Security Awareness Newsletter - Free Download
4.1, 3645 votes
Please vote for this template if it helps you.
Dr. Lance Hayden is a Managing Director for
Berkeley Research Group. An expert in security
culture and behavior, he is the author of People-
Centric Security: Transforming Your Enterprise
Security Culture from McGraw-Hill. You can nd
him at www.linkedin.com/in/drhayden.
Email is one of the primary ways we communicate. We
not only use it every day for work, but to stay in touch with
our friends and family. In addition, email is now how most
companies provide online services, such as conrmation of
your online purchase or availability of your bank statements.
Since so many people around the world depend on email,
it has become one of the primary attack methods used by
cyber criminals. In this newsletter, we explain phishing, a common email attack method, and the steps you can take to use
Phishing refers to an attack that uses email or a messaging service (like those on social media sites) that tricks or fools
you into taking an action, such as clicking on a link or opening an attachment. By falling victim to such an attack, you risk
having your highly sensitive information stolen and/or your computer infected. Attackers work hard to make their phishing
emails convincing. For example, they will make their email look like it came from someone or something you know, such as
a friend or a trusted company you frequently use. They will even add logos of your bank or forge the email address so the
message appears more legitimate. Then the attackers send these phishing emails to millions of people. They do not know
who will fall victim, all they know is the more emails they send, the greater the chance for success. Phishing is similar to
using a net to catch sh; you do not know what you will catch, but the bigger the net, the more sh you will nd. There are
several ways attackers use phishing to get what they want:
Harvesting Information: The attacker’s goal is to harvest your personal information, such as your passwords, credit
card numbers or banking details. To do this, they email you a link that takes you to a website that appears legitimate. This
• Protecting Yourself
IN THIS ISSUE...
OUCH! | December 2015