PowerPoint Presentation

Published on
Scene 1 (0s)

[Audio] Hello dear colleagues! In the next few minutes, we will present to you some useful information about Phishing and how we can protect both ourselves and Printec. This video is part of Printec's Security Training and awareness program.

How much do we know about “phishing”?

Phishing Awareness Course

Scene 2 (16s)

[Audio] Specifically, we will learn which is the exact challenge that we are facing, what a phishing attack looks like and how it works. Then, we will present real-life examples, as well as useful tips for avoiding phishing scams.

Overview

The challenge

1.

2.

3.

4.

5.

What is a phishing attack?

How it works

Examples of phishing email

Tips for avoiding phishing

3

4

5

6

7

Scene 3 (46s)

[Audio] We, as Printec's employees, are an important link in Printec's cyber security! We are frequently exposed to sophisticated phishing attacks It is estimated that approximately 90% of successful data breaches started with a targeted phishing attack We all need to remain aware of the latest issues and threats on cybersecurity

3

We, as employees, are an important link in Printec’s cyber security . We are frequently exposed to sophisticated phishing attacks. It is estimated that more than 90% of successful data breaches started with a targeted phishing attack. We all need to remain aware of the latest issues and threats on cybersecurity.

The challenge

Icon Description automatically generated

Scene 4 (1m 31s)

[Audio] But what exactly is phishing? Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

What is a phishing attack?

Personal Data

Phishing is a type of social engineering attack often used to steal user data , including login credentials and credit card numbers . It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link , which can lead to the installation of malware , the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

4

Scene 5 (2m 36s)

[Audio] And how can we be tricked? Typically, a victim receives a message that appears to have been sent by a known contact or organization. The attack is then carried out either through a malicious file attachment, or through links connecting to malicious websites. In either case, the objective is to install malware on the user's device or direct the victim to a fake website. Fake websites are set up to trick victims into divulging personal and financial information, such as passwords, account IDs or credit card details.

How it works

Typically, a victim receives a message that appears to have been sent by a known contact or organization. The attack is then carried out either through a malicious file attachment, or through links connecting to malicious websites. In either case, the objective is to install malware on the user's device or direct the victim to a fake website. Fake websites are set up to trick victims into divulging personal and financial information, such as passwords, account IDs or credit card details.

5

Icon Description automatically generated

Icon Description automatically generated

Icon Description automatically generated

Scene 6 (3m 36s)

[Audio] Let's observe an example of a phishing email. Feel free to pause the video to read it. We should be aware of the following indications: Suspicious e-mail address. The email is coming from an external source, outside Printec. There is a sense of urgency. General recipients. Poor use of language. Request for credentials and hidden misleading link. Suspicious signature.

Suspicious e-mail address. The email is coming from an external source! 1

Sense of urgency 2

General recipients 3

Request for credentials and hidden misleading link 5

Poor use of language 4

Suspicious signature 6

6

E xample 1 of phishing email

From: IT@printecgroop.gr To: you@printecgroup.com Subject: Urgent – Internet downtime Date: 31/08/20 Dear all, There will be proposed internet downtime next week due to a network upgrade. The downtime is expecting to happen overnight; however, there is a good chance that this will carry over to the following morning. Login now for more information on dates and arrangements made around this issue. Regards, Printec IT Departament **External Message** - Please be cautious before opening links or attachments

1

2

3

4

5

6

Scene 7 (4m 34s)

[Audio] This picture depicts another example of a phishing email. But what makes this a phishing email? Firstly, if we look closely at the sender's address we can confirm that it does not look genuine. Did you notice the "m" was spelled " rn"? Note that legit companies have domain emails. Also, the email looks like it's from Microsoft, a company you know and trust, and it even uses Microsoft's logo. The email demands urgent action. Emails from legit companies usually call you by your name. Legit companies don't promote password expiration policies. Lastly, when your password has expired there is no option to keep your old one.

E xample 2 of phishing email

7

The email address does not look genuine. Did you notice the “m” was spelled “ rn ”? Legit companies have domain emails. 1

The email looks like it’s from Microsoft , a company you know and trust. It even uses Microsoft’s logo. 2

Demands urgent action . 3

Legit companies usually call you by your name . 4

Usually, when your password has expired you can not keep your old one. 6

Legit companies don’t promote password expiration policies. 5

Microsoft Password Expiration Reminder Hello printec.user Your password expired on 07/13/2021 . Please change your password. Email : printec.user@printecgroup.com If you wish to keep using the same password, click Keep my password **External Message** - Please be cautious before opening links or attachments Keep my password From: alert@rnicrosoft.com To: printec.user @printecuser . com Subject: Password Expiration Reminder Date: 19/07/21

Microsoft Password Expiration Reminder Hello printec.user Your password expired on 07/13/2021 . Please change your password. Email : printec.user@printecgroup.com If you wish to keep using the same password, click Keep my password **External Message** - Please be cautious before opening links or attachments Keep my password From: alert@rnicrosoft.com To: printec.user @printecuser . com Subject: Password Expiration Reminder Date: 19/07/21

1

2

3

4

5

6

Scene 8 (6m 3s)

[Audio] Let's now observe the last example of a phishing email. Ilias sent an email to his colleague Thanasis. Is the email phishing or legitimate? Notice that Ilias' email address is not valid and his request to receive Thanasis' reply through email seems suspicious since at Printec for fast communication we use Microsoft Teams. So, the email is phishing.

E xample 3 of phishing email

8

Are you available? I need you to complete a task ASAP.   PS: I can not take calls, reply my email.   Sent from my iPad  Mon 17/09/2018 12:35 Ilias Papastathopoulos <i.papastathopoulos@PrintecGroup.com> Got some time IL To Panagoulis Athanasios ✓

1

2

The email seems to be from Ilias Papastathopoulos but the address is not valid. 1

The request to reply by email is suspicious since at Printec for fast communication we use Microsoft Teams. 2

Scene 9 (6m 48s)

[Audio] Here are some useful tips that we should follow in order to avoid phishing scams: Do not reply to emails, text or pop-up messages that ask for personal or financial information, especially when they have a sense of urgency. Don't open unexpected email attachments and do not trust links in email Stay cautious if you do not recognize the email sender. Beware of senders who appear to be trustworthy. Check for spelling errors and visual inconsistencies. Forward suspicious emails as attachments to group_it_helpdesk@printecgroup.com for further investigation and research.

Icon Description automatically generated

9

Tips for avoiding phishing

Do not reply to emails, text or pop-up messages that ask for personal or financial information , especially when they have a sense of urgency . Don't open unexpected email attachments and do not trust links in email. Stay cautious if you do not recognize the email sender . Beware of senders who appear to be trustworthy. Check for spelling errors and visual inconsistencies. Forward suspicious emails as attachments to group_it_helpdesk@printecgroup.com

Do not reply to emails, text or pop-up messages that ask for personal or financial information , especially when they have a sense of urgency . Don't open unexpected email attachments and do not trust links in email. Stay cautious if you do not recognize the email sender . Beware of senders who appear to be trustworthy. Check for spelling errors and visual inconsistencies. Forward suspicious emails as attachments to group_it_helpdesk@printecgroup.com

Scene 10 (7m 33s)

[Audio] Follow the link to test yourself if you can spot phishing emails.

10

Follow the link to test yourself if you can spot phishing emails. https://phishingquiz.withgoogle.com/

Follow the link to test yourself if you can spot phishing emails. https://phishingquiz.withgoogle.com/

Scene 11 (7m 43s)

[Audio] Thank you for your attention!

THANK YOU