Question

Must post first.

Write a short "newsletter" article (3 to 5 paragraphs) for the non-technical managers and employees at Sifers-Grayson to explain the following:

(a) What is Phishing? (Focus on phishing emails and targeted attacks that include spear phishing and whaling.)

(b) What "bad things" can happen when a successful phishing attack gives outsiders access to company networks and computers?

(c) How can employees avoid "biting" on a "phish?"

(d) How should employees report phishing attacks? Why is immediate reporting critical to stopping the attackers?

Since this article is for a newsletter, you may use an informal but professional tone (address the reader as "you," use "we" and "our" to refer to the organization's perspective). The focus of the article should be upon changing how people think about and respond to computer security incidents. Humor is good but should not lessen the severity of the problem.

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your article

Answer 1

Phishing is a type of cyber attack in which a fraud attempts to get the sensitive information of a person by the means of email or telephone or any other network means. The fraud projects him/her as a trusted entity and attempt to get some sensitive or personal information like username or password or bank related details of the victim. The phishing is mainly of two types spear phishing and whaling.Usually a phishing attack may be sent to many but in case of spear phishing the target is the individual and the hacker or the bad guy sends a personalized email or any other message to get the sensitive information.The hacker impersonates as a known person to the victim.The second type of phishing attack is called whaling which is a special case of spear phishing in which the target is sent a mail by the attacker by impersonating as a highly influential people like senior manager or VP or CEO. This is also a target phishing like spear phishing.

The list of 'bad things ' that can happen to an organization or company when the phishing attack provides an access to the network of the company is very long.The top of this list would be the overall loss to the company in its revenue. The loss can be different at different times.If the hacker gets access to the network it can bring down the servers or other network devices which can result into incurring loss to the organization due to the downtime faced. The phishing attack may also result into the loss of reputation in the market due to any unethical acts done by the attacker by impersonating any employee of the organization or the company.

The major things that needs to be taken care of to avoid biting on a 'phish' are :

1. Check if the email or message is very tempting or lucrative in nature.
2. Always check that the URL is https and not only http.
3. The phishing attack normally ask the user or victim as an urgent task to be performed.
4. Always be aware to open any hyperlinks and check them before opening in the browser.
5. Always be aware to open any attachments and check them before opening in the computer/system.
6. Check for the identity of the user who has sent the message.
7. Always check before performing any action about the unknown sender .

The immediate action which should be performed when you find that you are a victim of the phishing attack can be changing your passwords and then checking the system for any misbehavior or any malicious file or virus present in the system. Immediately inform your higher-ups in the company or organization for this phishing attack.The phishing attack might result into an access in the  network of the company and thus it is important to immediately inform the network management team and other employee involved in the firewall and security of the company. If you find that the attacker has got your information by the phishing attack then you must do a security scan of your system at the earliest and activate two factor authentication for any data like credit card transaction or any other sensitive data which you think can be altered or can be harmful.