PPT – Why you need to beware of phishing attacks using fake traffic violations? - emPower PowerPoint presentation

About This Presentation

Title:

Why you need to beware of phishing attacks using fake traffic violations? - emPower

Description:

Number of Views:41

Slides: 13

Provided by: emPowereLearning

Category: How To, Education & Training

Transcript and Presenter's Notes

Title: Why you need to beware of phishing attacks using fake traffic violations? - emPower

1
emPower eLearning

2
(No Transcript)
3
Why you need to beware of phishing attacks using
fake traffic violations

Phishing emails that use fake traffic violations
as a bait are on a rise, CISA and FBI warn.
Victims are being tricked into downloading
Trickbot, a dreaded malware using phishing
emails. The messages trick users into clicking a
link to see the proof of their traffic violation.
But, clicking the link takes them to a spoofed
website.
The website prompts the victim to click the photo
proof of their violation. Unfortunately, clicking
the photo proof initiates the download of a
malicious program onto the victims computers.
The malicious program, in turn, downloads
Trickbot to the victims computer.

4
(No Transcript)
5
Why you need to beware of phishing attacks using
fake traffic violations

Last year, Microsoft carried out an operation to
disrupt Trickbot. In October, 2020, it announced
that it had successfully cut off the key
infrastructure spreading the malware. But, the
malware has made a comeback since then.
As per the CISA-FBI warning, the phishing emails
attempting to trick victims into downloading
Trickbot, are also using the malware to
Drop other malware, including Conti Ransomware
Serve as a downloader for Emotet, another dreaded
malware
Besides this, the malware would try to exfiltrate
data from your computer. In addition, the
criminals can use it to steal credentials,
cryptomine, and attack other computers connected
to your network.
Unfortunately, it can be difficult to
differentiate a fake email from a genuine one.
This is because criminals tailor their messages
to look like the original communication. Thus,
its important for you to ensure that your
workers are trained to guard against such attacks.

7
(No Transcript)
8
Phishing Training

Thus, you need to put in place an information
security training program that covers topics such
as
How phishing works
How to identify spoofed emails
How to report suspicious emails
You need to train your employees on secure email
practices too. This includes, how to examine the
sender email address, embedded links, and
attachments.
Similarly, your employees need to know about
spear phishing attacks as well. As spear phishing
emails appear to be from a trustworthy sender,
they are more difficult to spot, and thus more
damaging.

In our opinion, employers need to couple their
security training with phishing tests. Such tests
are good for checking the resilience of your
security infrastructure.
A phishing test sends a fake-phishing email to
employees, and checks if they fall for the bait.
These tests serve two purposes. Firstly, they
train employees on the traits of a phishing
email. And secondly, they help the IT staff
figure out how vulnerable their network is to
intrusion. On this subject, the NIST suggests
that you should use the phish scale to rate the
success of your tests.
Simultaneously, you also need to put in place
technical controls to aid your IT staff handle
the phishing threat. For example, spam filters,
blacklisting malicious domains, disabling
downloads, blocking macros, and red flagging
suspicious behavior can help to lower the rate of
attacks.

10
(No Transcript)
11
In Conclusion

Fighting phishing has to be a continuous effort
on your behalf. Fake traffic violations are just
one form of the lures used by cybercriminals. For
instance, pandemic-themed attacks that use
vaccines and stimulus checks as bait are rising
as well.
So, you need to ensure that your staff is aware
of the dangers posed by phishing, and how to deal
with such an attack.