Phishing Attacks on Small Businesses
Added on 2022-12-27
6 Pages1484 Words81 Views
TASK 1
Jane created a profile on a social networking site. She added her friends, posted a few pictures and filled out
some of the optional fields including birthday, place of birth, email address and interests. She also joined a
few groups such as one for her old school class and a previous employees’ details.
Jane didn’t change her security settings so that “everyone” could see her profile.
Jane started to receive friend requests from people she didn’t know but accepted some of the requests
because they had similar interests or were friends of friends.
With all the personal history available on Jane’s profile, one of her “new friends” was able to forge
documents and make a fake ID using her profile picture. The fake friend, was then able to get a credit card in
Jane’s name and ran up a debt.
1.1 Which of the below threat poses cyber security risk?
a. Malware
b. Credit card skimming
c. Hacking
d. Stolen credentials
Answer:
Stolen credentials
1.2 Identify one other type of cyber threat that can impact personal data security and explain how this type
of threat might access personal information? (max 100 words)
Answer:
Another type of cyber threat that can impact personal data security of a person is “Phishing”.
Phishing is a crime done via internet in which a victim is targeted by contacting through email,
telephone and text message by somebody posturing as a genuine organization to trap persons into
giving delicate information such as personal recognizable data, finance and credit card particulars
or and private codes.
1.3 A. Describe two (2) things Jane could have done (or not done) to limit the possibility of this threat.
B. Clarify how these options may assist in protecting her privacy?
Answer:
Jane should have kept its information private on social site by using the feature of keep account
private. This option had helped her in not accessing her account from those people who are unknown
to her so that no one can misuse such information of hers.
Jane created a profile on a social networking site. She added her friends, posted a few pictures and filled out
some of the optional fields including birthday, place of birth, email address and interests. She also joined a
few groups such as one for her old school class and a previous employees’ details.
Jane didn’t change her security settings so that “everyone” could see her profile.
Jane started to receive friend requests from people she didn’t know but accepted some of the requests
because they had similar interests or were friends of friends.
With all the personal history available on Jane’s profile, one of her “new friends” was able to forge
documents and make a fake ID using her profile picture. The fake friend, was then able to get a credit card in
Jane’s name and ran up a debt.
1.1 Which of the below threat poses cyber security risk?
a. Malware
b. Credit card skimming
c. Hacking
d. Stolen credentials
Answer:
Stolen credentials
1.2 Identify one other type of cyber threat that can impact personal data security and explain how this type
of threat might access personal information? (max 100 words)
Answer:
Another type of cyber threat that can impact personal data security of a person is “Phishing”.
Phishing is a crime done via internet in which a victim is targeted by contacting through email,
telephone and text message by somebody posturing as a genuine organization to trap persons into
giving delicate information such as personal recognizable data, finance and credit card particulars
or and private codes.
1.3 A. Describe two (2) things Jane could have done (or not done) to limit the possibility of this threat.
B. Clarify how these options may assist in protecting her privacy?
Answer:
Jane should have kept its information private on social site by using the feature of keep account
private. This option had helped her in not accessing her account from those people who are unknown
to her so that no one can misuse such information of hers.
Jane should not accept the friend request of those people whom she don’t have a trust as this creates
the sense of insecurity. This option had helped her to safeguard its account’s privacy so that no one
can make her fake account in order to do cybercrime.
the sense of insecurity. This option had helped her to safeguard its account’s privacy so that no one
can make her fake account in order to do cybercrime.
TASK 2
An employee of WIDGET accounting who was involved in Human Resource (HR) activities and in assisting the
organisation with training, uses the internet daily to identify training options for employees. After visiting an
informative training site, the HR officer clicked on a web advertisement which upon viewing downloaded an
application and infected her work computer.
Once the software started running on the HR officer’s computer, it encrypted her files making them
inaccessible. On attempting to access the files, a pop-up message was displayed advising the HR officer to pay
in bitcoin to obtain the private key for decrypting the files.
2.1 Which of the below threat poses cyber security risk?
a. Social Engineering
b. Hacking
c. Ransomware
d. Micro transactions
Answer:
Ransomware
2.2 How did encrypting the files prevent the officer from accessing the files and how would this impact an
organisation? (max 100 words)
Answer:
Encrypting the files prevent the officer from accessing the files because encryption provides security to
data at all times, it maintains integrity, it protects privacy, it is considered as the part of compliance and it
protects data across all devices. These are the reasons where encrypted files can safeguard their data from
unauthorised access. Organization can gain the positive impact of encrypting its data such as increase of
productivity, competitive advantage, more sales and revenue generations, maintenance of confidentiality of
data and protection against losses.
2.3 A. Develop a process the business could implement to reduce this threat for future attacks.
B. How could you evaluate the success of this process? (max 150 words)
Answer:
Processes the business could implement to reduce the threat of ransomware for future attacks such as
the installation of antivirus software can help the company in fighting against such situation in a very effective
manner. Company must provide the employees in an organization a training and development program for
better security awareness among employees so that they can themselves tackle such problems before any
losses in the company. Backing up data is the most important process because it recovers the private and
important data or information that has lost due to ransomware attacks. Access control is an another process
which controls the access of the unauthorised user to the data to maintain the privacy until that person don’t
have any administrative rights to access the data. Evaluation can be performed in order to judge the success of
An employee of WIDGET accounting who was involved in Human Resource (HR) activities and in assisting the
organisation with training, uses the internet daily to identify training options for employees. After visiting an
informative training site, the HR officer clicked on a web advertisement which upon viewing downloaded an
application and infected her work computer.
Once the software started running on the HR officer’s computer, it encrypted her files making them
inaccessible. On attempting to access the files, a pop-up message was displayed advising the HR officer to pay
in bitcoin to obtain the private key for decrypting the files.
2.1 Which of the below threat poses cyber security risk?
a. Social Engineering
b. Hacking
c. Ransomware
d. Micro transactions
Answer:
Ransomware
2.2 How did encrypting the files prevent the officer from accessing the files and how would this impact an
organisation? (max 100 words)
Answer:
Encrypting the files prevent the officer from accessing the files because encryption provides security to
data at all times, it maintains integrity, it protects privacy, it is considered as the part of compliance and it
protects data across all devices. These are the reasons where encrypted files can safeguard their data from
unauthorised access. Organization can gain the positive impact of encrypting its data such as increase of
productivity, competitive advantage, more sales and revenue generations, maintenance of confidentiality of
data and protection against losses.
2.3 A. Develop a process the business could implement to reduce this threat for future attacks.
B. How could you evaluate the success of this process? (max 150 words)
Answer:
Processes the business could implement to reduce the threat of ransomware for future attacks such as
the installation of antivirus software can help the company in fighting against such situation in a very effective
manner. Company must provide the employees in an organization a training and development program for
better security awareness among employees so that they can themselves tackle such problems before any
losses in the company. Backing up data is the most important process because it recovers the private and
important data or information that has lost due to ransomware attacks. Access control is an another process
which controls the access of the unauthorised user to the data to maintain the privacy until that person don’t
have any administrative rights to access the data. Evaluation can be performed in order to judge the success of
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
BLAW 6 6 BLAW QUESTION-ANSWER ON CRITICAL THINKING EXERCISE Name of the Student Name of the Universitylg...
|7
|1125
|15