Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
DADA/Articles/st13_AviodPhishing.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
65 lines (44 sloc)
2.49 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In the last section, we discussed Phishing, what it is, why it occurs | |
| and examined some of the techniques that are used. In this section, | |
| we look at how you can protect yourself against Phishing attacks. | |
| # Avoiding Phishing | |
| This is one area where there are no "rules" to follow. A well | |
| structured phishing attack should look genuine, and as a social | |
| engineering attack there are few "technical" signs that can be picked up. | |
| [Phishing.org](http://www.phishing.org/what-is-phishing) has a nice PDF summarising the common social engineering | |
| techniques found in Phishing emails. | |
| However, there are still a few *rules of thumb* that can be applied to | |
| help spot and avoid Phishing attacks. | |
| ## Trust your instincts | |
| It may sound like something the POTUS would say, but this is our first port of call. | |
| Looking for stuff that is different than normal. | |
| - Do you know who is sending the email? | |
| - If so: | |
| - Are they asking anything that is out of character? | |
| - Do you have anything to do with the emails originator? As a rule - if it's from someone you don't know, don't trust it. | |
| - It's unlikely that a web service will appear *out of the blue* and ask you to confirm credentials. | |
| > Always apply some common sense here, think about why that link is | |
| > asking you for your login details, It may be because your session | |
| > has expired. Login on the genuine version (away from any link in a | |
| > message) and try to conform if there is a genuine problem with your account. | |
| ## Think before you click | |
| Trying to persuade the target to click on links in emails is the first | |
| stage of a phishing attack. Hover the mouse over a link before you | |
| click, it should show the address the link points to. Does the address | |
| displayed seem legitimate? Are there strange characters, or lots of | |
| subdomains in the link? These are all signs that the email is not | |
| legitimate. | |
| ## Use a password manager | |
| Having different passwords for all your online accounts is good | |
| security practice. Keeping track of all these passwords is made simpler | |
| by using a password manager. Then even if one account gets | |
| compromised, your other accounts are safe. The best password is one | |
| that you don't remember. | |
| ## Keep firewalls and AV up to date | |
| Firewalls and antivirus systems can help prevent consequences of | |
| installing malware, by either blocking the program from running, or | |
| stopping any external network traffic. Be wary of opening an | |
| attachment that prompts to disable AV or firewall. | |
| # Task | |
| Give Google's Phishing Quiz a go: | |
| https://phishingquiz.withgoogle.com/ |