Professional Documents
Culture Documents
Why Cybersecurity?
Malware
Social Engineering
Phishing
2 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
WHY CYBER SECURITY?
4 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
ITS NOT JUST BANKS & TELECOM COMPANIES ANY MORE
ATTACKS ON MANUFACTURING COMPANIES ARE ON THE RISE
5 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
EMPLOYEES ARE THE FIRST AND LAST LINE OF DEFENCE!!
6 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
GODREJ & BOYCE INITIATIVES
Adapted behaviours
8 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
THE GODREJ & BOYCE GUIDELINES
Physical Security
10 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
ACCEPTABLE USAGE OF IT ASSETS GUIDELINES
LAUNCH OF IT ASSETS AND INFORMATION ASSET CLASSIFICATION AND PROTECTION GUIDELINES ACROSS G&B
Physical Security
11 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
USAGE OF THE COMPANYS INFORMATION SYSTEMS
THE KNOW-HOW #1
Authority to utilize the Companys information resources for business purposes only
Downloading, redistribution and printing of copyrighted materials to the Companys information systems strictly prohibited
Disseminating proprietary data or other confidential information in violation of company guidelines is strictly prohibited
Users must ensure that confidential papers, removable storage media as well as laptops are not left unattended on the
work area
Users shall lock their computer systems when they move away from the device
Users shall not share Companys information, classified as confidential or restricted, to a third party unless authorized by
information asset owner
Copyrighted materials belonging to the entities other than Company may not be transmitted by employees
12 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
PASSWORD USAGE
THE KNOW-HOW #2
company access
Ensure that they access the system only through their individual user ID and
password and do not allow anyone else to access the system through their
password
Multiple users should not be allowed to access the system through same email ID
The Perfect Password
13 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
EMAIL SECURITY
THE KNOW-HOW #3
Users shall use only their own corporate E-mail account and not allow anyone else to access
their account
No e-mail or other communication should be sent which intentionally hides the identity of the
sender or represents the sender as someone else or someone from another organization
Any messages or information sent by a user to another individual outside via an electronic
network are statements that normally reflect on the Company. Therefore, all such
communication should be done keeping the Company security and image uppermost in mind
14 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
PHYSICAL SECURITY
THE KNOW-HOW #4
Users shall not enter into the Company without ID badges and they shall always display their ID badges
within the Company
Users shall not allow any unauthorized person to accompany them and / or enter the Company without a
proper gate pass
Users shall ensure that any company asset / documents is taken outside the premises following proper
procedures and authorization on appropriate gate pass
Vendors and third party contractors, who are bringing in their own assets for the purpose of official usage
should declare the same at the security checkpoint and get an entry made on the gate pass
Physical security is the protection of personnel, hardware, software, networks and data from
physical actions and events that could cause serious loss or damage to an enterprise.
15 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
APPROPRIATE USE OF OFFICE EQUIPMENT
THE KNOW-HOW #5
While use of USB storage devices on laptops and desktops shall be allowed,
any unauthorized access would make the employee liable for punitive action
Users shall not download any software directly from the Internet
16 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
ACCEPTABLE USAGE OF SOCIAL MEDIA
THE KNOW-HOW #6
Do not forget to verify the source of message before giving out any information
Go slow and pay keen attention to fine details in emails and messages
Reject requests for online tech support from strangers no matter how legitimate they may
appear
Secure your computer space with a strong firewall, up to date antivirus software and set
your spam filters too high
17 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
MALWARE PROTECTION
THE KNOW-HOW #7
Users shall not open any files attached to an E-mail from a suspicious source whose subject
line is questionable
Users shall delete chain / junk E-mails (Spam) and not forward or reply to any of these mails
Employee should provide information about such emails to the DPH / location HR Head/ BCM
for the branches or on email id infosec@godrej.com
Users shall not download any software directly from the Internet
Users must contact the IT helpdesk in case they have any additional specific software
requirements
Users shall not download security programs or utilities that reveal weaknesses in the security
Users shall not bring any personal media for use on Company computer systems
18 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
ACCEPTABLE USAGE OF IT ASSETS GUIDELINES
LAUNCH OF IT ASSETS AND INFORMATION ASSET CLASSIFICATION AND PROTECTION GUIDELINES ACROSS G&B
Physical Security
19 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
TYPE OF INFORMATION ASSETS
20 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
TYPE OF INFORMATION ASSETS
21 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
TYPE OF INFORMATION ASSETS
22 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
TYPE OF INFORMATION ASSETS
23 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
TYPE OF INFORMATION ASSETS
24 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
DATA CLASSIFICATION
HOW & WHAT TO CLASSIFY
Classification Treatment of Information
Criteria for Classification
Category Assets
Most valuable company information which could be
disclosed only to concerned personnel
Should be handled only by
Its unauthorized disclosure could have adverse impact
Critical limited employees
on operations, stakeholders, business partners and/or
Modification should be
customers
authorized by relevant authority
Leading to legal and financial repercussions and
adverse public opinion
Valuable information which could be disclosed only to
Shared amongst only company
Restricted identified personnel only within the company
employees
While its unauthorized disclosure is against the
Enhance sharing of best
guideline, it is not expected to adversely impact the
practices
company
Information which can be shared freely with personnel It may be freely disseminated
Public outside the company without potential harm
25 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
SCENARIO #1:
I have received a Financial Statement from the Head of the Business Unit. Can I share it with my
EXAMPLES
colleagues, or make changes?
26 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
SCENARIO #2:
I have received a SOP, from my superior, which can be adopted as a best practice
withinEXAMPLES
the Business Unit. Can I share it with my colleagues in other Business Units?
27 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
TYPES OF CYBER SECURITY
THREATS
Malware
What is Malware?
Statistics 2016
Malware Symptoms
The Cure
The Instances
30 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
Short for "malicious software, malware refers to software programs designed to damage
or do other unwanted actions on a computer system
It can cause havoc on a computer's hard drive by deleting files or directory information.
Spyware can gather data from a user's system without the user knowing it
31 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
MALWARE STATISTICS
33 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
MALWARE INFECTED AREAS:
34 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
TYPES OF MALWARE
Worm
Ransomware
Malware
Rootkit Trojan
36 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
VIRUS
software, and then reproduces itself when that software is run. Most often this is
spread by sharing software or files between computers
37 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
WORM
A program that replicates itself and destroys data and files on the computer. Worms
work to eat the system operating files and data files until the drive is empty
38 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
TROJAN
The most dangerous Malware. Trojans are written with the purpose of discovering
your financial information, taking over your computers system resources, and in
larger systems creating a denial-of-service attack
39 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
ROOTKIT
This one is likened to the burglar hiding in the attic, waiting to take from you while you
Many experts recommend completely wiping your hard drive and reinstalling everything
from scratch
It is designed to permit the other information gathering Malware in to get the identity
40 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
RANSOMWARE
If you see this screen that warns you that you have been locked out of your computer
until you pay up. Your system is severely infected with a form of Malware called
Ransomware
It is not a real notification from law enforcement agency, but, rather an infection of the
system itself
Even if you pay to unlock the system, the system is unlocked, but you are not free of it
locking you out again. The request for money, usually in the hundreds of dollars is
completely fake
41 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
SYMPTOMS OF
MALWARE
While these types of malware differ greatly in how they spread and infect computers, they all can produce
similar symptoms. Computers that are infected with malware can exhibit any of the following symptoms:
Increased CPU usage
Freezing or crashing
Programs running, turning off, or reconfiguring themselves (malware will often reconfigure or turn off
antivirus and firewall programs)
Strange computer behaviour
Emails/messages being sent automatically and without users knowledge (a friend receives a strange
email from you that you did not send)
43 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
HOW TO PREVENT?
Purchase and maintain anti-virus software: It is important to only use one anti-virus program, in addition to
performance issues, the programs may conflict causing connection and security problems. Be sure to
keep your security solution up-to-date, out of date security is useless
Keep up-to-date: It is important to download and install all updates for software you are using. Windows
updates should be downloaded and installed when available. These updates often patch security holes.
Installing updates for other applications such as Adobe, Java, and media players should also be installed.
These program updates may also improve the security of these applications
Site Advisor: These programs alert you to the risk level of a website before you enter it. You should also
steer clear of high risk websites such as sites containing pirated software downloads and adult only
material. These sites can contain malicious code
45 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
START WITH PREVENTION!
File Sharing Sites: The files shared on these sites can be fraudulent. Often you
believe you are downloading your favourite song when in reality it is malware or a
virus. Installing these programs often opens a tunnel for any type of program to
execute on your PC
Scan: Periodically scan your computer for malware. These programs can detect and
Beware of e-mail: Dont open e-mail from strangers. You wouldnt let a stranger in your
house so do not let them into your computer. Also beware of unexpected e-mail
attachments that you are not expecting
46 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
DONT CATCH THE COLD!
Stay legit: Pirated and cracked software can contain malware and often prohibits the
software from obtaining updates. Pirated software could also contain keyloggers,
spyware, or other malicious code
Think before you click: Even legitimate websites can contain ads or links that will
forward you to higher risk websites. Social networking sites such as MySpace or
Facebook may display messages tempting you to click a link, such as click here for a
picture of your friend. These links often forward you to a bogus website
47 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
THE CURE
48 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
DO NOT PANIC!
Boot In Safe Mode Or With A Live Antivirus Rescue Disk: By booting in Safe Mode, youre able
to prevent any non-core components from running, allowing you to isolate problems easier. To
do this, restart your computer, and press and hold the F8 key while your computer starts up.
The first option, Safe Mode, should be already selected, but if not, you can navigate to it with
your arrow keys. Then press Enter. Once youre in Safe Mode, you can continue the malware-
removal process
49 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
THE INSTANCES
50 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
51 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
Never trust a random pop up ad
that hasnt been validated by
your existing anti-virus software
52 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
53 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
Avoid clicking on such
claims as they are
always likely to contain
some form of malware!
54 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
55 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
This is a hidden Jotform link
56 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
SOCIAL ENGINEERING
Statistics 2016
Types of Attacks
Scenarios
Conclusion
Social engineering is an attack vector that relies heavily on human interaction and often
involves tricking people into breaking normal security procedures
59 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
STATISTICS 2016
62 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
Types of Attacks
PRETEXTING
63 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
BAITING
Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash
The finder then picks up the device and loads it onto his or her computer, unintentionally
64 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
PHISHING
65 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
PRETEXTING
Pretexting is when one party lies to another to gain access to privileged data
For example, a pretexting scam could involve an attacker who pretends to need
66 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
SCAREWARE
Scareware involves tricking the victim into thinking his computer is infected with
The attacker then offers the victim a solution that will fix the bogus problem; in reality,
the victim is simply tricked into downloading and installing the attacker's malware
67 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
SCENARIOS
68 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
SCENARIO #1:
THE PENTESTER DECIDED TO PHISH FOR AN UNLISTED EMAIL ADDRESS OF A CFO IN THE AT-RISK COMPANY.
HE STARTS BY CALLING THE CFOs ADMINISTRATIVE ASSISTANT:
Phisher: Hi Asha, this is Amit, Im a new hire down in Budgets trying to update some contact lists. Do you
Assistant: I do, but thats not often given out, you can just use my address for most things it is
Asha@LI.com
Phisher: I know that, but Im being put through the ringer down here and I was supposed to have this on
my managers desk an hour ago and now he keeps checking up on me and I just started this job and Ive
Assistant: All right, I understand, you can calm down. The email address is CFO@LI.com
This scenario may seem far-fetched in written form, but change a few names and it quickly becomes real
life
69 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
SCENARIO #2:
THE PENTESTER WANTS TO ENTER THE BUILDING WITHOUT PROPER ACCESS RIGHTS. AFTER DAYS
OF STANDING OUTSIDE A SECURE ENTRANCE TO ACME, LOOKING ANXIOUS, THE PENTESTER FEELS
THE TIME IS RIGHT. HE RECOGNIZES A MAN WHO OFTEN COMES THROUGH THIS ENTRANCE AND
APPROACHES HIM:
Pentester: I left my ID in my car, and my cars in the shop I guess you really SHOULD get an oil
change every 3000 kms.
Man: Ha! Yea, I guess you should.
As the man walks inside, he holds the door open for the pentester.
The man might have been suspicious of the pentester at first, but hes seen him around, and he
shared a bit of his personal life. He even made a joke. That connection stirred some compassion and
let him in the door
70 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
SCENARIO #3:
When was the last time someone said something like, Yea! It was like in that one cricket match, India vs Eng, oh, what was
that cricketers name? He scored 300, just like Sehwag? or something along those lines and you blurt out Karun Nair! to
much celebration and mild envy from a friend whos clearly deficient in knowing great actors from awesome movies.
People like to be smart. Theres no shame in it. Thats why trivia games exist, people watch Jeopardy and most of us have
filled in at least one Sudoku book in our lives. We especially like being smart when we can get recognized for it.
Now, think about when someone calls saying Im trying to call, whatsername, in accounting who stays at Thane and you
suddenly share the name of a person in accounting. That might earn celebration from the engineer on the other end of the
phone, but your impulses just gave something away.
For one week, write down every urge you have to blurt out information someones seeking or struggling to remember. Youre
not likely to actually write these down, but every time it happens, itll make you think for a second. Try it its creepy how
often it comes up.
71 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
PAY CLOSER ATTENTION
When youre in any situation good or bad step back and look at it objectively. Notice what
information is moving, what favors are being done, why its important, what the implications are if the
information moves or if the favor is granted and what the best and worst outcomes of the situation are.
If you really look at situations, many can start to seem a little fishy:
How come the guy outside the building hasnt gone to the auto shop to get his ID when he needs it
every day?
Why cant he remember her name when everyone knows her?
Those questions could have been pivotal, if the people in the scenarios above had taken a step back.
Social engineering attacks are dangerous. Not because we need to remember harder passwords or
remember our IDs at work, but because they dont require a change in knowledge. Changes in
knowledge are actually easy to adapt to. There are tricks to remembering things.
Stopping these attacks requires a change in behavior and there arent any tricks to make that easy.
Changes in behavior require changes in mindsets and paying closer attention.
72 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
PHISHING
What is Phishing?
Types of Phishing
Current Trends
74 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
WHAT IS PHISHING?
75 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
Targeted attacks through phishing especially in large corporates is real and
growing at an alarming rate.
76 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
UNIQUE PHISHING SITES DETECTED OCTOBER 2015 MARCH 2016
77 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
NUMBER OF PHISHING EMAILS OPENED & CLOSED IN FIRST 24 HOURS
78 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
HOW DOES IT WORK?
They will create fake messages and websites, that imitate the original ones and try to lure you
into handing over your personal information
They will either ask you to reply to them, follow a link included in the message or download an
attachment
In order to make phishing look genuine, attackers include photos and information from the
original website
They may even redirect you to the companys website and collect the data through a false
pop-up window. Or it can happen the other way around: they first request your personal data,
then redirect you to the real website
Other times, they tell you that you have been targeted by a scam and that you urgently need to
update your information in order to keep your account safe
79 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
DETECTING PHISHING LINKS
80 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
81 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
82 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
83 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
84 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
85 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
86 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
87 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
TYPES OF PHISHING
Spear phishing is an email directed at specific individuals or companies. It is highly effective and very
well planned
The attackers will take their time and gather all the available information about their target before the
attack: personal history, interests, activities, details about colleagues and any other details they can
find. These are used in order to create a highly personalized and believable email
Its a technique that works because the phishing email appears to be from someone you know and
Spear phishing requires higher efforts, but its success rates are also higher. Its currently the most
And all this just by gathering publicly available information that we freely share on our social media
89 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
EXAMPLE
90 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
WHALE PHISHING
Whale phishing is the term used for attacks directed at high profile targets within
companies, such as upper management or senior executives
These are tailored to appear as critical business email, sent from a legitimate
business authority, that concern the whole company
Here are a few examples: legal subpoenas, managerial issues, consumer complaints
Needless to say that return on investment for attackers is very high in this case. And,
contrary to what youd think, these types of targets are not always as security savvy or
protected as they should be
91 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
EXAMPLE
92 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
CLONE PHISHING
The cyber attackers will use original emails to create a cloned or almost identical
version
Clone phishing emails may claim to be a resend of the original or an updated version
of it
Only this time, the attachment or link is replaced with a malicious version. It appears
to come from the original sender and uses a fake reply-to address
This phishing strategy works because it exploits the trust created from the original mail
93 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
EXAMPLE
94 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
CURRENT PHISHING TRENDS
95 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
CURRENT TRENDS
Cloud Phishing: IT attacks also had a boost in the past year, because of the increasing usage of
cloud storage technology. This is usually distributed via email or social media, as a message sent by
compromised friends accounts or on behalf of a cloud service provider. The stolen information can be
used for extortion, sold to third parties or used in targeted attacks
Government Phishing: Be vigilant when it comes to communications that claim to be from law
enforcement agencies, such as the IRS, FBI or any other entity. The most fraudulent attempts in the
past years were created to mimic IRS communication, in an attempt to steal your financial information
Social Media Phishing: Phishers create websites that look identical to Facebook or LinkedIn or any
other social media websites, using similar URLs and emails, in an attempt to steal login information.
The attackers can then use this to access your account and send messages to friends, to further
spread the illegitimate sites
96 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
HOW TO AVOID THE BAIT!
97 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
HOW TO AVOID GETTING CAUGHT IN THE PHISH NET?
98 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
HOW TO AVOID GETTING CAUGHT IN THE PHISH NET?
99 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
HOW TO AVOID GETTING CAUGHT IN THE PHISH NET?
100 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
HOW TO AVOID GETTING CAUGHT IN THE PHISH NET?
They can attach other types of files, such as PDF or DOC, that contain links. Or they
can hide malware. Other times, they can cause your browser to crash while installing
malware
Lets assume that you already clicked on a link from a suspicious email. Is the domain
correct? Dont forget that the link may look identical, but use a variation in spelling or
domain
101 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
FOLLOW THESE RULES
Hover your mouse over the links in the email message in order to check them BEFORE clicking on them
The URLs may look valid at a first glance, but use a variation in spelling or a different domain ( .net
instead of .com, for example)
Second rule: Look out for IP address links or URL shortners
They can take a long URL, shorten it using services such as bit.ly, and redirect it to the intended
destination
Third rule: Beware of typos or spelling mistakes
This means: images that dont match the background or look formatted to fit the style of the email. Photos
or logos uploaded at low resolution or bad quality
Fifth rule: Beware of missing signatures
Lack of details about the sender or how to contact the company points into phishing direction. A legitimate
company will always provide such information
102 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
WHAT TO DO IF YOU THINK YOU WERE PHISHED?
If you have a hunch that something is wrong, immediately contact your bank or credit
card institution and close the accounts you believe may have been compromised
Change the passwords used for those accounts and then also change the passwords
used for the emails linked to them
Report to the concerned cybersecurity personnel or the IT department if you think your
PC has been breached
Conclusion:
One last advice: always trust your instinct. It may not be the most scientific approach,
but, ultimately, you should just listen to what your intuition tells you. If something feels
wrong, even if you cannot specifically explain why, or if its too good to be true, its better
to stay away from it
103 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
WHOM TO CONTACT IN CASE OF A VIOLATION??
Users are encouraged to consult the following people - the Cyber Security Champions
whenever they need clarifications about the guidelines or about how to act in a particular situation:
104 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
Now that you have understood the module, lets go through a
short quiz to gauge your understanding.
Please click on the Exit Module tab on the top right hand side.
Post that click on the Main Menu tab to return to the home
screen and take the quiz.