3/16/16
Jason Belford
March 2016
What do you have of value?
http://mcsminmywords.wordpress.com/2014/08/17/money/
http://wecai.org
1
3/16/16
What does the University have of value?
• 
• 
• 
• 
• 
Employee Data (SSN, DOB, tax information …)
Financial Data (Investments, Credit Cards, … )
Patient Data (Medical records, insurance, …)
Research Data (IP, ITAR/Export Controlled,..)
Student Data (SSN, DOB, Grades, …)
Who wants your valuable stuff?
2
3/16/16
How are they going to get it?
http://s3.amazonaws.com/rapgenius
Phishing: What is it?
Phishing is a fraudulent activity that
attempts to acquire sensitive information
such as usernames, passwords and credit
card numbers by masquerading as a
trustworthy and legitimate entity
3
3/16/16
Triple Check!
Rule1:Checkthewebaddress(URL)
Rule2:Watchforredflags/trustyourgut
Rule3:Whenindoubt,stopandask!!
What cannot be faked in an email?
FromName
FromAddress
Date/Time
Message
Links
4
3/16/16
Phishing
h)p://www.virginia-edu1.com/integrated-system…
Dissect the URL – 3rd Slash
h)ps://netbadge.virginia.edu/
h)ps://netbadge.virginia.edu/
h)ps://netbadge.virginia.edu/
h)ps://netbadge.virginia.edu/
h)ps://netbadge.virginia.edu
5
3/16/16
Phishing
Re:[RI-DISCUSS]Palo
AltovsForUnet
h)p://www.virginia-edu1.com/integrated-system…
Desktop/Laptop: Verify the Link
HoveryourmouseoverthelinkunUlthereallinkpopsup.
6
3/16/16
Mobile: Verify the Link
HoldthelinkwithyourthumbunUlthereallinkpopsup.
Browser: Verify the Link
7
3/16/16
iTunes Phishing
http://account.verification.ituns.com
UPS Phishing
http://ups.packagetracking.trackyourpkg.com
8
3/16/16
Red Flags
Note::Redflagswouldindicateapossibleproblem.
Thelackofredflagsdoesnotvalidateamessage.
 
 
 
 
Email required action on your part (i.e. click link)
Email appeals to human greed, fear, or curiosity
Email contains misspellings / improper grammar
Email has link / attachment you were not expecting
Questions?
He who knows best knows how little he knows. --Thomas Jefferson
9