Types and Dangers of Phishing Schemes

You are the IT Manager for Titan Industries, a Florida based company that makes and sells
Widgets to customers all over the world. You have just been alerted to a high number of
Phishing attempts against the company and its employees. In response, upper management has asked you to prepare a white paper to inform and train the employees on the types and dangers of Phishing schemes and what each employee should know and do.

Your white paper should include the following information:
● An explanation of what Phishing is
● A summary of the recent Phishing schemes that have targeted the company
● How to recognize a Phishing scheme
● What an employee should do when they suspect a Phishing scheme
● IT Department contact information

After you have collected this information, you need to develop a white paper for your
management. Your paper should have the following format:

● Cover Page containing the following information:
○ The Title of the paper
○ Your Name
○ Your Title with the company (e.g. IT Manager)
○ The Date
○ Table of Contents
● Introduction – discusses the Phishing problem, and why you are writing this white paper
● Definition of Phishing
● How attacks are typically carried out, and the dangers of these attacks
● The specific attacks that occurred against the company
● Your prevention scheme and employee training options
● Recommendations to prevent against phishing attacks
● Conclusions
● References

Research and Information Gathering:

● Familiarize yourself with the most recent and common types of phishing attacks. Websites like the Anti-Phishing Working Group or Cybersecurity & Infrastructure Security Agency will have up-to-date information on common phishing tactics.
● Collate any internal data or information on the phishing attempts that targeted Titan Industries.
● Consolidate information on how to identify phishing attempts and best practices on responding to them.

Introduction:
● Highlight the increasing threat of phishing attacks.
● Emphasize the importance of employee awareness as the first line of defense.
● Purpose of the white paper.

Definition of Phishing:
● Explain what phishing is in simple terms.
● Discuss common phishing methods (e.g., email phishing, spear phishing, smishing, etc.)

How Attacks Are Typically Carried Out:
● Elaborate on the method of operations used by attackers.
● Discuss the dangers, such as financial loss, data breaches, loss of customer trust, etc.

Specific Attacks Against Titan Industries:
● Without revealing sensitive information, provide an overview of the nature and scale of the attacks the company has faced.
● Discuss how they were identified and managed.

Prevention Scheme and Employee Training Options:
● Detail the current measures in place within the company.
● Announce or suggest a regular employee training schedule on cybersecurity.
● Highlight the importance of software and systems updates.

Recommendations:
● Reinforce the importance of vigilance and reporting suspicious activity.
● Suggest measures like two-factor authentication, regular password updates, etc.
● Encourage employees to participate in regular training sessions.

Conclusions:
● Reiterate the importance of a proactive approach to combating phishing.
● Encourage open communication between employees and the IT department.

References:
● Cite any external sources of information or statistics used in the white paper.