<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_PM_001+course+type@vertical+block@1b11f24e7bee4c1d85089c061f20b1b8" data-request-token="cc29c112a05311ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_PM_001+course+type@html+block@fcacc0e082a74bb5ad0000c62baf8b18">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_PM_001+course+type@html+block@fcacc0e082a74bb5ad0000c62baf8b18" data-request-token="cc29c112a05311ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p><strong>Phishing attacks take advantage of the way our brains work</strong>; how our brains tend to fill in gaps, or read over misspelled words. To see this for yourself, try to read the text below. <br /><br /><br /><img src="/assets/courseware/v1/e58daac5548e35f2e5b25186eb709f99/asset-v1:Totem+TP_PM_001+course+type@asset+block/image16.png" alt="Text tweaked" type="saveimage" target="[object Object]" preventdefault="function(){r.isDefaultPrevented=n}" stoppropagation="function(){r.isPropagationStopped=n}" stopimmediatepropagation="function(){r.isImmediatePropagationStopped=n}" isdefaultprevented="function t(){return!1}" ispropagationstopped="function t(){return!1}" isimmediatepropagationstopped="function t(){return!1}" width="100%" /></p>
<p><strong>Could you read the paragraph?</strong> It might have been a bit slower than usual, but you probably still got through it. When you click on a link and land up on a phishing website that looks like one you know, <strong>the URL might be just very slightly tweaked</strong> - our brain just doesn’t pick up that there’s anything different about it.</p>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;"><strong>Tip:</strong> Sometimes the email itself might convincingly look like it’s actually been written by your bank, or a service you use. This is due to a tactic known as “clone phishing” - a legitimate email is copied, and used as the base for a phishing email.</section>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_PM_001+course+type@vertical+block@032202d315044281b4708b6a64517edb" data-request-token="cc29c112a05311ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_PM_001+course+type@html+block@cd231fd03b0546dabc2efb493cd97137">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_PM_001+course+type@html+block@cd231fd03b0546dabc2efb493cd97137" data-request-token="cc29c112a05311ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p><strong>You might have seen phishing emails that were generic</strong>, in a language not normally used by the sender, or filled with spelling errors. These are generic phishing attacks through which a large number of people get targeted in the hope that a few people will click. <br /><br /><strong>But phishing attacks can also be tailored specifically for you</strong>. Such attacks are called “spear phishing”, and might contain personal information that the attacker has found through online research, or perhaps through compromising the emails of a friend or colleague.</p>
<p><img src="/assets/courseware/v1/cb94059c31ac479c103e5ea290f59221/asset-v1:Totem+TP_PM_001+course+type@asset+block/190325_phishing-01.png" alt="Spear phishing" type="saveimage" target="[object Object]" preventdefault="function(){r.isDefaultPrevented=n}" stoppropagation="function(){r.isPropagationStopped=n}" stopimmediatepropagation="function(){r.isImmediatePropagationStopped=n}" isdefaultprevented="function t(){return!1}" ispropagationstopped="function t(){return!1}" isimmediatepropagationstopped="function t(){return!1}" width="100%" /><br /><br />In this case, the attacker spent more time and energy on you than they would have for a generic attack - which means that spear phishing attacks are often very hard to detect. However, understanding that phishing can be highly personalised is a good place to start.</p>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;"><strong>Tip:</strong> Sometimes a phishing attack will specifically target high-level, senior management of organisations or companies; this is known as “<strong>Whaling</strong>’’. Be careful with the information you publish on your organisation’s website, as this could be used to customise a “whaling attack”.</section>
<p></p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_PM_001+course" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_PM_001+course+type@vertical+block@0cfae1b23ee24ff6a61ac54c8a9dea06" data-request-token="cc29c112a05311ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_PM_001+course+type@problem+block@8474a86596e04f69a334bf43a70b4207">
<div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:Totem+TP_PM_001+course" data-block-type="problem" data-usage-id="block-v1:Totem+TP_PM_001+course+type@problem+block@8474a86596e04f69a334bf43a70b4207" data-request-token="cc29c112a05311ebb5bc0242ac120009" data-graded="True" data-has-score="True">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Image Mapped Input is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>