Module 3 Discussion - Phishing
.docx
School
Southern New Hampshire University**We aren't endorsed by this school
Course
IT 200
Subject
Information Systems
Date
Dec 17, 2024
Pages
3
Uploaded by SuperHumanWorld13598
Initial ResponseFirst thing, there’s a spelling mistake on “presents”. The phrase “I made cool cash” isn’t professional. The You shouldn’t be capitalized. The website is a non-functioning site. Interest should be interesting. No such thing as Anytown, US. The HR email is a bunch of gargled characters and letters. Departments are usually just Human Resources. Benefits is a completely different department and process. You can identity a phishing email by miss spellings, non-working websites, odd phone numbers, wrong department names. Slight deviations to real logos. If you call the listed phone number and a different person or organization answers. If it sounds too good to be true, more than likely it is false. Employees will give vital information, personal and maybe company, away if they fall into the trap of a phishing email. They need to know to look for grammatical errors, professional wording, to call the listed number to see if it’s a working number. Logos should also be checked out. They need to have phishing training as part of the job.Change your passwords often, Install biomarkers or another 2-factor-authentication. Privacy screens need to be attached to computers to limit over-the-shoulder attacks. Don’t have employees sitting on top of each other so no one can peak around the corner and look at sensitive information. Tell the employees not to write the password to their computers down.
1stResponse to StudentI thought your post was nice and thorough. Made me think about somethings I missed in my discussion post. Another thing people and companies might be able to do is to call the number on the phishing email to see if it is a real place. This would probably work better if an employee received a suspicious callfrom someone posing as an employee for another company. I don’t know the percentage, but I know phishing emails come to personal email addresses as well. In addition to your idea of training about not clicking on links, I think employees need to be trained on the fact of not sending anyone money or mailing anything or anything the people ask for in the email. I’ve known some sympathetic and compassionate people send money to some of these scams and are out a lot of money. People at companies come being on one spectrum or the other, often in between, when it comes to technology skills. Maybe an employee comes to the company and is new to email and new to the world of computing. I think special trainings should be conducted for people like this. I’m not too familiar with networks or fire walls, yet, but companies could adjust these things so that phishing emails don’t come in because they’re blocked. But then you run the risk, like with home networks and web watcher programs, of filtering out too much stuff and you miss important stuff that comes through email.
Reply to a Comment on My PostYou’re right in having regular security awareness training for all employees. Yep, employees need to know about phishing emails and other potential security threats. As the G.I. Joe cartoon used to say at the end of the show, “Knowing is half the battle,” employees have to act on the things they learn at these trainings. One thing I thought of is this. Employees come to companies on either end, or some in the middle, of the level of technology scale. I have to think that some employees come, especially at smaller companies, with no email skills and a small toolbox of tech skills. Maybe they’ve never fully immersed themselves in tech before coming to work. So, I think another level of training should be for these employees that come with few email/tech skills so they know about security risks and learn new email security skills.