Safety First
According to Microsoft, enabling this simple feature for your accounts can block 99.9% of account takeover attacks
Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA)
What percent of cyber attacks begin with a phishing email?
80-90%
Everyone with a WBG email address is required to complete this, every year
Cybersecurity Awareness Course
Despite the obvious dangers, this self-evident password remains the most commonly used password in 2023
Password
These bad programs or codes are created with the intent to do harm to a computer, network or server
Malware
Setting these to install automatically is perhaps the most effective way to keep your device protected from malware
Updates
The goal of a phishing attack is to get the recipients to do one of these two things
Click a link or Download and Attachment
What does OIS stand for?
Office of Information Security
These virtual assistants create and remember your passwords, so that you don't have to
Password Managers
This highly effective type of attack doesn't involve sophisticated tools at all. Cybercriminals instead try to trick their targets into giving away sensitive information by pretending to be someone they are not
Social Engineering
When in doubt, reach out! Forward all suspicious messages sent to your WBG email to this address
infosec@worldbankgroup.org
Who's there? This rapidly emerging technology is supercharging phishing attacks by giving hackers a cheap and easy way to craft more professional, or more personal attacks by using tools such as deepfakes or voice cloning
Artificial Intelligence (AI)
This tool consisting of a set of buttons found at the top of your emails and Office documents, allows you to classify and protect WBG restricted information that you create
TagIt
These sentence-like sequences of words and characters are like passwords, but longer and more secure, while having the benefit of being easier to remember
Passphrase
Oh snap! Cybercriminals "like" using these popular public sites or apps for their attacks, as their targets tend to be less guarded when scrolling and posting
Social Media
When traveling, connect your laptop to the internet using this feature on your smartphone, instead of connecting to a risky public WiFi network
Hotspot
In this common phishing technique, the cybercriminal disguises an email address, display name, phone number, text message, or website URL to convince a target that they are interacting with a known, trusted source. This often involves changing just one letter, number, or symbol of the communication so that it looks valid at a quick glance
Spoofing
These special keys are needed to access WBG resources from a personal PC
YubiKey
You can use this website to find out if your password has been compromised in a major data breach
Backup or Pay-up. In this type of attack, cybercriminals infect a device or network, and then demand that the owner pay a fee for the return of the data
Ransomware
After purchasing a smart device that will connect to your home network (such as a router or home security system) immediately do this
Change default password
Go to this page on the Office of Information Security site to view real-life examples of phishing attacks on WBG staff
phishtank/
Go here on the OIS site to find more in depth stories, announcements and tips on cyberesecurity
Security Corner
This type of cyberattack occurs when the attacker uses a list of previously compromised credentials to find one that's been re-used for a targeted account
Credential Stuffing Attack
Vishing or Smishing