Security

Gazeta

Kitikat

sfgsdfgsdfgsdfg

Your heading text goes here

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

Your heading text goes here

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

  • aaaaaaaaaa
    bbbbbbbbbbbb
  • cccccccccccc
    ddddddddddddddddddddddddd

Gazeta

Your heading text goes here

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

Your heading text goes here

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

Your heading text goes here

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

  • Biggest
  • Kota

Bobby

  • matahari
  • sadfasdfasdf
  • aasdfasdfasd

image radio

Security Awareness Training

Security Awareness Training

During your first two weeks at [INSERT YOUR COMPANY'S NAME HERE] you should receive an email with links to Security Awareness Training as part of the onboarding process. This training covers how to recognize phishing attacks, how to safely use public wireless networks, and some general security tips and principles.

Phishing Tests

[INSERT YOUR COMPANY'S NAME HERE] conducts routine phishing tests using a third-party testing platform. All team members will occasionally receive emails that are designed to look like legitimate business-related communications but will in actuality be simulated phishing attacks. Real phishing attacks are designed to steal credentials or trick the recipient into downloading or executing dangerous attachments. No actual attempts will be made by [INSERT YOUR COMPANY'S NAME HERE] or the third-party testing site to steal credentials or execute malicious code.

The goal of these campaigns is not to catch people clicking on dangerous links or punish those who do, but rather to get people thinking about security and the techniques used by attackers via email to trick you into running malicious software or disclosing web passwords. If you fall victim to one of these simulated attacks feel free to take the training courses again or to ask the security team for more information on what could've been done to recognize the attack. What you shouldn't do is feel any shame for having clicked on the link or entered any data, nor should you feel like you need to cop to the security team and let them know you made a mistake. Making a mistake online is practically the reason the Internet was invented.

How to identify a basic phishing attack

When you receive an email with a link, hover your mouse over the link or view the source of the email to determine the link's true destination.

If you hover your mouse cursor over a link in Google Chrome it will show you the link destination in the status bar at the bottom left corner of your browser window.

In Safari the status bar must be enabled to view the true link destination (View -> Show Status Bar).

Some examples or methods used to trick users into entering sensitive data into phishing forms include:

  • Using HTTP(S) with a hostname that begins with the name of a trusted site but ends with a malicious site.

  • Using a username or password inside the request that corresponds to the name of a trusted domain and assuming the viewer won't view the whole URL.

  • Using a data URI scheme instead of HTTP(S) is a particularly devious means of tricking users. Data schemes allow the embedding of an entire web page inside the URI itself. Data schemes will not show the typical green lock in the address bar of a browser that is customarily associated with a verified SSL connection.

When viewing the source of an HTML email it is important to remember that the text inside the "HREF" field is the actual link destination/target and the text before the </A> tag is the text that will be displayed to the user.

<a href="http://evilsite.example.org">Google Login!</a>

In this case, "Google Login!" will be displayed to the user but the actual target of the link is "evilsite.example.org".

After clicking on a link always look for the green lock icon and "secure" label that signify a validated SSL service. This icon alone is not enough to verify the authenticity of a website, however the lack of the green icon does mean you should never enter sensitive data into that website.

What to do if you suspect an email is a phishing attack

Whether you believe that you have received an email from our testing platform or you believe you have received a real phishing attempt, the best thing to do is to delete the email. GMail also offers the option to report the email directly to Google as a phishing attempt which will result in its deletion. If you suspect that the email is targeted specifically at you or [INSERT YOUR COMPANY'S NAME HERE], please notify the security team so it can be investigated. You can also notify other team members via Slack. If you forward the phishing email to the security team please do so as an attachment and not inline. To forward the email as an attachment from inside GMail:

  1. In the reply options choose "show original"

  2. Choose "download original"

  3. Save to your local drive or Google Drive

  4. Create a new email with the saved email as an attachment

If you receive an email that appears to come from a service that you utilize, but other details of the email are suspicious – a private message from a sender you don't recognize, for example – do not click on any links in the email. Instead use your own bookmark for the site or manually type the address of the website into your browser.