CYBERSECURITY PROFICIENCY IMPROVEMENT TRAINING (CPIT) Taxpayer's edition: Take control of

your data

Why Should You Care about Cybersecurity?

What's Happening Around Us?

 Work from Home / Hybrid Work Arrangement

 Spread Social Media (Facebook, Tik Tok, etc.)
 Online Shopping
 Online Money Remittances
 Online Payments for bills, tickets, and other transactions (ePay, Gcash, Maya, Bayad Center,
etc.)
 Video Chat sites (Omegle, Ometv, etc.)
 Online dating apps (Bumble, Tinder, etc.)

Cyber Threats: What is this?

- An activity, deliberate or unintentional, with the potential for causing harm to unautomated
information system or activity.

"A cyber threat or cybersecurity threat is a malicious act intended to steal or damage data or disrupt the
digital wellbeing and stability of an individual."

Types of Cyber Attack

 Malware
 Denial-of-Service (DOS)
 Phishing
 Spoofing
 Identity-Based Attacks
 Code Injection Attacks
 Supply Chain Attacks
 Insider Threats
 Social Engineering
 Eavesdropping
MALWARE

- Software or firmware intended to perform an unauthorized process that will have adverse
impact on the confidentiality, integrity, or availability of an information system. A virus, worm,
Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware
are also examples

Types of Malware

 Virus
 Worms
 Rootkits
 Spyware
 Adware
 Trojans
 Ransomware

How to be Protected Against Malware?

 Install and use anti-malware software

 Keep up-to-date
 Beware of downloads
 Be careful what you click

PHISHING

A technique for attempting to acquire sensitive data, such as bank account number through a fraudulent
solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or
reputable person.

How Does Phishing Work?

1. Attacker sends phishing mail to target

2. Victim clicks on Phishing link and visits fake website
3. Hacker collects important credentials
4. Hacker uses victim's credentials to access private information

Types of Phishing Attacks

 Phishing Email
 Spear Phishing
 Whaling
 Pharming
 SMS Phishing (Smishing)
  Voice Phishing (Vishing)
 QR Phishing (Quishing)
 CEO Fraud
 Clone Phishing
 Evil Twin Phishing
 Social Media Phishing

How to Identify a Phishing Message?

A. Unusual or generic greetings

B. Subject lines with unusual words or phrases, odd punctuations, or spelling mistakes
C. Offers that seem too good to be true
D. Unusual, unknown, or public domain
E. Urgent or threatening tone
F. Grammatical or spelling errors
G. Suspicious links or attachments
H. Sender origin and request type

PREVENTION OF DATA EXFILTRATION

What are the Types of Data?

 Personal Identifiable Information (PII)

 Sensitive Personal Information (SPI)
 Privileged Information
 Intellectual Property (IP)

Privileged Information

 Husband and Wife

 Attorney and Client
 Doctor and Patient
 Priest and Penitent

TRADE SECRETS

In general, to qualify as a trade secret, the information must be:

 Commercially valuable because it is secret,

 Be known only to a limited group of persons, and
  Be subject to reasonable steps taken by the rightful holder of the information to keep it secret,
including the use of confidentiality agreements for business partners and employees.

Personal Identifiable Information (PII) Simplified

Any information that:

(a) can be used to identify the PII principal to whom such information relates, or

(b) is or might be directly or indirectly linked to a PII principal

 Name
 Personal Identification Numbers
 Address
 Biometric Data
 Pictures

How to Protect Your Secrets?

• Be careful about sharing your information

• Lock down your social media accounts
• Lock down your devices
• Familiarize and use embedded security features of your apps

ARE YOU BEING SOCIAL- ENGINEERED?

Social Engineering Scenarios:

 Email
 In-person
 Smartphone
 Social Networking
 Landline

Social Engineering Techniques:

 Phishing
 Pretexting
 Baiting
 Quid pro quo
 Tailgating

Social Engineering Objectives

 Passwords
  Credit Card Numbers
 Bank Account Information
 Documents
 Messages and Call Records
 Contacts
 Access to a system

Our Defenses

 Limit
 Verify
 Report

SECURING YOUR SPACE: PHYSICAL AND BEHAVIORAL CYBERSECURITY

 Cybersecurity for secure browsing

 Cybersecurity for the secure use of devices
 Physical security for a secure home and workplace

A Secured Website

1. Use known browsers

2. Look for an SSL certificate
3. Make sure the site is real
4. There are Few (or no) Pop-Ups

A Secured Website

 A lock icon on the far left side of the address bar

 "https://" at the beginning of the URL

Typosquatting

www.google.com

 www.goggle.com
 www.foogle.com

www.facebook.com

 facebok.com
 fcebook.com
Spoofed Sites

- These sites are designed to look like a real, familiar site to phish your data.

Typosquatting

- These sites are built on deliberately misspelled or similar URLs and can host malware.
-

How to Avoid Fake Sites?

 Slow down when typing in URLs

 Use a search engine when visiting new sites
 Always look at the URL before you enter sensitive information
 Don't click on links from strangers

 Is It Related to the Site You're On? If not, close the pop-up and get off of the site.
 Is It Requesting Financial or Personal Information? If so, close it and avoid the site in the future
 Is It Telling You There's Something Wrong With Your Computer or Phone? Scareware tries to
trick you into downloading potentially harmful software to your device.

How to know if an app is safe?

1. Review the ratings and comments

2. Download apps from official stores
3. Select Recommended Apps
4. Pay attentions to the permissions the app requests

Lock your Devices

 Use the embedded features of your mobile device

 Face Scan
 Fingerprint scanner
 Pin
 Password

Practice Password Hygiene

Password hygiene
 Try passphrases
 Steer clear of password reuse
 Employ password managers
 Review cycle frequency
 Use MFA every- where possible
 Cultivate security awareness.