Morrisec: Phishing Emails 
Morrisec: Phishing Emails
Phishing has historically been a significant problem due to how effective it can be in causing major issues for corporations, with minimal effort, complexity or funding. Individuals, specifically employees, are often targeted in phishing attacks as they are an accessible pathway to breaking the first line of defence, giving attackers access to sensitive data. In 2022, it was reported that phishing emails were the most common vector for phishing attacks with 83% of companies having experienced an attack in 2021. Three commonly used tactics in phishing emails are malicious attachments, web links and fraudulent data entry forms.
Why are individuals the most common targets for phishing attacks? Select all that apply.
Friendly and easy to talk to
First line of defence
Access to sensitive data
Financial gain
What tactics are commonly used in email phishing attacks?
Malicious attachments and fraudulent sites
Phone calls and identity theft
Images and posters
Fraudulent calls and malicious sites
Most commonly, phishing emails ask the user to follow a link that will take the user to a fraudulent site, often presented as a legitimate site. The user will often be asked to provide a set of personal credentials, which the attackers can collect and use against the individual for future breaches and financial gain. Victims exposed to phishing emails have an increased risk of malware infection, identity theft or data loss if the phishing attack is successful.
Users will often be asked to provide personal details or credentials?
True
False
Which is NOT an example of a phishing email?
Tellstra@helpdesk.com
Noreply@myg0v.com
Marysmith@educatiom.com
Googleplay@google.com
To detect a breach, the burden is mainly upon the user to identify fraudulent cues. Fraudulent emails often contain spelling or grammatical errors, poorly transferred logos, unprofessional layouts, a sense of urgency, simple subject lines, emails that don’t match the sender, incorrect domain names or, requests for personal details, credentials or log in details.
What are fraudulent cues that may be in a phishing email?
Spelling and grammar errors, simple subject line, request for details
Simple subject lines, correct URL, email matches the sender
Correct URLs, spelling and grammar errors, simple subject lines
Fraudulent domain name, email matches the sender, incorrect URL
Which of the following is NOT a phishing email attack?
Gooogle.com
Twitter.com
Arnazon.com
Comonwealthbank.com
Phishing attacks pose a significant threat with consequences ranging from financial loss to identity theft. Cybercriminals often target personally identifiable information including credit card numbers, financial account information, tax and medical records, and business information relating to data and customer details. Furthermore, phishing attacks can also hold implications for a company's brand and reputation. A breach can result in a loss of trust by clients, loss in revenue and a degradation in internal confidence by employees which in turn impacts the overall integrity of a business. Lastly, successful phishing attacks can also impact employees personally and psychologically, especially if their actions result in a breach.
What reasons may motivate actors to engage in phishing attacks?
Disrupt businesses
Financial gain
Identity theft
All of the above
What are the implications of a breach?
Loss in revenue, increase in client trust, increase in morale
Degradation of internal confidence, increase in training, data protection
Loss in revenue, degradation of internal confidence, loss of client trust
Increased revenue, business disruption, decrease in clients
Phishing attack mitigation should be implemented in multiple forms to best protect against all stages of an attack. One recommendation is using technology controls such as spam filters and anti-phishing software that scan email content and URLs. Secondly, regular software updates and two-factor authentication will assist as a layer of defence against initial attacks. The last countermeasure and perhaps the most important is regular participation in security awareness training for users. Successful phishing attacks largely rely on human error so it is important for companies and organisations to focus on improving cyber literacy to combat a lack of awareness.
Is it important to engage in regular software updates?
True
False
Companies and individuals should only implement one prevention measure against phishing attacks.
True
False
What can companies do to mitigate potential phishing attacks?
Two-factor-authentication
User training and awareness
Technology controls e.g. Spam filters
All of the above
{"name":"Morrisec: Phishing Emails", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Phishing has historically been a significant problem due to how effective it can be in causing major issues for corporations, with minimal effort, complexity or funding. Individuals, specifically employees, are often targeted in phishing attacks as they are an accessible pathway to breaking the first line of defence, giving attackers access to sensitive data. In 2022, it was reported that phishing emails were the most common vector for phishing attacks with 83% of companies having experienced an attack in 2021. Three commonly used tactics in phishing emails are malicious attachments, web links and fraudulent data entry forms., Why are individuals the most common targets for phishing attacks? Select all that apply., What tactics are commonly used in email phishing attacks?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}