Phishing & Social Engineering
This type of phishing attack uses a sense of urgency to trick you into clicking a link or providing personal information.
For security, it’s advised that you avoid using this type of personal information in your password, like your birthdate or pet’s name.
What is personal information?
One of the easiest ways to protect your devices is to keep this feature turned on to prevent unauthorized access if it’s lost or stolen.
What is locking your screen?
Regularly running this type of software on your computer helps detect and remove viruses and other malicious programs.
What is antivirus software?
One way to check if an email is truly from a legitimate sender within your company is to verify this part of the email address.
What is the domain (e.g., @company.com)?
When you receive an unexpected email asking for your login credentials, the safest first step is to do this.
Report using the phishing button.
This practice makes it much harder for attackers to access your account, even if they know your password
What is Multifactor Authentication?
Before connecting your device to charge, it’s safest to use this type of USB port to avoid potential malware from unknown sources.
What is a trusted or personal USB port (like one on your own computer or charger)?
When visiting websites, look for this symbol in the browser's address bar to verify the site’s security before entering personal information.
What is a padlock icon?
If you receive an unexpected email from a colleague asking for sensitive information, it’s best to do this before responding.
What is confirm with the sender directly, using a known method like a phone call or in-person?
Before clicking on a link in an email, a good practice to check if it’s legitimate is to do this with your cursor.
Hover over the link to see the full URL
To create a strong password, it’s best to use a combination of these four types of characters.
What are uppercase letters, lowercase letters, numbers, and special characters?
Connecting to this type of network, commonly found in airports or coffee shops, can increase the risk of unauthorized access to your device.
What is public Wifi?
To reduce the chance of accidentally downloading malware, avoid clicking on these that often appear in pop-up ads or untrusted websites.
What are suspicious or "free download" links?
If an email claims to be legitimate but is missing the company's signature style or branding, it may be a sign of this.
What is a compromised or spoofed email?
When you receive an email from a familiar name, a quick way to check if it’s legitimate is to do this with the sender's email address.
What is check the full email address for unusual characters or misspellings?
This type of tool can help you securely store complex passwords without needing to remember them all.
What is a password manager?
To ensure that your device has the latest security protections, it’s important to regularly perform this action when prompted by your operating system.
What is updating or patching?
This practice ensures that sensitive data is not accessible to unauthorized users by removing unnecessary copies and files.
What is data sanitization?
If you’re on public Wi-Fi and notice unexpected redirects or login prompts for websites, it could be a sign of this type of cyberattack, where an attacker secretly intercepts your communication.
What is a Man-in-the-Middle attack?
Attackers often use public information from social media to craft targeted emails that seem personal and familiar. This is an example of which technique?
Social Engineering
This technique, which involves combining random words into a long but memorable phrase, is recommended for creating strong passwords.
What is using a passphrase?
This feature encrypts the data on your device, making it unreadable to unauthorized users if the device is lost or stolen.
What is device encryption?
This practice involves limiting the personal or work information you share on social media to reduce the risk of being targeted by social engineering attacks.
What is minimizing your "digital footprint"?
If you're unsure about an email’s legitimacy, a safe step is to compare the sender’s email details with previous verified communications or use this resource to confirm its authenticity.
What is reaching out to the IT or security team for verification?