Phishing Attacks on Small Businesses
VerifiedAdded on 2022/12/27
|6
|1484
|81
AI Summary
Scammers and hackers are targeting small businesses with phishing attacks. This article investigates recent examples of email phishing attacks on commercial businesses and describes the techniques used by attackers to infiltrate the system.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
TASK 1
Jane created a profile on a social networking site. She added her friends, posted a few pictures and filled out
some of the optional fields including birthday, place of birth, email address and interests. She also joined a
few groups such as one for her old school class and a previous employees’ details.
Jane didn’t change her security settings so that “everyone” could see her profile.
Jane started to receive friend requests from people she didn’t know but accepted some of the requests
because they had similar interests or were friends of friends.
With all the personal history available on Jane’s profile, one of her “new friends” was able to forge
documents and make a fake ID using her profile picture. The fake friend, was then able to get a credit card in
Jane’s name and ran up a debt.
1.1 Which of the below threat poses cyber security risk?
a. Malware
b. Credit card skimming
c. Hacking
d. Stolen credentials
Answer:
Stolen credentials
1.2 Identify one other type of cyber threat that can impact personal data security and explain how this type
of threat might access personal information? (max 100 words)
Answer:
Another type of cyber threat that can impact personal data security of a person is “Phishing”.
Phishing is a crime done via internet in which a victim is targeted by contacting through email,
telephone and text message by somebody posturing as a genuine organization to trap persons into
giving delicate information such as personal recognizable data, finance and credit card particulars
or and private codes.
1.3 A. Describe two (2) things Jane could have done (or not done) to limit the possibility of this threat.
B. Clarify how these options may assist in protecting her privacy?
Answer:
Jane should have kept its information private on social site by using the feature of keep account
private. This option had helped her in not accessing her account from those people who are unknown
to her so that no one can misuse such information of hers.
Jane created a profile on a social networking site. She added her friends, posted a few pictures and filled out
some of the optional fields including birthday, place of birth, email address and interests. She also joined a
few groups such as one for her old school class and a previous employees’ details.
Jane didn’t change her security settings so that “everyone” could see her profile.
Jane started to receive friend requests from people she didn’t know but accepted some of the requests
because they had similar interests or were friends of friends.
With all the personal history available on Jane’s profile, one of her “new friends” was able to forge
documents and make a fake ID using her profile picture. The fake friend, was then able to get a credit card in
Jane’s name and ran up a debt.
1.1 Which of the below threat poses cyber security risk?
a. Malware
b. Credit card skimming
c. Hacking
d. Stolen credentials
Answer:
Stolen credentials
1.2 Identify one other type of cyber threat that can impact personal data security and explain how this type
of threat might access personal information? (max 100 words)
Answer:
Another type of cyber threat that can impact personal data security of a person is “Phishing”.
Phishing is a crime done via internet in which a victim is targeted by contacting through email,
telephone and text message by somebody posturing as a genuine organization to trap persons into
giving delicate information such as personal recognizable data, finance and credit card particulars
or and private codes.
1.3 A. Describe two (2) things Jane could have done (or not done) to limit the possibility of this threat.
B. Clarify how these options may assist in protecting her privacy?
Answer:
Jane should have kept its information private on social site by using the feature of keep account
private. This option had helped her in not accessing her account from those people who are unknown
to her so that no one can misuse such information of hers.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Jane should not accept the friend request of those people whom she don’t have a trust as this creates
the sense of insecurity. This option had helped her to safeguard its account’s privacy so that no one
can make her fake account in order to do cybercrime.
the sense of insecurity. This option had helped her to safeguard its account’s privacy so that no one
can make her fake account in order to do cybercrime.
TASK 2
An employee of WIDGET accounting who was involved in Human Resource (HR) activities and in assisting the
organisation with training, uses the internet daily to identify training options for employees. After visiting an
informative training site, the HR officer clicked on a web advertisement which upon viewing downloaded an
application and infected her work computer.
Once the software started running on the HR officer’s computer, it encrypted her files making them
inaccessible. On attempting to access the files, a pop-up message was displayed advising the HR officer to pay
in bitcoin to obtain the private key for decrypting the files.
2.1 Which of the below threat poses cyber security risk?
a. Social Engineering
b. Hacking
c. Ransomware
d. Micro transactions
Answer:
Ransomware
2.2 How did encrypting the files prevent the officer from accessing the files and how would this impact an
organisation? (max 100 words)
Answer:
Encrypting the files prevent the officer from accessing the files because encryption provides security to
data at all times, it maintains integrity, it protects privacy, it is considered as the part of compliance and it
protects data across all devices. These are the reasons where encrypted files can safeguard their data from
unauthorised access. Organization can gain the positive impact of encrypting its data such as increase of
productivity, competitive advantage, more sales and revenue generations, maintenance of confidentiality of
data and protection against losses.
2.3 A. Develop a process the business could implement to reduce this threat for future attacks.
B. How could you evaluate the success of this process? (max 150 words)
Answer:
Processes the business could implement to reduce the threat of ransomware for future attacks such as
the installation of antivirus software can help the company in fighting against such situation in a very effective
manner. Company must provide the employees in an organization a training and development program for
better security awareness among employees so that they can themselves tackle such problems before any
losses in the company. Backing up data is the most important process because it recovers the private and
important data or information that has lost due to ransomware attacks. Access control is an another process
which controls the access of the unauthorised user to the data to maintain the privacy until that person don’t
have any administrative rights to access the data. Evaluation can be performed in order to judge the success of
An employee of WIDGET accounting who was involved in Human Resource (HR) activities and in assisting the
organisation with training, uses the internet daily to identify training options for employees. After visiting an
informative training site, the HR officer clicked on a web advertisement which upon viewing downloaded an
application and infected her work computer.
Once the software started running on the HR officer’s computer, it encrypted her files making them
inaccessible. On attempting to access the files, a pop-up message was displayed advising the HR officer to pay
in bitcoin to obtain the private key for decrypting the files.
2.1 Which of the below threat poses cyber security risk?
a. Social Engineering
b. Hacking
c. Ransomware
d. Micro transactions
Answer:
Ransomware
2.2 How did encrypting the files prevent the officer from accessing the files and how would this impact an
organisation? (max 100 words)
Answer:
Encrypting the files prevent the officer from accessing the files because encryption provides security to
data at all times, it maintains integrity, it protects privacy, it is considered as the part of compliance and it
protects data across all devices. These are the reasons where encrypted files can safeguard their data from
unauthorised access. Organization can gain the positive impact of encrypting its data such as increase of
productivity, competitive advantage, more sales and revenue generations, maintenance of confidentiality of
data and protection against losses.
2.3 A. Develop a process the business could implement to reduce this threat for future attacks.
B. How could you evaluate the success of this process? (max 150 words)
Answer:
Processes the business could implement to reduce the threat of ransomware for future attacks such as
the installation of antivirus software can help the company in fighting against such situation in a very effective
manner. Company must provide the employees in an organization a training and development program for
better security awareness among employees so that they can themselves tackle such problems before any
losses in the company. Backing up data is the most important process because it recovers the private and
important data or information that has lost due to ransomware attacks. Access control is an another process
which controls the access of the unauthorised user to the data to maintain the privacy until that person don’t
have any administrative rights to access the data. Evaluation can be performed in order to judge the success of
such process in the form of analysing and examining the organizational behaviour and performances in order
to keep track with the working, operations and management of the company.
to keep track with the working, operations and management of the company.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TASK 3
Scammers and hackers are targeting small businesses with phishing attacks. Symantec’s Internet
Security Threat Report 2018, indicates there was a 92% increase in the number of blocked phishing
attacks reported.
3.1 Investigate and describe two examples of email phishing attacks on commercial businesses of
recent times reported in the media and mention here.
3.2 Identify who were the culprits of one of the phishing attacks
Answer:
Tasmanian Ambulance – January 2021: Cybersecurity expert calls for replacement technology
following Tasmanian ambulance patient data leak, Tasmanian data leak reveals HIV status of
ambulance patients and mass hack incident exposes Tasmanian patient’s medical data on public
website via email attack.
Flight Centre – 2017, reported December 2020: Flight Centre leaks customer data in an incredibly
stupid way, an investigation into a major data breach involving Flight Centre Travel Group (FCTG)
more than three years ago has found that the company broke a number of Australian Privacy Principles.
Flight Centre hackathon behind 2017 breach, exposed 6918 customers’ data or Full post-mortem
revealed for the first time through email attack. Some travel agents were the culprits in this case.
3.3 Describe what techniques they use to infiltrate the system through the phishing attack? (max
150 words)
Answer:
Email phishing is one of the primary type of a phishing attack through which attackers send the
emails to the organization so that they open the links written in the email and can get trapped in that
mail.
Spear phishing is another type of phishing attack done by emails only by sending the fake job
opportunities with a good package so that people can get trapped into it.
Whaling is also a technique of phishing attack done by emails asking the personal information
like address, bank account details and many more.
3.4 What are the two (2) common trends between the two phishing attacks? (max 150 words
Answer:
Scammers and hackers are targeting small businesses with phishing attacks. Symantec’s Internet
Security Threat Report 2018, indicates there was a 92% increase in the number of blocked phishing
attacks reported.
3.1 Investigate and describe two examples of email phishing attacks on commercial businesses of
recent times reported in the media and mention here.
3.2 Identify who were the culprits of one of the phishing attacks
Answer:
Tasmanian Ambulance – January 2021: Cybersecurity expert calls for replacement technology
following Tasmanian ambulance patient data leak, Tasmanian data leak reveals HIV status of
ambulance patients and mass hack incident exposes Tasmanian patient’s medical data on public
website via email attack.
Flight Centre – 2017, reported December 2020: Flight Centre leaks customer data in an incredibly
stupid way, an investigation into a major data breach involving Flight Centre Travel Group (FCTG)
more than three years ago has found that the company broke a number of Australian Privacy Principles.
Flight Centre hackathon behind 2017 breach, exposed 6918 customers’ data or Full post-mortem
revealed for the first time through email attack. Some travel agents were the culprits in this case.
3.3 Describe what techniques they use to infiltrate the system through the phishing attack? (max
150 words)
Answer:
Email phishing is one of the primary type of a phishing attack through which attackers send the
emails to the organization so that they open the links written in the email and can get trapped in that
mail.
Spear phishing is another type of phishing attack done by emails only by sending the fake job
opportunities with a good package so that people can get trapped into it.
Whaling is also a technique of phishing attack done by emails asking the personal information
like address, bank account details and many more.
3.4 What are the two (2) common trends between the two phishing attacks? (max 150 words
Answer:
Common trend between the two cases is the data breaches which means the leaking of the
private and confidential information of the company they are handling of customers and many more.
This is because the data is a very important asset of every organization through company stand in a
market place with good revenues as data helps in interpreting, estimating and analysing so many
future considerations in an organization. That is why, most of the attackers tries to attack the data of
the company in order to gain money to spoil the image of the firm.
3.5 What are some reasonable steps that could have been taken to minimise this risk of attack?
a. Don’t download any attachments from suspicious emails
b. Be vigilant and pay attention to the details in the email
c. It’s ok to click on links when the company logo is there
d. Don’t click on any links from suspicious emails
e. It’s fine to click on a suspicious email but not on anything inside the email
f. All of the above
Answer:
a. Don’t download any attachments from suspicious emails
b. Be vigilant and pay attention to the details in the email
c. Don’t click on any links from suspicious emails
private and confidential information of the company they are handling of customers and many more.
This is because the data is a very important asset of every organization through company stand in a
market place with good revenues as data helps in interpreting, estimating and analysing so many
future considerations in an organization. That is why, most of the attackers tries to attack the data of
the company in order to gain money to spoil the image of the firm.
3.5 What are some reasonable steps that could have been taken to minimise this risk of attack?
a. Don’t download any attachments from suspicious emails
b. Be vigilant and pay attention to the details in the email
c. It’s ok to click on links when the company logo is there
d. Don’t click on any links from suspicious emails
e. It’s fine to click on a suspicious email but not on anything inside the email
f. All of the above
Answer:
a. Don’t download any attachments from suspicious emails
b. Be vigilant and pay attention to the details in the email
c. Don’t click on any links from suspicious emails
1 out of 6
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.