Hello and welcome. My name is Tyler Bowman with Aruba at Hewlett Packard Enterprise company and this is the network security basics course. In the last video, we were taking a look at app poisoning. We were taking a look at password management, a little bit on phishing and social engineering. Now we're going to follow that up in this video we're going to look at a series of emails and judge whether these are going to be phishing attempts or whether they're legitimate emails. Sit back and let's jump on in. Our lab activity number one, we do have a series of labs demonstrations that I have for you but this lab is more just a fun one where we're going to try and guess, is this a good email or a bad email? What I have for you is I have three emails that were going to review. We're going to analyze these and really look and see are these potential phishing emails or not and what makes them phishing emails. Because ultimately the only way to defend against social engineering attacks is training. Is letting you training yourself on how to pick up on when a social engineering attack is taking place. If you get any sense of like, okay, I don't know what's going on here, you should always feel that you can go to a supervisor or a manager or pick up the phone and call somebody regardless and that you're not going to be punished for that. Then we can look at creating a plan and educate our users but I've pretty much covered that right here. Let's look at our first email. We have email number one from order confirmation nooreply@o64.onechanges.com. Date subject $10 PayPal, that sounds good and it's sent to our would-be recipient here. This is the email and got little official PayPal logo we see to PayPal gift card, tell us what you like about PayPal, Get a $10 gift card. Thank you for your feedback. Click here to claim now. If you don't want to subscribe or if you want to unsubscribe, you click here as well. Think for a second. Take a look at this, read it through, and does it look real? I mean, we got legitimate graphics here, we've got legitimate PayPal icons. The font looks very nice. It seems like this could be legitimate email. What can we do? Well, first thing you can do is you can hover over the claim now or the click here. When you hover over these clickable buttons, what your browser will do is it will pop up and show you where they lead to. Now I did this in a Word document, so it says click here to follow, but normally you would see at the bottom of your browser a little informational tab saying, this is what the URL is. If you do it for the no reply, you get the no replies, so I would expect that to be normal and it is after all, able to tell where it came from. When you do the claim now here, it's going to t.co, blah, blah, which is a URL shortener and the unsubscribe is the same as well. Now this could be legitimate, but the point is, is that this is a URL shortener. It doesn't actually say PayPal, www.paypal.com to a secure asserted website that PayPal would have been authenticated against. We have no real way to know if I click the claim now where this is going to take us. For that reason, I say this as a phishing email. The other tip that this might be a phishing email is that it's too good to be true. They're trying to entice the user to click on something. Let's take a look at email number two. This one might be a little bit different from Drive fact, and it is from drivefact.org, although weird name, but whatever. Client whatever to stop receiving these emails from us, hit "Reply" and let us know. Please confirm you unsubscribe. To confirm your unsubscribe, please click here or on the link below. Unsubscribe me. Thank you. So an annoying email, man, I really would not like to be subscribed to this email. I don't even know how I got subscribed to it. Here I go. Phishing or not phishing? You can pause the video. I'm going to probably say phishing and a couple of tips here: one, the hook is that it's an annoying email. I don't want to be subscribed, so of course I'm unsubscribing. The big giveaway here is the bad grammar, bad spelling, everything is capitalized for some reason. Confirm your unsubscribe. Receiving these emails from us, hit "Reply" and let us know. It just is doesn't seem like anything that would be from this drive fact, whatever this is. Again, we can hover over these links without selecting them. When we do the "Please click here" or "Unsubscribe me" opens up our own email address book and promptly mails this message to everyone else in our organization. All in all, this is most likely a phishing attack. The third and final email, the first two, not looking so good, but this one looks pretty legitimate. It's from our BGXYZ Bank. It's got a bank logo. Dear value customer, I like that, respect, we believe your account may have been compromised. Please click the link below to change your password to prevent any unauthorized individuals from accessing your account. Very professional, very clean. They got the official logo in their copyright. Everything looks pretty good. Look at it for a second here. I don't know if you see anything that would indicate this is phishing. Looks pretty good. Let's do the old click and hover, and we're going to click here. We see that it has taken us to an Amazon Virtual Machine in Amazon Web Services. So this is an online virtual machine that anyone can lease. That's probably a bad sign. The other bad sign here is that it's from your bank, could be from your IT staff. Same thing. They believe your accounts being compromise. Click the link to change your password. No one should ever send an email out like this from legitimate organization. What can happen here is you click here and they may have a web server set up that looks exactly like your bank website asking you to log in and give them your password. That might even take you to the legitimate bank's website or a spoofed or a man in the middle version of it, where everything you type gets replied to the bank. The bank sends your account information, they forward it to you in real time. So you think you're on the bank's website except the circuits aren't going to match up. Although if it's enough to keep the victim from thinking there's a problem, they may not notice as their account as being emptied out. Again, the best way to secure against these types of phishing attacks as social engineering attacks is just educate, educate, educate your customers. Anyway, I like these. These are a nice little educational Tibet's that I think everyone can use. I think we're going to end it there. In the next video, we're going to take a look at some of the compliance requirements and some of the ways that Aruba from abroad perspective anyway, seeks to defend your network. Not just through education, through courses like this, but actually through hardware and software practices that we use. Let's stop there for today. Thank you very much for your time, and I'll see you guys in the next video.
