From the course: Career Essentials in System Administration by Microsoft and LinkedIn
Email security from phishing attacks
From the course: Career Essentials in System Administration by Microsoft and LinkedIn
Email security from phishing attacks
- [Instructor] Phishing attacks are typically email sent to a potential victim that does one or more of many actions. The email contents will attempt to get the victim to click a link. The link usually sends them off to an infected or compromised site that will add malware to the victim's computer. It could also just pretend to be another site, like a bank or credit card log on page. Once the credentials are entered, the hacker now has the means to log in and steal the user's money. It could also be a specific kind of phishing, called spear phishing. This is simply to get the user to believe they are someone in charge at an organization. The email will direct the victim to release funds or give personal information that will benefit the hacker. The emails will generally be very professional looking and convincing to the victim. They may include personal details only known to the victim and the user they're replicating. This could have been attained from online information or having hacked the credentials of the user they're pretending to be and monitoring their email. Without certain controls in place, money could be easily transferred directly to the hacker. With all of this information about how a hacker can fool us into giving away money, how do we protect ourselves? The best way is by user training and procedures. Train users how to spot phishing email. If any money needs to be transferred, use procedures such as a phone call or a walk to the person's office to confirm the money needs to be transferred. Send out monthly test phishing emails to users and audit the users that click on them. They can be password reset emails from an outside source to test them as an example. Those that click on the emails may need to watch a video on phishing and pass a short quiz. Use antiphishing services, such as the one from Microsoft 365 Exchange Online. These types of services are expert at spotting and stopping most phishing messages that come into an organization. Phishing campaigns by hackers will continue to become more difficult to spot, so vigilance will be needed to keep users from ever clicking phishing emails in the future.
Contents
-
-
-
-
-
-
-
-
-
What security means to the role of a systems administrator3m 31s
-
Email security from phishing attacks2m 12s
-
Securing the network from attacks2m 26s
-
How to secure your cloud resources4m 35s
-
Data loss prevention8m 7s
-
How to be secure in public places3m 43s
-
Mitigating social engineering attacks3m 15s
-
-
-
-