INTRODUCTION – Phishing Scams
Phishing Scams All-Encompassing Module. Here you can go really in-depth into the workings, approaches, and impact of phishing scams. And also, as part of the curriculum, investigate a fascinating case study of a phishing attack against two global companies. There are findings on real-world scenarios and how catastrophic results can become due to such incidences. You will augment your awareness and knowledge as we guide you through this journey of information.
Learning Outcomes :
- Measure what could have prevented the Facebook and Google phishing breach.
- Describe how cost and impact of the Facebook and Google phishing breach;
- Identify vulnerabilities exploited in the Facebook and Google phishing breach;
- Sum the timeline of Facebook and Google phishing breach; Identity common types of identity theft;
- Describe the impact of phishing on both individuals and corporations; Identify signs typical of phishing emails;.
- Describe different types of phishing scams; Explain how phishing scams work.
INTRODUCTION TO PHISHING SCAMS KNOWLEDGE CHECK
1. Some of the earliest known phishing attacks were carried out against which company?
- Yahoo
- America Online (AOL) (CORRECT)
2. You have banked at “MyBank” for many years when you receive an urgent email telling you to log in to verify your security credentials or your account would be frozen. You are not wealthy but what little you have managed to save is in this bank. The email is addressed to “Dear Customer” and upon closer inspection you see it was sent from “security@mybank.yahoo.com”. What kind of attack are you under?
- As a phishing attack. (CORRECT)
- No attack, this is a legitimate note from the security department of your bank.
- A spear phishing attack.
- A whale attack.
3. True or False. HTTPS assures passwords and other data that is sent across the Internet is encrypted. Links in email that use HTTPS will protect you against phishing attacks.
- True
- False (CORRECT)
4. Which feature of this email is a red flag, indicating that it may be a phishing attack and not a legitimate account warning from PayPal?
- Suspicious sender’s address. (CORRECT)
- Suspicious attachments.
- There is a hyperlink in the body of the email.
- Poor quality layout.
5. Which three (3) of these statistics about phishing attacks are real? (Select 3)
- The average cost of a data breach is $3.86 million. (CORRECT)
- 15% of people successfully phished will be targeted at least one more time within a year. (CORRECT)
- 12% of businesses reported being the victim of a phishing attack in 2018.
- Phishing accounts for 90% of data breaches. (CORRECT)
Partially correct!
6. Which range best represents the number of unique phishing web sites reported to the Anti-Phishing Working Group (apwg.org) in Q4 2019?
- Between 100 and 200.
- Between 1500 and 1800.
- Between 130,000 and 140,000. (CORRECT)
- Between 1.3 million and 1.4 million.
PHISHING CASE STUDY KNOWLEDGE CHECK
1. Which three (3) techniques are commonly used in a phishing attack? (Select 3)
- Breaking in to an office at night and installing a key logging device on the victim’s computer.
- Make an urgent request to cause the recipient to take quick action before thinking carefully. (CORRECT)
- Send an email from an address that very closely resembles a legitimate address. (CORRECT)
- Sending an email with a fake invoice that is overdue. (CORRECT)
Partially correct!
2. You are working as an engineer on the design of a new product your company hopes will be a big seller when you receive an email from someone you do not personally know. The email is addressed to you and was sent by someone who identifies herself as the VP of your Product division. She wants you to send her a zip file of your design documents so she can review them. While her name is that of the real VP, she explains that she is using her personal email system since her company account is having problems. You suspect fraud. What kind of attack are you likely under?
- A man in the middle attack.
- A phishing attack.
- A spear phishing attack. (CORRECT)
- A whale attack.
3. Phishing attacks are often sent from spoofed domains that look just like popular real domains. Which brand has been spoofed the most in phishing attacks?
- Microsoft
- Google (CORRECT)
- IBM
- Apple
4. Which feature of this email is a red flag, indicating that it may be a phishing attack and not a legitimate account warning from PayPal?
- Suspicious attachments
- There is a hyperlink in the body of the email
- Poor quality layout
- There are spelling errors. (CORRECT)
5. Which three (3) of these statistics about phishing attacks are real? (Select 3)
- 94% of phishing messages are opened by their targeted users.
- BEC (Business Email Compromise) scams accounted for over $12 billion in losses according the US FBI. (CORRECT)
- 76% of businesses reported being a victim of phishing attacks in 2018. (CORRECT)
- Phishing attempts grew 65% between 2017 and 2018. (CORRECT)
Partially correct!
6. Which is the most common type of identity theft?
- Credit card fraud (CORRECT)
- Phone or utility fraud
- Loan or lease fraud
- Government documents or benefits fraud
CONCLUSION – Phishing Scams
In the end, this Module has taken really deep insights into phishing scams, which are now very much open to you for understanding how to identify them, how to stay fraud free and how to mitigate their impacts. Besides, a deep case study on phishing attack of two corporate clients; that helps you know what it takes for the cybercriminals to invade organizations, and what damage it might do to them.
With that going, you are now more equipped to save yourself and your organization from the grip of phishing attacks, which could occur at any time. So, be watchful, keeping yourself informed of developments, and putting all best tricks into practice to save your digital assets and personal information.