Cybersecurity is everyone’s responsibility. Minimise risk and be proactive. Teach your staff to practise cybersecurity hygiene to avoid letting your insecurities get the better of your business.
You need to teach your employees proper cybersecurity hygiene, because even with the most secure technologies, untrained users will still enable a breach.
Keep an eye out on our LinkedIn events page for upcoming webinars. They are interactive, free & CPD accreddited.
LinkedIn - https://www.linkedin.com/company/servicescaler/
Facebook - https://www.facebook.com/ServiceScaler/
Instagram - https://www.instagram.com/servicescaler/
Pinterest - https://www.pinterest.com.au/servicescaler/
Auto generated captions
Alright morning everyone. Welcome to address your insecurities. Cyber security stock with you presented by magic and surface Kayla. So today we’re going to be talking about a few different different things in our agenda. Starting up with how cyber attacks happened. Sort of identifying the key. And the main ways that they they, they go then we’re gonna have a look at how to identify a spam email. Uh, they’ve got a few examples of that just giving demonstrations or examples that we got this week. Like I, I pulled these emails yesterday. And put into here. Of actual real life examples that people send out to to anybody just trying to access. Anything some of these things that some of these things while I’m gonna show you how to check a link that’s in an email. So if you get an email from someone saying hey click this link and go sign in. If you don’t recognize that like. The sender hover over the hyperlink as well, just to make sure it makes sense. If it doesn’t make sense, don’t click it, delete it will run through that process as well inside an email about how to do that. Most of you probably already done it by accident, but there’s just a. It’s alright man. I’m going to briefly explain why the name of the sender in the email doesn’t matter. That’s not the important thing. When someone sends you an email, it’s not the name. And I’ll run through that just. And when we get there, what we can do about it and then we’ll do a quick summary at the end about how. Now we’ve gone and what we both learn good and so you got mad were attacks, phishing attacks. Man in the middle attacks, so this one is when someone tries to gain access between. Uhm? Both you and your information about you to get into your computer, UM. So again, this happens every now. All of these are gonna still happen over email and password attacks. If you’ve ever seen one of these BuzzFeed articles, it’s like do this quiz. You know? What was the name of your first dog and all that fun stuff like that is old stuff that’s trying to get your. Details. So that you can so they can try and guess your password. Or try and brute force their way into your password. So let me do those ‘cause they’re bad. Right? A little bit about the types of fishing that you have, so fishing is literally any attempt to trick you into doing something to benefit someone else with the criminals and so opening an attachment in an email. Clicking on a link, sharing confidential information like username, password or transferring money. So there’s two different types, so mass fishing. And you will see. Which is just like the generic ones that I just like. Hey hi I can’t hold on things like that. They’re very, very. Common they like again, I went through our inbox yesterday. We had several hundred of them, and then there’s spearfishing ones that are more direct. They are made to sort of look like they come from inside your organization. They made it look like they come from, you know, the director of the company or something like that. Well, look like they will be. They have some pretty common tells about. Hey, this person has never used this word before in their life. Why would they send that to me in an email that looks like they formatted it on a potato uhm? We’ll run through some of these examples in a second, so next we’re going to have a look at how to identify spam emails. And so this is like the core of this webinar. Son. Just this is a standard example. This would say hey, your accounts been suspended by Netflix. Uhm? Click this link right here to update your account. Now. If you get this email in today’s era, Netflix hasn’t looked like this in about 10 years. UM, so scam. They also. So a few key points here 1 they’re going to address you by name. They’re not gonna call you the name of the company that they are sending an email from. So if your account has been suspended by Netflix, you would get a personalized email from them saying, hey. Dear like if it was to me, dear Stephen. A year again has been suspended. Please go to our website and not link it ‘cause they know that that’s bad form. Please go to our website too. Fix it, right? It’s fine, they’re not going to say hey, hey Netflix, what’s going on? Your account suspended. Company. So that’s sort of, that’s all that. Example that I like to pull out in this time, and then we’ve got a few that are from from yesterday, so this one is from yesterday that we bought out. This was as you can see sent to our director. Uhm? And it just says, hey, you’ve got this voicemail. And it’s a good voicemail. Because the duration is .6, so I’m just going to go ahead and look at some towels with you guys. Now there’s five of these examples. Or run through each of them. So. First up, this acne dot. Mtac dot com.ru is a. Is not an email address, although not an account or a person that lives in this company. Also, I don’t know who Rick Raquel at. Technoorwhateverwhatever.com is I’ve never seen this person, but you can see what they’ve done is they’ve updated their username to look like. It’s coming from inside of merging, so if you just get it on your phone. And don’t expand this bit out. It looks like you have an unread voicemail. Having a bit far and then it’s like hey follow this link to listen to the voicemail. So if you do follow that link. Want to thank you too. Is a casino website then asks you to play now and sign up and all that fun stuff which you don’t need and no one is ever. I don’t think anyone ever really needed because rule casinos exist so this is this is the first one that we that we looked at yesterday. So again those key tells the name over here. If you don’t know the. Name of the sender? Or don’t recognize the email address. Probably don’t click the link UM. Again, the duration of this .62, I don’t know what .62. Like 62 seconds like that’s a minute and two seconds like there’s nothing’s ever gonna be full formatted like that. That’s a bit of a weed. Why are trying to combine that information? Then OK, I don’t know and Alice. Quotes and I don’t know that that person to that person is not familiar to me, so I’m probably not gonna care about what’s in the voice message voice message anyway, UM? And if it was a real voice message, it would come through my phone so. There’s there’s that. So. Another example, I thought this one was fantastic, so this is an email from it auto, which is the username updated. Uhm? Yeah, there’s a. There’s a lot going on here, so again, the username doesn’t match the email address from the domain that they sent it from. Uhm, their formatting is off like. I don’t know what all 5365 is, but that’s. Uhm? That’s like the first of all the first big red flag when just looking at the email. If you look at it on your phone, it looks a bit strange. It just says, Dear Alonzo TPP wholesale, which would be. Like the first part of someone’s email address. Dumb. So again, it doesn’t reference me by name, so it’s not for me and it’s not a thing that I should be clicking. Uh. That we had spacing the urgency so a lot of these. A lot of these emails allowed these. Spam emails are gonna come through. They gotta say, hey you need to do this thing immediately otherwise you’re gonna lose access. Like OK, cool. Uhm? That generally would push my staple to go through and do that to that process. They like these steps. So if you want to keep the same password, there’s a missing S in there. You click that link. Which then takes you to. Whatever this website is. I don’t know if I clicked it to actually fully three, but again, there’s like this is just a close up. It is like you got weird spacing. You’ve got links to to make sense the misspelling like don’t go to a site that looks like this because I don’t know what I am medicalsolutions.com is or where this bit takes me on their website, but it’s probably not great. Uhm? As all this stuff at the front doesn’t really mean anything for that purpose. Cool. Example three of identifying spam emails. So this is another one about Office 365. Hey, keep your current password by clicking the link. Uh, so it’s a HTML file. This one was actually sent through our service desk and then immediately marked as spam. When I opened the link, so I opened everything Incognito browser so it doesn’t like sign me in automatically. Uhm, generate one. But it takes you through to woodpeckertrainingcenter.com, which again you can identify or with links like this, you hover over them and they pop up a little logs, right? These ones are a little bit harder inside. Actually open them up. So you open it up and it says, hey, the connection to private. You sure you want to do this if you get to one of these pages on an email that you were not expecting, just stop. Call the company. If you have dealings with that company, that’s fine, but call them and say hey, I’ve got this email. Did you send it nine times out of 10? It’s going to say no. Now that shouldn’t have gone through. We shouldn’t send like no one from here would accept that. And if that’s yes, it just delete the email. So if you if you are feeling brave and you want to go through and click advanced on here to try and get into the website, that’s fine. Just remember that it’s not secure and it ends up taking you to a broken page that doesn’t exist. Uhm? I don’t know what would have happened if I clicked it with him then. Like that time window or anything like that, but it was not like when I went there yesterday it was dead. So unless they had a temporary download link on there or something like that, but it would have ended. You know you get. You get to this page. I don’t give you this page for no reason and still listen to it. And they even outline exactly what’s going on. Hey, someone’s going to try and steal your credit card details, only possible. So. This one was tricky. Well, this one was well done so. You’ve got a purchase order from Adcor Group which we don’t have any dealings with, but. You know the name matches, you know it looks like an official email address. It’s got an official domain or that stuff. Uhm? There’s a little link here to review your purchase order, which takes you to this website. I didn’t got, even grabbed the zooming like the URL information because it was exactly the same, it just give me 5.3 zuehls and then it asks you to sign in for an account. No, I didn’t find I didn’t click that because that would have asked me to provide login information and things like that. Then they can then use to get into other data. Other accounts which is 9 times out of 10. What they’re trying to do. I’m assuming even if you clicked it as soon as you got it. The link would have expired. Pretty much straight away. So that they can get you to sign in and put in your first name. Your last thing you know your email address, your phone number, all of that stuff to sign in for an account which they can then use to get into other accounts. Yeah. The final example that we’ve got for identifying spam emails. So another one of those voicemail messages. Sent to our inquiries inbox over it’s over skele. Uhm details below. At least this time they bother to put in, you know a proper phone number, some details. A duration in actual seconds and minutes instead of. Decimal point uhm. So you’ve got. Play Delain. Which is the name that does not match the email address of John B at dust5.com, whatever that is. I don’t know. And the details, the way that they want you to do it is open. Open the attachment or download the attachment. Which then takes you to a Microsoft 365 sign in Page or what looks like 1. This is a pretty decent mockup. It doesn’t look exactly the same, but it looks close enough that someone could be like, yeah, yeah, that’s Microsoft. Uhm? And then yeah, you go through that you sign you hit next and then it just says cool, what’s your password for this email address? That was the next step in that process was put in your password. Uhm, yeah, this was locally stored on my computer because I didn’t get the email directly. Uhm? They wouldn’t have done anything, but that’s. Like they’ve got the gradient I, I’m assuming they just ripped it straight off Microsoft website and just put it on there. But like this entire background is all. What you see when you log into Microsoft? So that’s pretty clever. Now. Another one. This is a different. A different sort of thing. Uhm, they should still be example one anyway, so this one. I had a look at yesterday and I had the deep dive into it because it was there’s just so many levels that you can see. This was sent to one of our customers. As you can see their email addresses or grayed out and things like that. But it went through it went directly to our junk email, but as soon as I was told it, it showed me a picture. So it says hello, then it has a variable here. So if you see that like that’s someone trying to just like, yeah it’s going to pull the first name details and then say hello John or whoever was sent to grab your reward. Now. I don’t know who’s familiar with the JB Hifi brands, but JB Hifi’s logo doesn’t look like that. I don’t know if it ever looked like that. ‘cause that’s a weird font. For that to be. Uhm, it might’ve been like I don’t know. Early 2000s, maybe it sounds like a JB hi-fi thing to do, but. That’s not what it looks like at the moment, so they’re not going to be standing out of reward or anything like that. And congratulations, dear JB Hi-fi customers, so again, it’s not very personalized. And just the way that I sound when you say it doesn’t make a lot of sense, congratulations, dear customer like. Just put a name in there. It doesn’t matter if it’s the wrong name, just put a name in there. Someone can at least. Think that it’s. Meant for someone else, so very good news for you is it is not a. Not a sentence someone would really say in the English language often. Your address is selected to receive a free reward that all of like. All of this. They’ve got a different font here for JB Hifi than they have for the word dear. And congratulations like that’s different. That’s a different typeface right there. To benefit from this special office, simply complete Al. 32nd perspective study. In your experience. JB hi-fi. Now I have the chops with JB Hifi for about it. Two years I walked in there once, like when they open up a new one near me six months ago. Have not bought anything from JB Hi-fi in years, so why would I be getting this? All you have to do is answer a questionnaire, which is good because it asks you details about yourself at the start of it. I’m going to hover over these links at the moment. There’s two links in here that I’ve got a good sort of go through. So this startling and the unsubscribe link. These are the same. So these unsubscribe and they start. They take you to the exact same place. Which is you unsubscribe from the mailing list? That’s great. Fill out this survey. Uhm, now. Once you actually go to that site, it’s actually here. And that is not the site that I clicked. But like you know, OK redirects exists, that’s fine, but I was also not jbhifi.com. That I you like, that’s not that address, and it had the email address of the recipient up here as well. They had yeah fill it out. That’s fine, go for it and I didn’t get any further because I know if I click start, don’t know something bad may happen so I just sort of stopped there. It was a legit survey. Will take you to JB Hifi. Dot com. Or, like a SurveyMonkey doesn’t like that like one of the legitimate survey sites. So again, the like the wording was kind of weird. This time they actually bothered to use the correct. Uhm fun like logo for David Hi-fi, so that was weird. And again, they’re trying to push that sense of urgency on me for. Uhm, hey, you’ve got to get this done in the next 5 minutes or it goes away, which it doesn’t. If you click the link it just keeps going and going and going. And that’s it so. Well, final topic at this point is. Why the name of this? And it does not matter, so this this bit here that everyone sort of seems to get stuck up on is that you know it says that it’s from. Someone important or it says that it’s from the director, so I’ve clearly got to do what they say now. As I mentioned at the start of this. That bit can be changed. At the drop of a hat, you literally just update your profile information to say hey, I’m going to be Greg now and then I can be Greg. If you have an enterprise like if you’re using like Microsoft 365 or something like that, the prices you really quick. If you have access to the admin panel, you can do it into Gmail. You can do it in Hotmail like you can just change your name on any service because all it does is literally change this. Your email address is still this weird jumbled. Words. So this bit here like that’s sort of the key like you need to. If you get an email from someone saying like yeah, it’s from, it’s from the director of the company. Right click it, try and reply to that email and see who attends to. Most of the time it’s not going to block most of the time. If it’s legit email, it’ll go to that director and you’ll be able to see their actual email address. But sometimes it ends up in this weird. Email address we’ve never seen before. You know, like, OK, great, good times. Uhm, so don’t worry about it too much. What it says here. Focus on the email address. Do you recognize it? If you don’t miss it, don’t worry about it. Just delay the email. Now what we can, what can we do? About spam, so the first, I think most important point of this. Uhm, set up MFA on any account that you have if you if it. If it offers MFA setup so multifactor authentication is if you log in and you get a text to your phone or you go through an authenticator app or something like that. It’s just another point of authentication during the login process. Uhm, which means if someone gets your email address and your password big deal, they still have to have your phone as well to get into the account. It’s still annoying if I have your email address, and possibly because you get text messages every five minutes, but. You at least got that extra level of protection, meaning that if someone does come in and somehow managed to get all that information, it’s still protected because they need a physical device to get in, which is generally on your person at all times. Now, just like leave it somewhere, but that’s another issue entirely. Hover over the links in emails just to see where they go. If you don’t recognize the address, don’t do that. Check sending address. That’s sort of what we went over on this one. If the sending address doesn’t match the person that it’s coming from. Do anything they’re asking you ‘cause it’s wrong. If you weren’t expecting the email. Call someone pick up the phone, call the company and say hey did I get like did you send this? Was this supposed to come to me? ‘cause? It’s really hard to do a spam email when you’re talking to a person. ‘cause it’s a phone call. So I look for generic greetings as well. So dear Sir, gaming like all of that. Like very, very generic stuff that you’ve seen 1000 times. Uhm, lookout for those generic greetings. And that’s sort of the first red flag apart from the email address being funky, and if you aren’t sure, just delete it at the end of the day, it was important if it was legitimate. Uhm? Then like someone would have. They will follow up with you either by phone or by another email. I’m chance R&B by phone in the second time to say hey, did you get my email and then just say yeah it looked dodgy so I deleted it. Cool, so we have a special offer today which I forgot to mention up top there. All of the live attendees are eligible for free half hour concert with our team to ask any questions privately if you need to get in contact with us, here is our information. So thank you everyone for attending. Say next time.
Contact the team at ServiceScaler today for a free and confidential discussion
Contact Us