Monthly Archives: October 2023

Week 7 Midterm Research Project

Leave a reply

Know Your Enemy

  1. Scareware is an example of social engineering that scares users into giving away company info or acting against intuition based on fear. Scareware is often done through pop-ups on the user’s screen often warning that files or software has been infected. The pop-up will then prompt you to pay to fix the “issue” and once you have paid it infects your computer with malware programmed to steal your data. https://www.fortinet.com/resources/cyberglossary/scareware#:~:text=A%20common%20scareware%20definition%20is,spread%20through%20spam%20email%20attacks.
  2. Tailgating is a social engineering tactic that allows an attacker to gain physical access to a location with secure data by manipulating the way humans interact with each other. Tailgating is when an attack follows an employee into a key-carded door or secure area only for employees by acting like an employee that maybe forgot their key or badge. For example, one of your employees is asked to work on your data servers in another building, and while on the way there a “new hire” meets up with them and claims they don’t have their badge yet but was told to work with you for the day, without checking with your boss you allow them to follow you into the server room.
    https://www.knowbe4.com/what-is-social-engineering/
  3. Vishing is phishing that happens over the phone. Callers try to extract PII details to use in crimes. The goal is to gain access to accounts or often banking information, however in this case it would be to access our company’s files via a user account. An example of this might be a caller stating they are IT and need a user’s account username and password so they can fix an issue with their account.                                                    https://terranovasecurity.com/what-is-vishing/
  4. Baiting is the low-hanging fruit of the social engineering tactics, literally. Baiting is a method of offering a susceptible employee something they may be interested in. This can be on a disc, USB drive, or other readable media. For example, an attacker leaves a USB drive in the parking lot of the company office, an employee sees this flash drive, and written on it are the words “layoff plan” Obviously she needs to see if she is going to be laid off. She inserts the drive into her PC and is instantly hit with ransomware or a keylogger that has taken over her PC and stolen company data.                                                https://www.knowbe4.com/what-is-social-engineering/
  5. Spear phishing focuses on a small very specific targeted group, typically very vulnerable employees. This attack is to gain access to organization data. Spear phishing is done after research on the targets and is personalized for the victim to make them do something against their best interest. An example of this attack might be to send a CFO an email with the subject invoice or something like that, attach malware that looks like a PDF invoice, and when they click it thinking it’s something they need to record and file it’s a keylogger or malware to access your companies’ data/servers.                           https://www.knowbe4.com/spear-phishing/

Know Yourself

  1. Scareware- Employee education and awareness is the most effective method of preventing scareware. If a person knows what to look for and avoid, they will no longer click on these malicious links and pop-ups.

https://www.fortinet.com/resources/cyberglossary/scareware#:~:text=A%20common%20scareware%20definition%20is,spread%20through%20spam%20email%20attacks.

2. Tailgating- Key cards / badges that are required for access are the most effective way of eliminating this issue, combined with employee awareness this issue can be effectively put down to 0% chance. 

https://www.knowbe4.com/what-is-social-engineering/

3. Vishing-Call screening is an easy way to reduce this problem, scanning calls and recognizing when they are coming from a well-known malicious number or are spoofed, as well as educating users to keep PII secure at all times is a great way to reduce this issue.

https://terranovasecurity.com/what-is-vishing/

4. Baiting- Most pcs in modern use do not have DVD drives, effectively eliminating DVDs as a way to bait someone especially at work. USB drives however still exist, luckily IT departments have the access to block data transfer from USB devices to pcs.

https://www.knowbe4.com/what-is-social-engineering/

5. Spear Phishing- Email Filtering and Authentication is also a good combatant, if your servers do most of the heavy lifting in making sure these emails are never delivered it will greatly reduce the amount of phishing within your company.

https://www.knowbe4.com/spear-phishing/

Develop A Strategy

  1. User Education is vital to making sure that your staff know exactly how to handle and avoid each of these situations. Trainings and seminars fall into this.
  2. Using a firewall as a preventative measure creates a barrier for bad data while allowing good data to be sent to whomever it needs to be sent to.
  3. Disable USB allowance in firmware and domain settings to ensure no one can manually install any bad data into the company system.
  4. Using privacy screens on monitors can be a good way to keep a passerby from seeing sensitive information on another person’s computer.
  5. Making sure that people are following company policies on company devices and having monitoring systems for these devices so if someone is doing something inappropriate it is logged.

Week 6 Where Can You Find Help?

Leave a reply

Adobe

This information is very current Adobe updates their information with every new software that they release. Like when they go from 2023 to 2024 software, they will update the information accordingly. Adobe is the company posting the information they are the most knowledgeable on their software because they create it. If any site is going to have the most accurate information about Adobe software, it will be Adobe themselves. The posts are made by Adobe there are no gatekeeping mechanisms in place. People who work for Adobe are the only ones posting these tutorials. I would say that most of what Abode posts are easy to follow and are clear. However, I have had trouble following some of the tutorials they post because at some points they are not as descripted or use the best pictures. I would use them in the future because they are almost always reliable.

Welcome to the Illustrator User Guide (adobe.com)

YouTube

YouTube has a lot of current information as well as a lot of outdated information as long as you are on the lookout you can find information that works for you. I have found some information that is older that is still relevant and information that is older that is no longer relevant. You can also find new information it just depends on what you are looking for. Some people are authorities on YouTube, but that is another thing that you have to look out for on YouTube. I think the most effective way to tell if someone is an authority is the quality of the content. I have found that the better quality the content the better the information is. The way that content is presented to you by YouTube is through an algorithm. It bases the information that it delivers to you based on what you have looked at and searched for in the past. The content is clear sometimes and sometimes not. I have watched tutorials that have no audio and they run through the tutorial, and you have to figure out what is going on for yourself. Other tutorials are full information with no questions needing to be asked. I think again it just depends on the content. I will use this in the future with the knowledge I have, knowing that sometimes the content is not great.

https://www.youtube.com

Evanto TUTS+

Everything that I found from was from 2023 so you know that all of the content is fairly new. The posts are made by qualified contributors hired by Evanto TUTS+. All of the information was accurate and well detailed that I saw. I think things that are posted on the front page are all things that have been voted on. At the end of each article there is a little vote thing that says was this information helpful. So, I think that the website takes those votes and puts the stuff that is on the front page is stuff that other people have found helpful. The information that I had saw was accurate, well detailed, and easy to follow. I will definitely be using this information in the future. I wish I would have found this information earlier I feel like it would have been a great asset.

Drawing/Illustration | Envato Tuts+ (tutsplus.com)