Security Education & Awareness: Phishing Prevention

00:05:35
https://www.youtube.com/watch?v=CVJiZIjdOOE

Ringkasan

TLDRThis video addresses the widespread issue of phishing, where attackers craft emails to deceive recipients into clicking malicious links or opening harmful attachments, often resulting in substantial data breaches. An example is given of a cybersecurity company that had over 30,000 personal records exposed due to one mistakenly clicked email. The video explains that these deceptive emails can appear relevant, trigger strong emotional responses, and seem realistic to trick individuals. Phishing attacks fall mainly into two types: mass-market and targeted. The former involves sending emails to numerous recipients hoping someone will fall for it, while the latter involves researching and sending personalized messages to specific targets like financial officers or CEOs. To combat phishing, it's crucial to recognize suspicious emails through certain clues such as unexpected attachments or links, grammatical errors, and requests for sensitive information. Mastercard, with partners like the Global Cyber Alliance, offers tools and solutions to help individuals and organizations protect themselves in the digital space, emphasizing security as everyone's responsibility.

Takeaways

  • 🔒 93% of data breaches start with phishing.
  • 📧 Phishing uses email to deploy malicious software.
  • 🏢 Even security experts can fall for phishing.
  • 🎯 There are mass-market and targeted phishing attacks.
  • 🧠 Scammers create relevant, emotional, and realistic emails.
  • 🚨 Recognize suspicious emails by checking for unexpected links.
  • 👨‍💻 Ron Green, Mastercard's Chief Security Officer, leads security efforts.
  • 🤝 Mastercard partners with cybersecurity organizations.
  • 🛡️ Security is everyone's responsibility.
  • 🔗 Utilize available cybersecurity tools for protection.

Garis waktu

  • 00:00:00 - 00:05:35

    Phishing emails are a common starting point for data breaches, with 93% beginning this way. They are well-crafted to deceive recipients into clicking malicious links or attachments. Even cybersecurity trained companies can fall victim, highlighting the importance of multi-layered security and training to recognize suspicious emails. Phishing often involves social engineering tactics via emails that trick recipients into installing malware, granting attackers access to systems. Attackers' motives usually revolve around financial gain or brand damage, often targeting specific individuals within organizations to maximize their impact.

Peta Pikiran

Video Tanya Jawab

  • What percentage of data breaches begin with a phishing email?

    93% of data breaches begin with a phishing email.

  • What is phishing?

    Phishing is a social engineering tactic that uses email to trick recipients into clicking a link or opening an attachment with malicious software.

  • What happened to the cybersecurity company mentioned in the video?

    A person in their organization clicked a phishing link, leading to the exposure of over 30,000 records of personally identifiable information.

  • What are the two common types of phishing attacks?

    The two common types are mass-market phishing attacks and targeted attacks.

  • How do scammers craft phishing emails?

    They carefully create emails to appear relevant, elicit emotional responses, and seem realistic.

  • What is the goal of phishing attacks?

    The goal is to trick the recipient into taking an action that benefits the scammer, like transferring funds.

  • What can you do to recognize phishing emails?

    Look for unsystematic tags, unexpected links/attachments, emotional triggers, and requests for login credentials.

  • Who is Ron Green?

    Ron Green is Mastercard's Chief Security Officer.

  • What partnerships has Mastercard established to aid in security?

    Mastercard has partnered with organizations like No More Ransom, Global Cyber Alliance, and the Cyber Readiness Institute.

  • Why are security behaviors important according to the video?

    Security behaviors have upstream and downstream impacts, affecting everyone in the connected ecosystem.

Lihat lebih banyak ringkasan video

Dapatkan akses instan ke ringkasan video YouTube gratis yang didukung oleh AI!
Teks
en
Gulir Otomatis:
  • 00:00:01
    [Music]
  • 00:00:03
    you just received an email with an offer
  • 00:00:06
    too good to pass up
  • 00:00:07
    you are one click away from your fortune
  • 00:00:10
    make that your misfortune
  • 00:00:12
    did you know 93 of all data breaches
  • 00:00:15
    begin with a phishing email today's
  • 00:00:18
    phishing emails that scammers send
  • 00:00:20
    are so well crafted and strategically
  • 00:00:23
    designed
  • 00:00:23
    to lure you into taking their bait
  • 00:00:26
    recently a company that trains and
  • 00:00:27
    certifies cyber security professionals
  • 00:00:29
    experienced this firsthand it only took
  • 00:00:32
    one
  • 00:00:33
    person in their organization to
  • 00:00:35
    unknowingly click a link
  • 00:00:36
    and an email that was embedded with
  • 00:00:38
    malicious code and as a result
  • 00:00:40
    more than thirty thousand records of
  • 00:00:42
    personally identifiable information
  • 00:00:44
    were exposed if a phishing expert can
  • 00:00:47
    fall prey to the criminals
  • 00:00:49
    so can you that is why it's critical to
  • 00:00:51
    have multiple layers of security from a
  • 00:00:53
    technical perspective
  • 00:00:55
    and to train yourself and others how to
  • 00:00:57
    recognize and report suspicious email
  • 00:01:00
    so what is phishing it is a social
  • 00:01:03
    engineering tactic that typically uses
  • 00:01:05
    email
  • 00:01:06
    to lure the recipient into clicking a
  • 00:01:08
    link or opening an attachment that
  • 00:01:10
    contains malicious software
  • 00:01:12
    this malicious software allows the
  • 00:01:14
    attacker to gain a foothold into the
  • 00:01:16
    recipient system
  • 00:01:17
    and depending on an organization's
  • 00:01:19
    security they may even be able to
  • 00:01:21
    penetrate the organization's network
  • 00:01:24
    now scammers motivations vary but
  • 00:01:26
    oftentimes
  • 00:01:27
    it's all about money or fame they may
  • 00:01:30
    want to bring your well-known brand down
  • 00:01:32
    through a data breach they do this by
  • 00:01:35
    targeting you
  • 00:01:36
    or your organization with phishing
  • 00:01:38
    emails
  • 00:01:39
    today's scammers have carefully crafted
  • 00:01:41
    two schemes to prey on you
  • 00:01:42
    and your organization the first is a
  • 00:01:46
    mass-market phishing attack
  • 00:01:48
    this is when the scammer harvest a large
  • 00:01:50
    list of email addresses from a social
  • 00:01:52
    media domain
  • 00:01:54
    to cast a large net out to the ocean of
  • 00:01:56
    recipients
  • 00:01:57
    hoping just a few unaware people will
  • 00:01:59
    take their bait
  • 00:02:01
    the second method is a targeted attack
  • 00:02:03
    this takes more time and research on the
  • 00:02:06
    scammers part
  • 00:02:07
    however if it works as intended they
  • 00:02:09
    receive a larger
  • 00:02:10
    and more direct payoff in this instance
  • 00:02:14
    the scammer will define their target
  • 00:02:16
    typically someone in finance
  • 00:02:18
    accounts payable or even the ceo by
  • 00:02:21
    scanning various public websites or
  • 00:02:23
    professional social media accounts
  • 00:02:25
    they take the intelligence they gather
  • 00:02:27
    online about this individual
  • 00:02:29
    and send you personalized emails hoping
  • 00:02:32
    to build a trusting relationship
  • 00:02:34
    and fool you into thinking they are
  • 00:02:36
    someone they are not
  • 00:02:38
    the goal of both attacks is to convince
  • 00:02:41
    you to take some sort of action
  • 00:02:44
    for example transfer funds to an
  • 00:02:46
    erroneous account
  • 00:02:47
    redirect an invoice payment to the
  • 00:02:49
    scammers account
  • 00:02:51
    because scammers rely on youth thinking
  • 00:02:54
    it won't happen to me
  • 00:02:55
    it is important to recognize how they
  • 00:02:57
    lure you into taking their bait in the
  • 00:02:59
    email they send to you
  • 00:03:01
    the first lure they use is to create a
  • 00:03:03
    sense of relevancy
  • 00:03:04
    trending topics in the news people you
  • 00:03:07
    know or even details you posted on one
  • 00:03:09
    of your social media accounts
  • 00:03:11
    are all relevant topics that can fool
  • 00:03:13
    your senses into trusting the sender
  • 00:03:16
    the second lure is to create a strong
  • 00:03:19
    emotional response
  • 00:03:20
    this can come in the form of fear by
  • 00:03:22
    reacting to a story in the news
  • 00:03:25
    creating a sense of urgency pay now or
  • 00:03:27
    else
  • 00:03:28
    or even fear of missing out on a reward
  • 00:03:30
    such as a link to receive
  • 00:03:32
    a money-saving coupon the final lure is
  • 00:03:35
    realism
  • 00:03:36
    scammers work hard to create an email
  • 00:03:38
    that is so realistic
  • 00:03:40
    it tricks you or your eyes into thinking
  • 00:03:42
    it is from a friend
  • 00:03:44
    colleague or even trusted company at
  • 00:03:46
    mastercard
  • 00:03:47
    we use five easy clues to help us
  • 00:03:50
    recognize and report suspicious email
  • 00:03:53
    the first is to create a system tag on
  • 00:03:55
    all external email
  • 00:03:56
    which prompts you to use caution this
  • 00:04:00
    tag should remind you to ask yourself
  • 00:04:02
    does the email contain a link or
  • 00:04:04
    attachment you weren't expecting from an
  • 00:04:06
    unknown sender or company
  • 00:04:09
    are there grammatical or spelling errors
  • 00:04:11
    in the text
  • 00:04:12
    domain name or url address
  • 00:04:15
    do you feel a strong emotional response
  • 00:04:18
    to the email message
  • 00:04:20
    does the sender request your login
  • 00:04:22
    credentials or personal detail
  • 00:04:26
    if you answered yes to one of the clues
  • 00:04:28
    congratulations
  • 00:04:30
    you can now recognize a suspicious email
  • 00:04:32
    [Music]
  • 00:04:37
    i'm ron green mastercard's chief
  • 00:04:38
    security officer and i'm responsible for
  • 00:04:40
    securing our network
  • 00:04:42
    and the broader payments ecosystem we
  • 00:04:44
    are all more connected than ever before
  • 00:04:46
    unfortunately so are the hackers
  • 00:04:48
    fraudsters and money launderers
  • 00:04:50
    your security behavior has upstream and
  • 00:04:52
    downstream impact so we're relying on
  • 00:04:54
    you to do your part
  • 00:04:55
    because security is everyone's
  • 00:04:56
    responsibility
  • 00:04:59
    to help mastercard has partnered with
  • 00:05:01
    organizations like no more ransom
  • 00:05:03
    the global cyber alliance and the cyber
  • 00:05:05
    readiness institute
  • 00:05:06
    to offer you free access to the tools
  • 00:05:08
    you need to get started
  • 00:05:10
    and as you grow mastercard is here with
  • 00:05:12
    easy to implement and simple to use
  • 00:05:14
    security solutions that will scale with
  • 00:05:16
    you to secure and enable your digital
  • 00:05:18
    world
  • 00:05:18
    across every interaction
  • 00:05:25
    [Music]
  • 00:05:35
    you
Tags
  • phishing
  • data breaches
  • cybersecurity
  • scams
  • malicious software
  • social engineering
  • security measures
  • Mastercard
  • email security
  • cyber awareness