Security Awareness (Email

security awareness : phising,

spam mail, virus mail)

What Is security awareness

Security awareness is the knowledge and attitude
members of an organization possess regarding the
protection of the physical, and especially informational,
assets of that organization. Many organizations require
formal security awareness training for all workers when
they join the organization and periodically thereafter,
usually annually

 knowledge and attitude

for what?
physical and especially informational , assets of
organization or theirselves

Why we need security awareness

Untuk menjaga kerahasiaan data baik data pribadi
maupun organisasi atau perusahaan
Kebocoran data perusahaan untuk hal tertentu akan
merugikan perusahaan. (ksh contoh di video
kerugiannya)

What is email security

menjaga kerahasiaan data akses ke email seseorang
Apa yg bisa dilakukan seseorang jika mengetahui data
data email kita?
Social media
Akun jual beli online
Data perusahaan

Email threat
Phising
Spam
virus

What is phishing
Use social engineering techniques through email or instant messaging to
acquire victims personal information
Menggunakan teknik social engineering melalui email atau pesan
singkat untuk mendapatkan data personal yang sensitive dari
seseorang.
The email usually pretends to be from someone trustworthy, like
your bank, UPS/FedEx, a credit card company or an airline, or some
other site for which you may have login credentials. The email
includes a link to an official website that is actually a fake site
operated by the attacker.

how phishing works?

By Email
The most common form of phishing is by email. Pretending to be from
your financial institution, or a legitimate retailer or government
agency, the sender asks you to confirm your personal information
for some made-up reason. Typically, the email contains a link to a
phony Web site that looks just like the real thing with sophisticated
graphics and images. In fact, the fake Web sites are near-replicas of
the real one, making it hard even for experts to distinguish between
the real and fake Web sites. You enter your personal information onto
the Web site and into the hands of identity thieves.
It can be by phone
http://www.phishinginfo.org/how.html

What is spam
Email spam, also known asjunk emailorunsolicited
bulk email(UBE), is a subset ofelectronic spam
involving nearly identical messages sent to numerous
recipients byemail. Clicking onlinks in spam emailmay
send users tophishingweb sites or sites that are
hostingmalware

How spam works

One of the problems with spam, and the reason why there is so much of it, is
that it is so easy to create.
You could easily become a spammer yourself. Let's say that you have a
recipe from your grandmother for the best blueberry muffins ever created. A
friend suggests that you sell the recipe for $5.
You decide that your friend might be on to something, so you send an e-mail
to the 100 people in your personal e-mail address book with the subject line,
"These Blueberry Muffins Have Been Described as Heaven -- You Can Have
the Recipe for $5!" Your e-mail contains a link to your blueberry muffin Web
site. As a result of your 100 e-mails, you get two orders and make $10.
"Wow!" you think, "It cost me nothing to send those 100 e-mails, and I made
$10. If I sent 1,000 e-mails I could make $100. If I sent a million e-mails I
could make $100,000! I wonder where I could get a million e-mail
addresses..."

Virus mail
An e-mail virus is computer code sent to you as an email note attachment which, if activated, will cause
some unexpected and usually harmful effect, such as
destroying certain files on your hard disk and causing
the attachment to be remailed to everyone in your
address book.

 here are all sorts of things you can find in youre-mailbox. In the "destructive" and/or
"annoying" category go e-mail attachments that contain:
Trojan horses
Worms
Viruses
In many cases, e-mail viruses are not "true" viruses because they cannot replicate without
human interaction. Nonetheless, they have been very effective at shutting down major email systems. SeeHow Computer Viruses Workfor details on viruses.
ATrojan horse, aptly named after the seemingly harmless tool of destruction in
Homer'sIliad, secretly carries often-damaging software in a "plain wrapper." The plain
wrapper is normally an e-mail file attachment from someone you may or may not know.
The file attachment name itself can also be very misleading. When yourun the
attachment, it can do all sorts of things, from erasing files to changing your desktop. It
then sends itself along to other people in your address book so that it can propagate itself.

What should we do?

Keep your virus software up-to-date with thelatest
virus signaturesfrom the software vendor, since the
anti-virus software cannot detect new viruses without
an update
If you think a virus has infected yourPCthanks to an email virus that mails itself to people in your address
book,callthose people and tell them not to open the
messages or attachments -- that is the only effective
way to stop the spread.

What should we do?

Tips on How to Avoid Getting Phished
With this in mind, lets discuss some important practices
which will help you avoid becoming the victim of a phisher.
If you are even remotely suspicious of an email, delete it.
Pay close attention to the URL of a website. Malicious
websites may look identical to the legitimate site graphics and layout are identical - but the URL may use a
variation in spelling or a different domain, like .biz vs .com
When accessing the website, verify the correct URL as
http://www.migpi.com. When you click the

 Account Login button or area of interest, ensure you are

being redirected to the correct website by checking the
URL.
Never login by going directly to this page. Always begin
the login process by going to the website main URL and
go through their pages to get to your login area.
Never reveal personal or financial information in an
email and do not respond to email solicitations for this
information. This includes following links sent within an
email.

 Never send sensitive information over the Internet before

checking a website's security. If you are
unsure whether an email request is legitimate, verify the
request by contacting the company directly.
However, you dont want to use the contact information
provided in the email or on the website connected to the
request. Instead, look up contact information from a more
reliable source like a previous statement.
You can also verify a website by clicking on the padlock icon
at the end of the address bar within your browser window.

B. Safe Email Reading

19 /

Be cautious when clicking links in

email
Never give out personal
information upon email request
Ignore spam mail

DANGER

http://www.amazon.com/update

Name:
DANGER

Credit Card:

John Doe
1234 5678 9101 1213

Dont open unexpected email

(and instant messages)
attachments or download links
Scan attachments with antimalware program when in doubt

Confidential Document

2014 Thales

20 /

C. Stay Alert and Be Vigilant

Pay attention to non-Telkom
people (e.g. visitors and vendors)
Watch for suspicious activities
Follow policies and procedures
Lock computer screens when left
unattended
Terminate sessions or log out
when finished
Report abnormal behavior

Confidential Document

2014 Thales