be an incredibly effective social engineering attack because cyber criminals will perform research on their victims to find out as much information as possible to create a false sense of trust. Although spear phishing emails will be more difficult to spot, you should apply the same checks as before and be aware of whether the tone of the message matches that of whom the attacker is impersonating. Is the message using information that could be easily obtained from social media? Is the message trying to get me to do something that is out of the norm or not routine? In a common spear phishing attack, the sender will act as a trusted entity, such as someone from the IT department or a financial institution and request for personal or financial information. They may expect a response back or include a malicious URL for you to click on. No matter who the sender claims to be, never send your personal information over an email, and be wary of those links because it could take you to a malicious forged website. To be safe, especially if it's asking for a password change or financial information, navigate to the website directly, open a new browser, and type in the website URL, then login to the website. Phishing emails with malicious links may take you to a forged login page. If you click a link in an email and gets sent to a login page, make sure you double-check a few things before you accidentally give away your credentials to an attacker. Look at the address bar and examine the http. The difference between http and https is that http transfers your data in the clear, while https submits your data encrypted. All browsers have a different way of indicating whether this site is using https, such as a lock in the toolbar or green text in the website address. It is important to know how your browser indicates that the webpage is protected by encryption. Any legitimate website asking for your credentials or financial information should be using https. No encryption means it is not secure. Look at the address bar, and if the website address does not match what you know, do not trust it. Attackers will typically make subtle changes to the address to make it look correct and legitimate. Also, if the website looks outdated or it doesn't follow the typical branding format, this most likely means that the website is fake and poorly created. If your browser notifies you that the page could be unsafe, do not continue and simply close the browser. Tailgating is another type of social engineering attack where an unauthorized person follow someone with proper access, most likely an employee, into a restricted area. Sometimes, attackers will be friendly with employees and make conversation with them to ease any suspicion. In common tailgating attacks, someone may impersonate a delivery driver to get in. They will wait until they see an employee, and ask them to let them into the building. To prevent this from happening to you, make sure you do not let anyone follow you into restricted areas. If you're unsure, ask to see their identification badge before letting them through. Let's have a quick review of what we learned in this presentation. Always double-check the sender's email address. If it does not match the friendly name, if you don't know who it is, or if it's a bunch of gibberish, don't trust it. Check for spelling and grammar mistakes. This is a common characteristic of a phishing email. Do not open attachments unless you're expecting one, know exactly what it is, and trust the sender. Do not click links before checking to see what the actual URL is. When in doubt, visit the legitimate website directly. Fake websites only take a couple of minutes to make. Be sure to double-check to make sure the website you are visiting is legitimate. Restricted access areas should only be accessed by those who have authorization. If someone is following you to get into a restricted area, question his or her actions and notify security, if you feel there is a threat. You have concluded this module.
