CAM 2022 VSH Week 2

Posted by Dan Boyd Posted on October 10, 2022

You made it! Welcome to week 2 of the CAM 2022 Virtual Scavenger Hunt!

I hope you are enjoying the process of discovering answers and learning a little bit along the way.

    All of the questions this week are about phishing emails. If you've never heard the term before, phishing emails are a form of social engineering designed to trick you into giving up your passwords or opening a malicious document, resulting in a loss of control over your account or a compromise of your device. Answer questions about how to spot them, what their impact on businesses is in estimated dollar amounts, and more. Get all the answers correct and you'll move to the next level of the scavenger hunt, opening up on October 17th.

    Cyren is a cybersecurity company that posts a security blog on a regular basis. The August 3rd, 2021 blog post entitled "2021 Phishing and BEC Attacks" points out some significant information in an annual data breach report put out by Verizon. The first of these points is "Phishing is responsible for the vast majority of breaches...". A few paragraphs down they point out that while "BEC (business email compromise) accounts for about 17% of the breaches caused by social engineering...breaches caused by traditional phishing are about __%.

    The Cybersecurity News & Alerts site has a Quick Info page about phishing. While poor grammar and not knowing or having a business connection to the purported sender are excellent clues that an email is phishing, the fact that the emails almost always claim to be ______, causing you to feel pressure to respond or open the attachment, is one of the biggest red flags.

    Hoxhunt is a cybersecurity awareness training provider. In their December 10, 2021 blog post, they talk about the real cost of phishing. While they explain that the real cost of phishing will be felt in cyber insurance premiums (cyber insurance policies are taken out to help protect businesses from loss due to a cybersecurity incident, much like the average person gets house or car insurance), they also give some real numbers about average losses by companies in 2021. How much (in millions of dollars) do they say is the average loss?

    BJ Fogg, PhD, is a renowned behavioral scientist whose model of human behavior can be leveraged in the world of security awareness and wielded as a weapon by phishers. According to BJ's model, which is explained in detail at behaviormodel.org, behavior happens when motivation, ability, and a ______ all come together at the same moment. According to the website, the model can be summarized with the simple equation B=MAP. What does the letter P denote in the equation?

    (Visited 15 times, 1 visits today)