Security Awareness: Phishing - How Hackers Get Your Secrets

Course Overview
Hi, I'm Jason Helmick, an author here at Pluralsight, and welcome to my course, Phishing - How Hackers get your Secrets. Now, hackers, or cyber criminals, will try to convince you to provide information that will actually help them steal money from you, either personally or from your company. Common everyday communications, such as emails or websites or phone calls, could potentially be trying to lure you into exposing that information that you normally wouldn't give out. This might force you or drag you into clicking a link or opening up an attachment that has malware. So in this course you will learn how to protect your business and yourself with gaining knowledge of specific attacks known as phishing. You'll learn how to identify the attack, how to stop the attack, and stop from falling victim to that attack. You'll also learn how to be more proactive in avoiding it overall, and who needs to be notified if it's detected. So join me on this journey to start learning about cyber security and phishing attacks. Here at Pluralsight we love learning, and we hope that you do too.

Phishing Is About Stealing Money
Do me a favor, take out your wallet. No, seriously, take it out of your purse or out of your back pocket, open it up, and when you open up your wallet, take a look at those credit cards that you have. Even if your wallet is messy, you can find them. Take a look at the credit cards, your driver's license, your insurance cards, would you hand those to just anyone? Like a complete stranger, or even a criminal? Well, of course not. However, you may already have. See, criminals will try to convince you, try to lure you into giving them information so basically they can steal money from you, is that's what their goal is. And we're going to spend some time in this course looking at a very specific attack where they can do just that, called phishing. Here's what we're going to do in this course and in this module. So, first of all, in this module we're going to take a look at why is this so important, why should you care about this, and how can it affect not only you, but the business that you work for. Now, we're also going to take a look at some other names you may hear phishing by, and then what this course covers. So let's get started with why this is so important.

Attacks That Get Personal
As I mentioned in the introduction, cyber criminals are going to try to get information from you, and use that information to steal your money, and this is going to happen to both you and your business. The attack is pretty much going to work the same way. Now, I know you wouldn't intentionally give someone, anyone for that matter, corporate confidential information, or your private information, like your credit cards, but that's the scam here. They're very experienced at the human condition, and they will play upon your emotions, both your emotions of wanting to help people, maybe your emotions of fear, trying to stay out of trouble, even greed, they will play on those to lure you to giving you them those information to someone that you didn't think was out to harm you, and that's the idea with a phishing attack. So what we're going to take a look at in this module is overall, what is it that you're trying to protect? What does it mean when you give up your data to someone else? What are you giving up, and what can go wrong? And this applies to both you and your business. Also, the challenge that you and your business face in trying to protect your data and the fix, in general, that we can do against many attacks to try to fix this data. Then we'll start to dive into phishing. So let's get started with giving up your data.

Attacks at the Office
You may not have experienced a phishing attack, but you will, and don't take it personally. It wasn't probably directed directly at you, in fact, that's not how a phishing attack works. Think of it as going actually fishing with a rod and reel, and you put some bait onto the hook, and you cast it out into the water where there's thousands of fish. What you're hoping is to lure a couple of those fish, a small percentage, to bite onto that hook so that you can have dinner. That's what a phishing attack is. It's where a hacker is going to send out pretty much a generic message to a large group of people, hoping that the message gets someone to take action. The better the message, the more that it instills in someone the need to take action through the need of them being able to help someone, or out of fear, or out of greed, the better the lure. And that's what the game is to get you to take action, to give up information, therefore you end up losing money, so it's all bad all the way around. And here's what we're going to take a look at in this course. First of all, I'm going to remind you about the CIA security triad, and what we're trying to protect against phishing. I had first mentioned this, and for more details you can take a look at the first course in this series, Cyber security and Terminology. But I want to remind you about that CIA triad, what's important, but then we want to dive into what a phishing attack looks like. First of all, what do they want from you, and then, if you get an email, how can you start to gather that it's not a good email, it's a phishing email? There's also advanced attacks that we want to mention here, something called vishing, when it's done with rather than email, a phone or a text message, and also more advanced phishing techniques called spear phishing, and also we'll mention whaling. So let's get started with the CIA triad.

The Master Plan to Prevent Phishing Attacks
Your business faces the same type of phishing attacks that you do. In fact, when the business receives them, it's you at the business that's going to receive the phishing attack, either by email, by phone, by text, only it's going to be related to compromising the organization, and that's what we want to watch out for. So what we want to do is take a look at how the data in your business is affected by this, and give you some examples of some recent attacks against businesses, and how security is handled inside of your business.

How to Report a Phishing Attack
Not everyone takes the bait, as a matter of fact that's kind of the point to a phishing attack, is we know, a hacker knows that they're not all going to take the bait, but a small percentage will, and that's good enough. You're becoming part of the percentage that won't take the bait, because you're starting to recognize what a phishing email or an attack looks like. However, it may still happen. You may still open up an attachment. There are ways to help prevent this from becoming catastrophic, and that's what we want to take a look here is some of the preventative measures that you can have in place. First of all, at your business there are security teams, and they're going to be very proactive, and there's a lot to learn from them, so I want to mention some of the things that they're going to do, and then specifically, what are some phishing countermeasures that you can do, and just some overall general countermeasures to protect yourself from all sorts of attacks. So let's get started with security teams being the proactive parts at your organization.

How to Report Phishing Attacks
So what if you fall victim to a phishing attack, or maybe you're not victim to a phishing attack, maybe you noticed the phishing attack, and you didn't open it, you didn't open the attachment, you didn't click on the link, but there is somebody that you can notify that this attack is going on? And the answer is yes, both at the company level, and at personal level there are other actions you can take if you notice some sort of phishing attack. And so in this module, to wrap us up we're going to take a look at ways that you can report to the business if you've noticed a phishing attack, how you can report to companies if you had a personal attack, and worst-case scenario, if you need to you can also report it to the FBI. So let's get started on who to tell at the business.