Lecture on Security Concerns: Phishing, Tailgating, and Shoulder Surfing

Phishing

Definition: Fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communication.
Example: Emails or text messages encouraging you to visit a website or input credentials.
Indicators of Phishing:
- URL discrepancies
- Poor quality images or graphics on the webpage
- Inconsistencies in text
Best Practices:
- Verify URLs before clicking
- Avoid clicking links from unknown sources
- Be observant of page elements that seem off

Tailgating:
- Unauthorized person gains access by following an authorized person through a locked door.
- No consent from the authorized person.
Piggybacking:
- Unauthorized person is allowed access by an authorized person, often known to them.
- No use of credentials or access cards, usually due to convenience (e.g., carrying a box).
Security Measures:
- Verify identities of those entering
- Implement specific policies for visitors (badges, escort requirements)
- Ensure all persons scan in, especially in high-security areas (access control vestibules/airlocks)

Definition: Unauthorized viewing of sensitive information on someone’s screen.
Methods:
- Direct observation in offices or public places (e.g., coffee shops, airports)
- Use of optical devices (binoculars, telescopes) in close-proximity buildings
- Malware that captures screen information
Prevention:
- Be conscious of surroundings and who might be able to see your screen
- Use privacy filters on screens
- Position monitors to reduce visibility from windows or hallways
- Remain vigilant about screen content and location

Awareness and diligence in verifying URLs and site authenticity can prevent phishing.
Strict protocols and personal accountability are key to preventing tailgating and piggybacking.
Utilizing privacy tools and situational awareness can mitigate shoulder surfing risks.
Simple security techniques can significantly reduce vulnerability to these threats.