1 00:00:01,500 --> 00:00:02,990 Validate with the sender. 2 00:00:03,340 --> 00:00:05,470 If it’s a friend or colleague 3 00:00:05,510 --> 00:00:06,639 that has sent you something 4 00:00:06,640 --> 00:00:09,450 with a link or attachment that you didn't request, 5 00:00:09,940 --> 00:00:12,269 then use a different medium to contact them 6 00:00:12,270 --> 00:00:14,090 and validate that they sent it. 7 00:00:14,440 --> 00:00:15,789 If it’s sent from a company, 8 00:00:15,790 --> 00:00:18,169 like your bank or a social site, 9 00:00:18,170 --> 00:00:20,249 you should contact them too if it’s possible 10 00:00:20,250 --> 00:00:21,950 to confirm the legitimacy. 11 00:00:22,230 --> 00:00:23,889 If it’s from a company or a person 12 00:00:23,890 --> 00:00:27,260 you have no relationship with, then be immediately suspicious. 13 00:00:27,740 --> 00:00:29,719 Check the domain name of the email address 14 00:00:29,720 --> 00:00:30,820 that it has been sent from. 15 00:00:31,210 --> 00:00:34,020 If it's not the domain of the company, 16 00:00:34,070 --> 00:00:36,519 and it’s something like Hotmail or Gmail, 17 00:00:36,520 --> 00:00:38,060 then it’s definitely fake. 18 00:00:38,290 --> 00:00:40,339 Companies can afford their own domain names, 19 00:00:40,340 --> 00:00:43,890 they don't need to use Yahoo, or Gmail, or Hotmail. 20 00:00:44,490 --> 00:00:46,279 Copy the email contents 21 00:00:46,280 --> 00:00:48,800 and past it into your favorite search engine. 22 00:00:51,990 --> 00:00:54,080 But be careful not to click on any link. 23 00:00:54,360 --> 00:00:55,680 If it’s a known attack, 24 00:00:56,170 --> 00:00:58,400 it will be found by your \search engine, 25 00:00:58,480 --> 00:01:01,150 if it’s an attack that’s been out for a few days. 26 00:01:01,340 --> 00:01:03,549 If it’s a brand new attack, 27 00:01:03,550 --> 00:01:06,260 it may not come up in the search engine results, 28 00:01:06,500 --> 00:01:09,800 but here we can see phishing scam straight away, 29 00:01:10,090 --> 00:01:11,090 and you will get that 30 00:01:11,290 --> 00:01:13,180 for many of the phishing emails that you get, 31 00:01:13,290 --> 00:01:15,310 because they are identified 32 00:01:15,420 --> 00:01:17,550 by the security companies fairly quickly. 33 00:01:18,080 --> 00:01:19,629 There’s often an option to view 34 00:01:19,630 --> 00:01:22,160 the raw email and email headers 35 00:01:22,270 --> 00:01:23,340 that you’ve received 36 00:01:23,440 --> 00:01:25,459 depending on the email client that you’ve got, 37 00:01:25,460 --> 00:01:28,760 so this is an option that isn't always available within webmail, 38 00:01:28,930 --> 00:01:29,930 but if you do have it, 39 00:01:29,931 --> 00:01:33,370 say it’s in Thunderbird, or mail for OS X, 40 00:01:33,620 --> 00:01:35,260 then you can look at this, 41 00:01:35,850 --> 00:01:37,259 you can examine the content 42 00:01:37,260 --> 00:01:40,180 and see whether it matches what it’s claiming to be. 43 00:01:40,360 --> 00:01:41,429 And to make that easier, 44 00:01:41,430 --> 00:01:43,800 you can use this site, parsemail.org, 45 00:01:44,850 --> 00:01:48,210 so copy this, paste it into here, 46 00:01:51,000 --> 00:01:53,980 click this, after five minutes, Submit. 47 00:01:56,420 --> 00:01:58,369 This here is just an example of an email that I’ve got, 48 00:01:58,370 --> 00:02:00,460 this is actually a legitimate email. 49 00:02:00,830 --> 00:02:02,880 So if this was from a company, like this is, 50 00:02:03,090 --> 00:02:04,730 I can check out things like 51 00:02:04,920 --> 00:02:06,870 its IP address where it come from, 52 00:02:07,220 --> 00:02:08,380 the various domains, 53 00:02:08,660 --> 00:02:10,219 and see whether that is actually 54 00:02:10,220 --> 00:02:13,420 genuinely associated with that company. 55 00:02:14,000 --> 00:02:15,636 You can do a search for the company name 56 00:02:15,637 --> 00:02:18,680 and see if it has a legitimate internet presence, 57 00:02:18,933 --> 00:02:20,479 see if it has their own site, 58 00:02:20,480 --> 00:02:22,373 their own telephone numbers to call. 59 00:02:22,533 --> 00:02:24,120 If not, it’s likely to be fake. 60 00:02:24,746 --> 00:02:26,373 If they do have a website, 61 00:02:26,533 --> 00:02:29,986 does it have a private listing in Whois? 62 00:02:30,053 --> 00:02:32,559 You can go to any of the Whois services 63 00:02:32,560 --> 00:02:33,583 and do a search for this, 64 00:02:33,584 --> 00:02:34,813 but if you go for this one, 65 00:02:35,040 --> 00:02:37,200 I’ve just picked an example here, blob.com, 66 00:02:37,360 --> 00:02:38,360 do a search 67 00:02:40,680 --> 00:02:42,266 and let's have a look at blob.com. 68 00:02:45,453 --> 00:02:47,107 And we can see here that blob.com 69 00:02:47,108 --> 00:02:49,862 is using a privacy protection service, 70 00:02:50,165 --> 00:02:52,571 which mean it’s hiding who the owner is. 71 00:02:52,880 --> 00:02:54,708 A private listing is okay 72 00:02:54,808 --> 00:02:56,494 for a personal website or a blog 73 00:02:56,495 --> 00:02:58,231 or an information only website. 74 00:02:58,506 --> 00:02:59,773 If it is a private listing, 75 00:02:59,774 --> 00:03:02,560 then this could be a sign that something is a bit off, 76 00:03:02,626 --> 00:03:04,833 because mostly businesses that are selling something 77 00:03:04,834 --> 00:03:07,346 will have non-private listings. 78 00:03:07,546 --> 00:03:10,144 They should identify the company that owns the domain, 79 00:03:10,145 --> 00:03:11,874 or the person that owns the domain. 80 00:03:12,262 --> 00:03:15,291 Example being the BBC here. 81 00:03:15,428 --> 00:03:16,428 So you can see 82 00:03:17,611 --> 00:03:20,365 the full details of who owns the BBC, 83 00:03:20,742 --> 00:03:23,885 the company, the address, the registered address, etc. 84 00:03:24,045 --> 00:03:25,245 That’s the sort of information 85 00:03:25,246 --> 00:03:27,508 you would want to see from a Whois result. 86 00:03:29,554 --> 00:03:33,062 If you look here, you can also do a reverse IP address lookup. 87 00:03:34,891 --> 00:03:36,879 So this is the IP address of the server 88 00:03:36,880 --> 00:03:39,965 in relation to this domain name, blob.com. 89 00:03:41,165 --> 00:03:42,843 If we do a reverse look upon it, 90 00:03:42,844 --> 00:03:44,733 we can see what other domains 91 00:03:44,734 --> 00:03:46,951 are associated with this IP address. 92 00:03:48,568 --> 00:03:49,376 And we can see here, 93 00:03:49,377 --> 00:03:55,942 it’s listed three and another 1.1 million other domains, 94 00:03:56,160 --> 00:03:58,365 so that is extremely unusual. 95 00:03:58,662 --> 00:04:00,544 But what you can do here is, 96 00:04:00,545 --> 00:04:01,668 you can look to see whether 97 00:04:01,760 --> 00:04:04,582 any of these other domains are suspicious. 98 00:04:04,834 --> 00:04:06,891 So you could Google these domains as well 99 00:04:07,028 --> 00:04:08,754 and that will be an indicator as to whether 100 00:04:08,755 --> 00:04:10,480 the main domain that you had, 101 00:04:10,594 --> 00:04:13,828 blob.com in this case, is a legitimate domain. 102 00:04:14,320 --> 00:04:15,040 Also you can just 103 00:04:15,041 --> 00:04:17,872 look at the general characteristics of the website, 104 00:04:17,873 --> 00:04:20,971 does the site look like it’s been quickly put together? 105 00:04:21,075 --> 00:04:23,239 Did the links on the website work? 106 00:04:23,240 --> 00:04:26,341 And there unrelated photos or content? 107 00:04:26,370 --> 00:04:29,389 Do the pictures, links and contents on the page match, 108 00:04:29,390 --> 00:04:32,843 and the theme and purpose of the page and website 109 00:04:32,930 --> 00:04:33,930 all go together? 110 00:04:33,970 --> 00:04:36,189 Is the information vague or inaccurate 111 00:04:36,190 --> 00:04:37,796 if they’re trying to sell you something? 112 00:04:37,912 --> 00:04:39,854 You can determine if something’s cloned 113 00:04:39,855 --> 00:04:43,381 by copying and pasting parts of the site 114 00:04:43,832 --> 00:04:45,431 into your favorite search engine, 115 00:04:45,432 --> 00:04:47,505 and see whether this site has been cloned. 116 00:04:47,665 --> 00:04:49,489 Again, this gives you an indicator 117 00:04:49,490 --> 00:04:51,210 as to whether or not it's some sort of scam. 118 00:04:51,549 --> 00:04:53,650 Another warning sign is a redirect. 119 00:04:54,450 --> 00:04:56,960 So if you typed in the URL, 120 00:04:57,141 --> 00:04:58,720 or you clicked on the link 121 00:04:59,389 --> 00:05:01,745 and then it forwards you to somewhere else, 122 00:05:02,123 --> 00:05:03,876 that’s a sign of a scam as well. 123 00:05:04,603 --> 00:05:06,652 You should validate any attachment 124 00:05:06,653 --> 00:05:08,303 that is with the message, 125 00:05:08,304 --> 00:05:10,239 so never download and run any file 126 00:05:10,240 --> 00:05:12,298 you don't 100% trust, as I’ve said. 127 00:05:12,647 --> 00:05:14,014 You can use total virus 128 00:05:14,015 --> 00:05:17,259 to check if the attachment is a known malware 129 00:05:17,260 --> 00:05:22,224 by forwarding the email to scan@virustotal.com. 130 00:05:22,400 --> 00:05:23,696 Check out this link here, 131 00:05:24,064 --> 00:05:25,696 follow the instructions that are on here, 132 00:05:25,824 --> 00:05:28,224 and that’ll show you how you can forward your email 133 00:05:28,272 --> 00:05:30,128 to Virus Total for it to be checked, 134 00:05:30,896 --> 00:05:32,544 but essentially you can just forward, 135 00:05:33,600 --> 00:05:37,840 send it to scan@virustotal.com and Send. 136 00:05:38,272 --> 00:05:39,799 But read this to make sure 137 00:05:39,800 --> 00:05:40,871 you’re doing the latest thing 138 00:05:40,872 --> 00:05:42,453 that they’re requesting you to do. 139 00:05:42,720 --> 00:05:45,960 This isn’t obviously a completely conclusive check, 140 00:05:46,140 --> 00:05:48,360 as antiviruses are flawed, 141 00:05:48,480 --> 00:05:50,211 they only know known viruses. 142 00:05:50,330 --> 00:05:51,449 If it shows as clear, 143 00:05:51,450 --> 00:05:53,260 it still can be malware, 144 00:05:53,380 --> 00:05:55,290 and maybe custom malware for you, 145 00:05:55,440 --> 00:05:57,020 or just very new malware, 146 00:05:57,100 --> 00:05:58,713 but if it shows as infected, 147 00:05:58,714 --> 00:06:00,613 then obviously it should be avoided. 148 00:06:01,200 --> 00:06:01,951 What you see here 149 00:06:01,952 --> 00:06:07,300 is a non-exhausted list of executable file types. 150 00:06:07,400 --> 00:06:11,180 You should absolutely never ever run any of these, 151 00:06:11,460 --> 00:06:14,840 unless you are 100% sure that you trust the source. 152 00:06:15,020 --> 00:06:16,749 These are all programs, 153 00:06:16,750 --> 00:06:18,729 so have the power to do anything 154 00:06:18,730 --> 00:06:21,030 on your computer if you run them. 155 00:06:21,310 --> 00:06:23,229 This is a list of the file extensions, 156 00:06:23,230 --> 00:06:25,209 so this will be at the end of the files. 157 00:06:25,210 --> 00:06:29,657 It will be file name .exe, .com, .vb. 158 00:06:30,257 --> 00:06:32,592 And this is a list of document extensions 159 00:06:32,640 --> 00:06:34,912 that also should be avoided. 160 00:06:35,088 --> 00:06:38,909 These can contain executable macro viruses, 161 00:06:38,910 --> 00:06:41,216 so you should be very careful when running these. 162 00:06:41,264 --> 00:06:44,368 Excel, Word, Adobe, in particular, 163 00:06:44,416 --> 00:06:46,061 can contain these viruses, 164 00:06:46,062 --> 00:06:48,116 so be careful about running these. 165 00:06:49,015 --> 00:06:53,347 These are some of the compression and file archive extensions. 166 00:06:53,483 --> 00:06:56,430 These are often used to hide executables, 167 00:06:56,547 --> 00:06:58,092 so be careful with these too, 168 00:06:58,178 --> 00:07:00,443 as you might find executable files 169 00:07:00,603 --> 00:07:03,704 within the archive, if you un-archive it. 170 00:07:04,227 --> 00:07:05,753 And finally, these are a list 171 00:07:05,803 --> 00:07:08,621 of what are probably safe extensions: 172 00:07:08,707 --> 00:07:11,396 .txt, .gif, .jpg, 173 00:07:11,692 --> 00:07:15,470 but it is possible that these could exploit a flaw 174 00:07:15,560 --> 00:07:18,140 if the software you use to view them 175 00:07:18,250 --> 00:07:21,420 has a vulnerability in it, but it’s quite unlikely. 176 00:07:22,310 --> 00:07:23,509 And finally, we’ll finish off 177 00:07:23,510 --> 00:07:24,750 with some of the obvious stuff. 178 00:07:25,000 --> 00:07:26,669 It is obvious, but I’ve got to 179 00:07:26,670 --> 00:07:28,670 say it anyway just to cover it. 180 00:07:28,870 --> 00:07:32,149 If the requester asks for bank account information, 181 00:07:32,150 --> 00:07:33,269 credit card numbers, 182 00:07:33,270 --> 00:07:36,069 your mother’s maiden name or other personal information, 183 00:07:36,070 --> 00:07:38,000 then obviously that is fake. 184 00:07:38,110 --> 00:07:39,356 They’re not going to be sending you that 185 00:07:39,380 --> 00:07:40,990 in an email or a message. 186 00:07:41,270 --> 00:07:44,299 If they send something to you saying you’ve won a prize, 187 00:07:44,300 --> 00:07:46,830 you have won the Nigerian lottery, 188 00:07:46,910 --> 00:07:48,179 or a Prince has contacted you 189 00:07:48,180 --> 00:07:49,930 and he wants to desperately send you money, 190 00:07:50,050 --> 00:07:52,250 obviously these are all fakes. Ignore. 191 00:07:52,390 --> 00:07:55,230 If it contains a lot of hype and exaggerations, 192 00:07:55,320 --> 00:07:59,680 but few facts and details about costs, our obligations, 193 00:07:59,770 --> 00:08:01,380 and how it actually works, 194 00:08:01,570 --> 00:08:03,220 that’s a sign of a scam too. 195 00:08:03,410 --> 00:08:04,620 If you are asked for a fee 196 00:08:04,710 --> 00:08:07,109 for administration processing, 197 00:08:07,110 --> 00:08:09,410 taxes to be paid in advance, 198 00:08:09,590 --> 00:08:12,820 never provide money in advance of receiving anything. 199 00:08:13,000 --> 00:08:14,770 This is the advanced fee scam. 200 00:08:15,040 --> 00:08:17,179 Technical support will never ask you 201 00:08:17,180 --> 00:08:19,710 for your username and password. That’s a scam. 202 00:08:19,930 --> 00:08:22,120 Don't put USBs or CDs 203 00:08:22,220 --> 00:08:24,059 into your computer you don't trust, 204 00:08:24,060 --> 00:08:25,940 especially if you’ve found them on the floor. 205 00:08:26,160 --> 00:08:28,610 Be suspicious of anything that seems to be 206 00:08:28,680 --> 00:08:31,320 too good to be true, it probably is. 207 00:08:32,360 --> 00:08:34,899 If you discover a scam email or link, 208 00:08:34,900 --> 00:08:37,013 or phishing email, or spam, 209 00:08:37,168 --> 00:08:40,971 forward the spam emails onto this email address here 210 00:08:41,245 --> 00:08:42,422 to help stop spam. 211 00:08:42,674 --> 00:08:44,239 If you received a bad email 212 00:08:44,240 --> 00:08:46,525 that’s reportedly from a company, 213 00:08:46,571 --> 00:08:48,742 you can send a copy of that email 214 00:08:48,822 --> 00:08:49,874 to the company 215 00:08:50,000 --> 00:08:52,057 in order to help them prevent the attack. 216 00:08:52,354 --> 00:08:53,803 If you have a phishing email, 217 00:08:53,804 --> 00:08:55,504 you can send it to this email here, 218 00:08:55,505 --> 00:08:57,292 this is the anti phishing work group, 219 00:08:57,440 --> 00:08:59,290 this will help fight phishing attacks. 220 00:08:59,524 --> 00:09:02,919 On vishing and phone calls and phone cons, 221 00:09:02,920 --> 00:09:04,193 one of the best ways to protect 222 00:09:04,266 --> 00:09:05,586 against vishing attacks 223 00:09:05,886 --> 00:09:09,720 is to have a way to confirm with whom you are speaking. 224 00:09:09,900 --> 00:09:13,209 Do not provide any information to an unknown caller, 225 00:09:13,210 --> 00:09:16,339 even if there is a caller id that looks legitimate, 226 00:09:16,340 --> 00:09:17,560 because these can be fake. 227 00:09:17,670 --> 00:09:19,479 With vishing and phone calls, 228 00:09:19,480 --> 00:09:22,770 always have the caller validate their identity. 229 00:09:23,030 --> 00:09:24,060 Ask for their name, 230 00:09:24,180 --> 00:09:27,240 ask for their company name, ask for their title, 231 00:09:27,310 --> 00:09:29,150 and phone number to call them back. 232 00:09:29,350 --> 00:09:31,084 More advanced attackers will have 233 00:09:31,085 --> 00:09:32,800 a legitimate number to call back, 234 00:09:33,143 --> 00:09:36,014 so verify the company by searching the internet 235 00:09:36,145 --> 00:09:38,550 and doing the various checks that we’ve already gone through. 236 00:09:38,903 --> 00:09:40,259 Validate that their company 237 00:09:40,260 --> 00:09:43,040 and everything associated with it is legitimate, 238 00:09:43,190 --> 00:09:45,470 search online for everything that they’ve said 239 00:09:45,570 --> 00:09:48,420 to validate who they are and what they are claiming. 240 00:09:49,080 --> 00:09:50,470 When it comes to offline, 241 00:09:50,680 --> 00:09:52,610 to reduce the risk of being a target 242 00:09:52,780 --> 00:09:54,790 buy and use a paper shredder. 243 00:09:55,080 --> 00:09:58,130 Anything with personal information \should be shredded, 244 00:09:58,460 --> 00:10:00,780 don't carry a social security card with you, 245 00:10:01,010 --> 00:10:01,890 and make sure you report 246 00:10:01,891 --> 00:10:05,070 lost or stolen checks and credit cards immediately. 247 00:10:05,500 --> 00:10:07,890 So these are the behavioral changes, 248 00:10:08,190 --> 00:10:09,779 or perhaps these are not changes 249 00:10:09,780 --> 00:10:12,550 for those of you who are already doing these things, 250 00:10:12,800 --> 00:10:14,710 that can help mitigate against 251 00:10:14,840 --> 00:10:20,600 social attacks like phishing, vishing, smishing, spam, scams and cons.