Email Security Best Practices in the Face of Rising Cyber Threats
Amid a surge in virtual crimes, it's crucial to be vigilant with email security. Learn to identify red flags, avoid suspicious attachments, and recognize phishing attempts to protect yourself from cyber risks.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
During the last 12-18 months we have witnessed a massive increase in virtual crimes. Hackers and cyber scammers are taking advantage of the (COVID-19) pandemic by sending fraudulent email messages that attempt to trick you into clicking on links, opening attachments, or making purchases. If you click on the attachment or embedded link, you re likely to download malicious software onto your device. The malicious software malware, for short could allow cybercriminals to take control of your computer, log your keystrokes, or access your personal information and financial data, which could lead to identity theft. Users must be extremely diligent when handling all e-mails
Best Practices ALWAYScheck the email From field to validate the sender. This From address may be spoofed. DO NOT open any email attachments that end with: .exe, .scr, .bat, .com, or other executable files you do not recognize. ALWAYS check for so-called double-extended scam attachments. A text file named safe.txt is safe, but a file called safe.txt.exe is not. DO NOT unsubscribe - it is easier to delete the e-mail than to deal with the security risks. DO NOT ever click embedded links in messages without hovering your mouse over them first to check the URL. ALWAYS report all suspicious emails to your Information Technology help desk. ALWAYS note that www.microsoft.com and www.support.microsoft.software.com are two different domains. (and only the first is real) DO NOT respond or reply to spam in any way. Use the delete button.
FROM FROM I don t recognize the sender s email address as someone I ordinarily communicate with. This email is from someone outside my organization and it s not related to my job responsibilities. This email was sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character. Is the sender s email address from a suspicious domain (like micorsoft-support.com)? I don t know the sender personally and they were not vouched for by someone I trust. I don t have a business relationship nor any past communications with the sender. This is an unexpected or unusual email with an embedded hyperlink or an attachment from someone I haven t communicated with recently.
TO TO I was cc d on an email sent to one or more people, but I don t personally know the other people it was sent to. I received an email that was also sent to an unusual mix of people. For instance, it might be sent to a random group of people at my organization whose last names start with the same letter, or a whole list of unrelated addresses.
DATE DATE Did I receive an email that I normally would get during regular business hours, but it was sent at an unusual time like 3 a.m.?
SUBJECT SUBJECT Did I get an email with a subject line that is irrelevant or does not match the message content? Is the email message a reply to something I never sent or requested?
CONTENT CONTENT Is the sender asking me to click on a link or open an attachment to avoid a negative consequence or to gain something of value? Is the email out of the ordinary, or does it have bad grammar or spelling errors? Is the sender asking me to click a link or open up an attachment that seems odd or illogical? Do I have an uncomfortable gut feeling about the sender s request to open an attachment or click a link? Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know?
HYPERLINKS HYPERLINKS I hover my mouse over a hyperlink that s displayed in the email message, but the link-to address is for a different website. (This is a big red flag.) I received an email that only has long hyperlinks with no further information, and the rest of the email is completely blank. I received an email with a hyperlink that is a misspelling of a known web site. For instance, www.bankofarnerica.com the m is really two characters r and n.
ATTACHMENTS ATTACHMENTS The sender included an email attachment that I was not expecting or that makes no sense in relation to the email message. (This sender doesn t ordinarily send me this type of attachment.) I see an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .txt file.
55th Anniversary and Free Pizza 8% New voice message at 1:23AM 9% "You appeared in new searches this week!" "People are looking at your LinkedIn profile" "Please add me to your LinkedIn Network" Login alert for Chrome on Motorola Moto X 10% "LinkedIn Password Reset" 42% Someone has sent you a Direct Message on Twitter 10% Top Social Media Top Social Media Email Subjects Email Subjects "Your Friend Tagged a photo of you" "Your Friend Tagged you in photos on Facebook" 21%
Key Takeaway LinkedIn messages continue to dominate the top social media email subjects, with several variations of messages such as "people are looking at your profile" or "add me." Other alerts containing security-related warnings come unexpectedly and can cause feelings of alarm. Messages such as a friend tagged you in a photo or mentioned you can make someone feel special and entice them to click. And everyone loves free pizza!
Top 10 General Email Subjects Password Check Required Immediately 20% Vacation Policy Update 12% Branch/Corporate Reopening Schedule 11% COVID-19 Awareness 10% Coronavirus Stimulus Checks 10% List of Rescheduled Meetings Due to COVID-19 10% Confidential Information on COVID-19 8% COVID-19 Now airborne, Increased community transmission 7% FedEx Tracking 6% Your meeting attendees are waiting! 6%
Key Takeaway Hackers are playing into employees' desires to remain security minded. Unsurprisingly, half of the top subjects for this quarter were around the Coronavirus pandemic. Curiosity is also piqued with security-related notifications and HR-related messages that could potentially affect their daily work.
Common In The Wild Attacks Microsoft: Abnormal log in activity on Microsoft account Chase: Stimulus Funds HR: Company Policy Notification: COVID-19 - Test & Trace Guidelines Zoom: Restriction Notice Alert Jira: [JIRA] A task was assigned to you HR: Vacation Policy Update Ring: Karen has shared a Ring Video with you Workplace: [[company_name]] invited you to use Workplace IT: ATTENTION: Security Violation Earn money working from home
Key Takeaway Here again we see subjects related to the Coronavirus and working from home. Cybercriminals are preying on heightened stress, distraction, urgency, curiosity, and fear in users. These types of attacks are effective because they cause a person to react before thinking logically about the legitimacy of the email.
It is okay to click Unsubscribe in an email from a company / person. A. True B. False
It is okay to click Unsubscribe in an email from a company / person. A. True B. False It is easier to delete the e-mail than to deal with the security risks.
An easy way to identify if a hyperlink contained in an email is legitimate is by: A. Right clicking it B. Copying and pasting it into your browser C. Hovering over it D. Using your cell phone browser to check
An easy way to identify if a link contained in an email is legitimate is by: A. Right clicking it B. Copying and pasting it into your browser C. Hovering over it D. Using your cell phone browser to check You should not ever click embedded links in messages without hovering your mouse over them first to check the URL.
Select all that apply: A. You should never click on a link in an email associated with LinkedIn or Facebook B. Email subjects like Abnormal log in activity on Microsoft account can be harmful C. .txt is a file type that is always safe to click on D. If an email request from my boss seems out of the ordinary, it likely is
Select all that apply: A. You should never click on a link in an email associated with LinkedIn B. Email subjects like Abnormal log in activity on Microsoft account can be harmful C. .txt is a file type that is always safe to click on D. If an email request from my boss seems out of the ordinary, it likely is These are all correct!
If I know an email is suspicious, all I need to do is delete it. A. True B. False
If I know an email is suspicious, all I need to do is delete it. A. True B. False You should report all suspicious emails to your Information Technology help desk.
www.microsoft.com and www.support.microsoft.software.com are two different domains. A. True B. False
www.microsoft.com and www.support.microsoft.software.com are two different domains. A. True B. False Only the first is real.
I need to be cautious about any emails concerning the (COVID-19) pandemic. A. True B. False
I need to be cautious about any emails concerning the (COVID-19) pandemic. A. True B. False Hackers have developed ways to appear inconspicuous by using commonly referenced topics / subject lines such as: Zoom: Restriction Notice Alert, HR: Company Policy Notification: COVID-19 Test & Trace Guidelines, Ring: Karen has shared a Ring Video with you. Do not be fooled by these tactics.
If my boss / coworker is asking me to purchase something for them I should check in with them first via phone. A. True B. False
If my boss / coworker is asking me to purchase something for them I should check in with them first via phone. A. True B. False If you receive an email that was sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character it likely is. Always follow up with the sender directly before acting on a request.