Benefitspyramid Placement Agency5555 Fifth It Sec
You arrive at work, open your email, and see this:
Employment Opportunity!!!
This Job is currently recruiting. A Job that will not affect your presents employment or studies, fun and rewarding. You get to make up to $300 weekly, I tried it and i made cool cash, If You are interest you can visit their website at http://getacoolJobreallyfast.work to apply and read more about the job.
Best Regards,
Human Resources and Benefits
Pyramid Placement Agency
5555 Fifth St.
Anytown, US 11111
HR&benefits@PPA.gob
There are many things in this example that let you know this is not a real opportunity for employment, but more likely an opportunity for someone to gain access to your computer and your company’s private information. However, real-world attempts are not always this obvious and can take many forms. Social engineering, phishing, malware, spoofing, hacking, and card skimming are all risks to our personal and business information.
In your discussion post, consider the scenario presented here, or a real-world example of phishing, as you respond to the following:
- Describe indicators you can use to identify a phishing email.
- Explain the importance of employee knowledge concerning phishing attempts.
- Provide several recommendations for information security practices that could be implemented to limit the risks and impact of phishing emails.
When responding to your peers, provide an additional suggestion for an information security practice they did not identify, and explain how your suggested practice would deter or reduce the impact of phishing within the company.
2 PEER POSTS FOR RESPONSE:
#1:
When looking at emails ( which is something I do on an everyday basis), I always always always do my best to make sure they are secure & correctly classified. I never fully open an email unless I know it’s secure. In regards to this scenario… a few things that raised an eyebrow when reading this was the fact that they actually posted the amount of money you would earn in the email. Most if not all tend to disclose that information & make you contact them first. This email gave quite a few details about the job opportunity without hesitation. Like I said before, in most cases, you won’t get all that information at once. Secondly, the email didn’t address anyone specifically. which is odd. One of the next things I would’ve done is check out the address they put at the bottom… to see if it is even a real address.
The importance of employee knowledge concerning phishing attempts its the simple fact that it is not only you that these attacks would bring harm to. As an employee, you are apart of a team or group where those people could be affected as well as the company itself. Always be aware of what you are clicking on. If you are on a work computer… you should only be doing “work” anyways. Be aware of false advertisements used to get your attention, or things that may seem odd or fishy when sent to you.
#2
Working in the Helpdesk we, unfortunately, deal with this kind of phishing email all the time. This particular email has a few red flags that should alert the user that this is not a legitimate email. First is the hyperlink in the email that ends in .work. Seeing a weird link (http://getacoolJobreallyfast.work) should raise some suspicion that this is not a legitimate email. Next is the mailing address that is given in the email. An address that says Anytown as the city and zip code of 11111 should also raise suspicion. And finally, the email address that is given (HR&benefits@PPA.gob). The .gob email address is definitely not a legitimate email address. All 3 of these should be an indicator that it’s not a legitimate email.
I have always said that no matter how much you invest in technology for security, the most vulnerable part of your network is always going to be the users. If uneducated they will fall for these types of emails and will compromise your network security. Luckily this particular email is pretty easy to spot but there are so many phishing emails out there that are harder to detect.
One way to help prevent users for falling fo these phishing emails is to educate them. In my current company, we have annual IT security training that is required for everyone to take and pass the security test afterward. I think an annual IT training class and IT testing will help educate the users to recognize these types of emails and to help the users know what to do when they receive one. We also hire an external company to do a penetration test on our network and users. They simulate a cyber attack against our company to test how well our users re-act to these simulations. They also test our network for holes and points out any areas we need to improve on or change certain security processes. I think these are all necessary to help keep your users and your network safe from the growing number of bad guys on the web.