Phishing

What You'll Learn

• Identify common phishing email indicators including urgent language and sender address discrepancies
• Recognize fake login pages that mimic legitimate corporate portals
• Understand the financial and data security consequences of credential compromise
• Learn to use email client phishing reporting features effectively
• Master password security practices including generation of strong, unique passwords
• Develop skills in completing incident reports with accurate, detailed information

Training Steps

1. Introduction

   Welcome to SecureTech Corp! You are Alice, a procurement officer responsible for managing vendor payments. Today, you will learn about phishing attacks and how to protect yourself and the company from them.

2. Email Notification

   While working from home, Alice receives a new email notification titled 'Urgent: Update Your Security Question'. Intrigued, she opens her mail inbox.

3. Reading the Email

   Alice opens the email, which urges her to update her security questions via the employee portal. The email's professional tone and sense of urgency might compel her to act swiftly. Alice, trusting the source, decides to follow the email's instructions.

4. Enter Credentials

   The login page requests Alice's company username and password to proceed with updating her security questions. The page's resemblance to the legitimate employee portal makes it easy for her to assume it is safe, so Alice continues with entering her credentials without a second thought.

5. Error Message

   After 'logging in', the web browser displayed an error window instead of Alice's account dashboard, which left Alice worried.

6. Email Notifications

   Soon, Alice receives two new emails and proceeds to read them.

7. Bob's Malicious Actions

   Unbeknownst to Alice, Bob gains access to her credentials. Using her account, he performs malicious actions: he accesses the company's financial system and initiates a fraudulent transaction, transferring $10,000 to a fake vendor, 'Shadow Corp.' Additionally, he downloads sensitive files, including vendor contracts and payment details, from Alice's account.

8. Report Phishing Email

   To mitigate the damage, Alice decides to follow the steps proposed by the IT Department's email. First, she uses her mailing client to report the malicious email.

9. Login to Web Portal

   Alice opens her web browser and navigates to the company's internal security incident reporting portal: https://securetech.com/report-incident

10. Reporting the Incident

    After successfully entering the internal IT support ticketing system, Alice fills out a ticket form, detailing the suspicious email and unauthorized transaction.

Knowledge Check Questions

This training includes a 6-question quiz to test your understanding of Phishing threats and defenses.

• What is 'phishing' in the context of cybersecurity?
• Which of the following are common indicators that an email might be a phishing attempt? (Select all that apply)
• You receive an email from a well-known online retailer claiming there's a problem with your recent order and asking you to click a link to update your payment information. What should you do?
• What potential consequences can arise from falling victim to a phishing attack? (Select all that apply)
• Which of the following are effective ways to protect yourself from phishing attacks? (Select all that apply)