If you work in any sort of business environment or deal with personal transactions through the Internet then you need to be aware of phishing and whaling attacks. In this course, Cyber Security Awareness: Phishing and Whaling, you will learn how to protect yourself. First, you'll learn about what exactly phishing is before moving on to the various methods of attacks and how to reduce your risk. Next, you'll learn about whaling attacks and what to watch for. Finally, you'll learn about last measures and how to be successful against all attacks.
Introduction My name is Todd Edmands with Mentor Source, and this is part of our Cyber Security Awareness series. I'm a computer security expert who has worked in the information technology business sector for more than 20 years. I have a master's degree in systems engineering and information assurance from Regis University, and I am an affiliate faculty member of this institution. To best understand the topic of phishing, it is assumed students are familiar with the use of email for business communications. Today we will be exploring how hackers use phishing attacks for fun and profit. It is common for companies to spend millions of dollars per year to prevent and mitigate the damage caused by phishing attacks. We will investigate what a phishing attack is, along with the motives of the attackers. There are a variety of categories phishing attacks fall into that we will investigate. Next, we will review examples of what these types of phishing messages will look like and how we might identify the messages as a phishing attempt. Once we understand these attacks, we will review technologies and procedures that are used to reduce and stop these attacks. Now let's get started.
Solutions to Reduce Phishing There are many solutions and procedures we can use to help us defend against phishing attacks. Most successful phishing attacks are the result of problems on the endpoint, not just people revealing information. One study notes, 62% of people in a phishing test were using outdated browsers, and 68% were using an out of date operating system. Vulnerabilities in the browsers and operating systems provide a path for hackers to gain access into a network. Keep your browsers and operating systems patched to the latest release. Many browsers also have an anti-phishing capability that can be enabled, and will warn you about suspicious websites and malware if it is enabled. Employee training is often the best solution to defend against phishing, and we want employees trained on what elements to look for that identify a message as suspicious. We need to remember to use our common sense when responding to email messages. It is good to remember to use out of band communications and contact an organization directly to verify an issue exists. If you receive email that you are concerned about, phone the company directly, rather than responding electronically via an email message. If you are redirected to an external website, be suspicious, and be sure the site looks professional and the domain of the site looks correct.