Module # Welcome!

Module # Welcome!

What is CyberSecurity Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. Network Security Software Security Information Security This Photo by Unknown Author is licensed under CC BY-SA-NC

Top Ten Password 123456 123456789 Qwerty Password 12345 Qwerty123 1q2w3e 12345678 111111 1234567890 This Photo by Unknown Author is licensed under CC BY-SA-NC

Password Safety Activity: How Safe is Your Password? This Photo by Unknown Author is licensed under CC BY-NC-ND https://www.security.org/how-secure-is-my-password/

Password Security Checklist Never use personal information Include a combination of letters, numbers, and symbols Prioritize password length Never repeat passwords Avoid using real words

Impact of Stolen Passwords Individuals: 4 out of 10 people have had their data compromised online. Over 240,000 phishing scam complaints reported to the FBI in 2020. 80% of data breaches involving hacking passwords. 63% of consumers fear their identity will be stolen. Businesses: On average, it takes 280 days to identify and contain a data breach. 59% of U.S. consumers are likely to avoid businesses that have been a cyberattack victim within the past year. 57% of all companies have experienced a mobile phishing incident. 68% of business leaders feel their risk of a cyberattack is increasing.

Social Engineering Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables.

Baiting Baiting is a form of social engineering where an attacker actively or passively takes advantage of a person's greed or curiosity by promising some sort of incentive. This Photo by Unknown Author is licensed under CC BY-SA

Tailgating and Shoulder Surfing Tailgating, when it comes to social engineering, is when a person gains unauthorized access to an area that requires authorization by using deceptive tactics. Shoulder surfing occurs when a person attempts to gather confidential information by simply looking over your shoulder.

Social Engineering Quiz What is the best way to avoid shoulder surfing? 1. Using encryption when you send emails 2. Requiring identification before allowing access into a secure area 3. Maintaining awareness of your surroundings 4. Ensuring you know all the employees in your building

Social Engineering Quiz What is the best way to avoid shoulder surfing? 1. Using encryption when you send emails 2. Requiring identification before allowing access into a secure area 3. Maintaining awareness of your surroundings 4. Ensuring you know all the employees in your building

Social Engineering Quiz: Baiting 1. Raza receives an email from someone claiming to be her mother's neighbor, asking her to help financially with a medical emergency. 2. Juan receives several phone messages from a credit card company, asking him to provide his username and password because of a security issue. 3. Jean receives an offer for a special price on a TV, but when she tries to order it she is told that only a more expensive one is available. 4. Moe clicks on an advertisement to play an online game for free, but when he opens the game he finds that it is malware.

Social Engineering Quiz: Baiting 1. Raza receives an email from someone claiming to be her mother's neighbor, asking her to help financially with a medical emergency. 2. Juan receives several phone messages from a credit card company, asking him to provide his username and password because of a security issue. 3. Jean receives an offer for a special price on a TV, but when she tries to order it she is told that only a more expensive one is available. 4. Moe clicks on an advertisement to play an online game for free, but when he opens the game he finds that it is malware.

Phishing, Smishing, and Vishing Phishing Vishing Smishing From: Someone purporting to be from a reputable company Purpose: Get you to reveal personal information (passwords, credit card numbers, bank details, etc.

Social Media Phishing/Catfishing/Catphishing Term Phishing How It Looks An attack through social media Purpose To steal personal data or gain control of your social media account Catfishing Catphishing Person creates a fictional online persona to lure someone into a relationship—usually a romantic one Person creates a fictional online persona to lure someone into a relationship—usually a romantic one To get money, gifts, or attention. Gaining rapport to access information and/or resources that the unknowing target has rights to.

Spear Phishing Spear phishing is a phishing method that targets specific individuals or groups within an organization. It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss. This Photo by Unknown Author is licensed under CC BY-NC-ND

Spear Phishing Example

Whaling Attack or CEO Fraud How it looks: cybercriminal masquerades as a senior player at an organization Targets: senior or other important individuals at an organization, to trick a target into performing specific actions, such as revealing sensitive data or transferring money. Purpose: stealing money or sensitive information or gaining access to their computer systems for criminal purposes.

Phishing Attack Example 1

Phishing Attack Quiz You see a phishing attack occur against a high-level employee in your company. What category of phishing attack is this? 1. A smishing attack 2. A spear-phishing attack 3. A whaling attack

Phishing Attack Quiz You see a phishing attack occur against a high-level employee in your company. What category of phishing attack is this? 1. A smishing attack 2. A spear-phishing attack 3. A whaling attack

Social Engineering Quiz How does vishing differ from other phishing attacks? 1. 2. 3. 4. It involves repeated attacks. It involves software updates. It occurs over the telephone. It occurs by emails.

Social Engineering Quiz How does vishing differ from other phishing attacks? 1. 2. 3. 4. It involves repeated attacks. It involves software updates. It occurs over the telephone. It occurs by emails.

Social Engineering Quiz Who are targets of whaling attacks? 1. 2. 3. 4. Upper executives or those with sensitive information Human resources personnel Administrative assistants All employees

Social Engineering Quiz Who are targets of whaling attacks? 1. 2. 3. 4. Upper executives or those with sensitive information Human resources personnel Administrative assistants All employees* *Typically, these target upper executives or those with sensitive information, though “all employees” could be true, especially in a small organization.

Phishing Attack Quiz Which type of phishing attack comes via SMS (text message)? 1. 2. 3. Smishing Vishing Evil twin

Phishing Attack Quiz Which type of phishing attack comes via SMS (text message)? 1. 2. 3. Smishing Vishing Evil twin

Phishing Attack Quiz What type of call is almost always a vishing attack? 1. 2. 3. A call from someone stating they are with a government agency Any call made from a phone number that an individual does not recognize A robocall made to someone's personal cell phone number

Phishing Attack Quiz What type of call is almost always a vishing attack? 1. 2. 3. A call from someone stating they are with a government agency Any call made from a phone number that an individual does not recognize A robocall made to someone's personal cell phone number

Phishing Attack Quiz Many people have detailed profiles of themselves and their family members on social media sites. How are they vulnerable to phishing attacks? 1. Many people use family members' names as the answers to security questions on websites, such as their banks. 2. The information on profiles can lead phishing attackers to the individuals' bank accounts and credit card information. 3. The more contacts individuals have, the more likely the technologically sophisticated phishing attackers will target them.

Phishing Attack Quiz Many people have detailed profiles of themselves and their family members on social media sites. How are they vulnerable to phishing attacks? 1. Many people use family members' names as the answers to security questions on websites, such as their banks. 2. The information on profiles can lead phishing attackers to the individuals' bank accounts and credit card information. 3. The more contacts individuals have, the more likely the technologically sophisticated phishing attackers will target them.

Acknowledgement This material was developed by members of the National Digital Education Extension Team in support of the 4-H Tech Changemaker Project. Author: Terrence Wolfork, Fort Valley State University http://www.srdc.msstate.edu/ecommerce/index.html

Resources Texas A&M - https://keeptraditionsecure.tamu.edu. PBS - https://www.pbs.org/wgbh/nova/labs/lab/cyber/ Techboomers - https://techboomers.com/t/phishing-scams FTC https://consumer.ftc.gov/articles/how-recognize-and-avoid-phi shing-scams Scamwatch https://www.scamwatch.gov.au/types-of-scams/attempts-to-g ain-your-personal-information/phishing

Resources Microsoft https://support.microsoft.com/en-us/windows/protect-yourse lf-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44 Google - https://support.google.com/mail/answer/8253?hl en .

Resources Palo Alto https://start.paloaltonetworks.com/cyber-aces-program-lesso ns.html?sfdcCampaignID &languageCode com>m &acc gr anted https://cyber.org/ https://www.aauw.org/resources/programs/stempacks/ TechBoomers - https://techboomers.com/ Center for Development of Security Excellence https://www.cdse.edu/