際際滷

際際滷Share a Scribd company logo
 
SOCIAL ENGINEERING  PhishMe Reporting Tool Date: By: January 19, 2016


1

TEAM TALK  LEADER GUIDE
WHO NEEDS TO KNOW: PFCU Leadership and Cast Members BY WHEN
TOTAL TIME
Leader Prep: 5 Min
With Cast: 10-15 Min
Purpose:
Give an overview of Social Engineering, Cast Member responsibilities and
how the PhishMe software will easily assist Cast Members in reporting
Phishing attempts.
Overview
This Team Talk is focused on three areas:
 Defining Social Engineering;
 Defining Cast Member roles
 Using the PhishMe software and clarifying Cast
Member reporting
This information will be
distributed via:
 CORE > Public
Pages >
Information
Security
Copies:
The Leader Guide is for
Leaders only.
Talking Point #1:
Defining Social Engineering
Talking Point #1 is used to explain what Social
Engineering is and how it is designed to prey on Cast
Members by taking advantage of the Partners culture
of service.
The goal of Social Engineers is to access our computer
systems by tricking our Cast Members into believing
they are credible and trusted. Social Engineers will do this
via phone calls soliciting personal information and/or
emails which will attempt to connect to our systems.
Social Engineers or Phishers are hopeful that people
will:
 Be Helpful Towards Others
 Be Trusting of Our Members
 Want To Do The Right Thing
The exact same characteristics Partners expect and
 
SOCIAL ENGINEERING  PhishMe Reporting Tool Date: By: January 19, 2016


2

TEAM TALK  LEADER GUIDE
Talking Point #2:
Defining Cast Member
Roles
receive from our Cast Members every day which makes
us susceptible to phishing attempts!
Talking Point #2 pertains to each Cast Members
responsibilities in safeguarding our Members and
company data.
Cast Members play an important role in and are the first
line of defense in safeguarding our Members and
company information.
Refer to the Quick Reference Guide, Best Phishing
Practices section.
Ask CMs to complete section 1 and 2 of the Activity
Sheet and then review the answers using the key
provided below.
Phish in the Blank Exercise Answer Key
Social Engineers phish for personal information via
PHONE calls and EMAILS.
While it is important that I be HELPFUL towards
others, TRUST our Members and Do The RIGHT
THING , often times Social Engineers will try to use
this against me!
Phish Fact or Phish Story Answer Key
Email Personal Or Financial Information STORY
Only Provide Information on Trusted Websites FACT
Be Careful Downloading Files FACT
Anyone May Be Diagnosing Your Computer STORY
Protect Your Credentials FACT
Adhere to Our Policies FACT
Theres No Need To Pay Attention! STORY
 
SOCIAL ENGINEERING  PhishMe Reporting Tool Date: By: January 19, 2016


3

TEAM TALK  LEADER GUIDE

Talking Point #3:
Reporting Phishing
Conclusion
As we shared, it is critical that you know the risks, signs
and report Phishing attempts. We are excited to launch a
new reporting tool embedded in Outlook called PhishMe.
PhishMe will enable you to quickly report Phishing
attempts. Its easy! Simplyclick the PhishMe button
in Outlook and it will forward the suspicious email to the
appropriate mailbox and delete it from your inbox.
For mobile users, please continue to forward the
suspicious email as an attachment to
pfcubademail@partnersfcu.org.
If you think youve received a phishing phone call,
remember the following:
 PFCU IT or Disney IT Cast Members will NEVER
ask you for your password! Remember IT can
remote into your computer any time.
 If a Cast Member from PFCU IT or Disney IT calls
you (which would rarely happen), call them back
at ext. 6300.
Social Engineering is a constant threat of which we must
all be aware and vigilant. Protecting the integrity of our
personal, company and Members information is critical
and you are a HUGE part of the solution!
If you have any questions, please see your leader and
remember, Risk Management is here to help you as well.
You can also reference the Quick Reference Guide and
other key resources on the Information Security CORE
page located here: CORE > Public Pages > Information
Security.

More Related Content

Social Engineering Team Talk 1 PhishMe Leader Guide Final

  • 1. SOCIAL ENGINEERING PhishMe Reporting Tool Date: By: January 19, 2016 1 TEAM TALK LEADER GUIDE WHO NEEDS TO KNOW: PFCU Leadership and Cast Members BY WHEN TOTAL TIME Leader Prep: 5 Min With Cast: 10-15 Min Purpose: Give an overview of Social Engineering, Cast Member responsibilities and how the PhishMe software will easily assist Cast Members in reporting Phishing attempts. Overview This Team Talk is focused on three areas: Defining Social Engineering; Defining Cast Member roles Using the PhishMe software and clarifying Cast Member reporting This information will be distributed via: CORE > Public Pages > Information Security Copies: The Leader Guide is for Leaders only. Talking Point #1: Defining Social Engineering Talking Point #1 is used to explain what Social Engineering is and how it is designed to prey on Cast Members by taking advantage of the Partners culture of service. The goal of Social Engineers is to access our computer systems by tricking our Cast Members into believing they are credible and trusted. Social Engineers will do this via phone calls soliciting personal information and/or emails which will attempt to connect to our systems. Social Engineers or Phishers are hopeful that people will: Be Helpful Towards Others Be Trusting of Our Members Want To Do The Right Thing The exact same characteristics Partners expect and
  • 2. SOCIAL ENGINEERING PhishMe Reporting Tool Date: By: January 19, 2016 2 TEAM TALK LEADER GUIDE Talking Point #2: Defining Cast Member Roles receive from our Cast Members every day which makes us susceptible to phishing attempts! Talking Point #2 pertains to each Cast Members responsibilities in safeguarding our Members and company data. Cast Members play an important role in and are the first line of defense in safeguarding our Members and company information. Refer to the Quick Reference Guide, Best Phishing Practices section. Ask CMs to complete section 1 and 2 of the Activity Sheet and then review the answers using the key provided below. Phish in the Blank Exercise Answer Key Social Engineers phish for personal information via PHONE calls and EMAILS. While it is important that I be HELPFUL towards others, TRUST our Members and Do The RIGHT THING , often times Social Engineers will try to use this against me! Phish Fact or Phish Story Answer Key Email Personal Or Financial Information STORY Only Provide Information on Trusted Websites FACT Be Careful Downloading Files FACT Anyone May Be Diagnosing Your Computer STORY Protect Your Credentials FACT Adhere to Our Policies FACT Theres No Need To Pay Attention! STORY
  • 3. SOCIAL ENGINEERING PhishMe Reporting Tool Date: By: January 19, 2016 3 TEAM TALK LEADER GUIDE Talking Point #3: Reporting Phishing Conclusion As we shared, it is critical that you know the risks, signs and report Phishing attempts. We are excited to launch a new reporting tool embedded in Outlook called PhishMe. PhishMe will enable you to quickly report Phishing attempts. Its easy! Simplyclick the PhishMe button in Outlook and it will forward the suspicious email to the appropriate mailbox and delete it from your inbox. For mobile users, please continue to forward the suspicious email as an attachment to pfcubademail@partnersfcu.org. If you think youve received a phishing phone call, remember the following: PFCU IT or Disney IT Cast Members will NEVER ask you for your password! Remember IT can remote into your computer any time. If a Cast Member from PFCU IT or Disney IT calls you (which would rarely happen), call them back at ext. 6300. Social Engineering is a constant threat of which we must all be aware and vigilant. Protecting the integrity of our personal, company and Members information is critical and you are a HUGE part of the solution! If you have any questions, please see your leader and remember, Risk Management is here to help you as well. You can also reference the Quick Reference Guide and other key resources on the Information Security CORE page located here: CORE > Public Pages > Information Security.