COURSE 7 – CYBERSECURITY CAPSTONE: BREACH RESPONSE CASE STUDIES

Module 2: Phishing Scams

IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE

Complete Coursera Study Guide

Enroll in Coursera IBM Cybersecurity Analyst Professional Certificate Here

TABLE OF CONTENT

INTRODUCTION – Phishing Scams

Welcome to the comprehensive module on phishing scams. Throughout this module, you will delve deeply into the intricacies of phishing scams, gaining an in-depth understanding of their mechanics, strategies, and implications.

Additionally, you will examine a compelling case study detailing a phishing attack perpetrated against two corporations, providing valuable insights into real-world scenarios and the devastating impact of such cyber threats. Prepare to enhance your knowledge and awareness of phishing scams as we navigate through this informative journey.

Learning Objectives

  • List measures that could have prevented the Facebook and Google phishing breach
  • Describe the cost and impact of the Facebook and Google phishing breach
  • Identify vulnerabilities exploited in the Facebook and Google phishing breach
  • Summarize the timeline of the Facebook and Google phishing breach
  • Identify common types of identity theft
  • Describe the impact of phishing on individuals and corporations
  • Identify the common signs of a phishing email
  • Describe different types of phishing scams
  • Explain how phishing scams work

INTRODUCTION TO PHISHING SCAMS KNOWLEDGE CHECK

1. Some of the earliest known phishing attacks were carried out against which company?

  • Google
  • Facebook
  • Yahoo
  • America Online (AOL) (CORRECT)

2. You have banked at “MyBank” for many years when you receive an urgent email telling you to log in to verify your security credentials or your account would be frozen. You are not wealthy but what little you have managed to save is in this bank. The email is addressed to “Dear Customer” and upon closer inspection you see it was sent from “security@mybank.yahoo.com”. What kind of attack are you under?

  • As a phishing attack. (CORRECT)
  • No attack, this is a legitimate note from the security department of your bank.
  • A spear phishing attack.
  • A whale attack.

3. True or False. HTTPS assures passwords and other data that is sent across the Internet is encrypted. Links in email that use HTTPS will protect you against phishing attacks.

  • True
  • False (CORRECT)

4. Which feature of this email is a red flag, indicating that it may be a phishing attack and not a legitimate account warning from PayPal?

sjjLry3a7uk

  • Suspicious sender’s address. (CORRECT)
  • Suspicious attachments.
  • There is a hyperlink in the body of the email.
  • Poor quality layout.

5. Which three (3) of these statistics about phishing attacks are real? (Select 3)

  • The average cost of a data breach is $3.86 million. (CORRECT)
  • 15% of people successfully phished will be targeted at least one more time within a year. (CORRECT)
  • 12% of businesses reported being the victim of a phishing attack in 2018.
  • Phishing accounts for 90% of data breaches. (CORRECT)

Partially correct!

6. Which range best represents the number of unique phishing web sites reported to the Anti-Phishing Working Group (apwg.org) in Q4 2019?

  • Between 100 and 200.
  • Between 1500 and 1800.
  • Between 130,000 and 140,000. (CORRECT)
  • Between 1.3 million and 1.4 million.

PHISHING CASE STUDY KNOWLEDGE CHECK

1. Which three (3) techniques are commonly used in a phishing attack? (Select 3)

  • Breaking in to an office at night and installing a key logging device on the victim’s computer.
  • Make an urgent request to cause the recipient to take quick action before thinking carefully. (CORRECT)
  • Send an email from an address that very closely resembles a legitimate address. (CORRECT)
  • Sending an email with a fake invoice that is overdue. (CORRECT)

Partially correct!

2. You are working as an engineer on the design of a new product your company hopes will be a big seller when you receive an email from someone you do not personally know. The email is addressed to you and was sent by someone who identifies herself as the VP of your Product division. She wants you to send her a zip file of your design documents so she can review them. While her name is that of the real VP, she explains that she is using her personal email system since her company account is having problems. You suspect fraud. What kind of attack are you likely under?

  • A man in the middle attack.
  • A phishing attack.
  • A spear phishing attack. (CORRECT)
  • A whale attack.

3. Phishing attacks are often sent from spoofed domains that look just like popular real domains. Which brand has been spoofed the most in phishing attacks?

  • Microsoft
  • Google (CORRECT)
  • IBM
  • Apple

4. Which feature of this email is a red flag, indicating that it may be a phishing attack and not a legitimate account warning from PayPal?

WEqlJH1jXuFt7qKGtKn EjL5b1rp OCveo nKMqCNQQbmoEp5knvIM22YM6Lb kCzx0Wvpw2BAis 0eQXVj8mG89MvGsUqJtvK4jlabOskxuJKUzTbdH7Wi6Sp YzVqgM08LB5V08yj

  • Suspicious attachments
  • There is a hyperlink in the body of the email
  • Poor quality layout
  • There are spelling errors. (CORRECT)

5. Which three (3) of these statistics about phishing attacks are real? (Select 3)

  • 94% of phishing messages are opened by their targeted users.
  • BEC (Business Email Compromise) scams accounted for over $12 billion in losses according the US FBI. (CORRECT)
  • 76% of businesses reported being a victim of phishing attacks in 2018. (CORRECT)
  • Phishing attempts grew 65% between 2017 and 2018. (CORRECT)

Partially correct!

6. Which is the most common type of identity theft?

  • Credit card fraud (CORRECT)
  • Phone or utility fraud
  • Loan or lease fraud
  • Government documents or benefits fraud

CONCLUSION – Phishing Scams

In conclusion, this module has provided a thorough examination of phishing scams, equipping you with the knowledge and tools necessary to recognize, prevent, and mitigate the risks associated with these malicious attacks. By delving into a detailed case study of a phishing attack on two corporations, you’ve gained invaluable insights into the tactics employed by cybercriminals and the potential consequences for organizations.

Armed with this understanding, you are better prepared to safeguard yourself and your organization against the pervasive threat of phishing scams. Remember to remain vigilant, stay informed, and implement best practices to ensure the security of your digital assets and personal information in an increasingly interconnected world.

Previous Week
Next Week

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe