1. Phishing 網路釣魚

網路釣魚通常用 email 去欺騙收信人，要求提供敏感資料(sensitive data)、chhi̍h 惡意的 link、抑是打開惡意的附加檔案。
Phishing 的形式：

• Phish
• Spear Phishing 以一个使用者族群為目標。
• Whaling以一个高階經理為目標。
• Smishing使用 sms(text) messaging。

Ài 注意的指標佮方法：

• Spoofed commumication
• Urgent or threatening language
• Competition winner
• Tax refund
• Sender's email address
• Requests for personal information
• Suspicious links

預防的方法：

• Do not click on links or download attachments
• Report the phishing attempt immediately
• Educate yourself and others
• Change passwords

2. Anomalous behavior recognition(ABR)

• Risky
• Unexpected
• Unintenntional

3. User Guidance and Training

• Policy/handbooks
• Situational awareness
• Insider threat
• Password management
• Removable media and cables
• Social engineering
• Operational security
• Hybrid/remote work environments

4. Reporting and Montoring

• Effectiveness
• Development
• Execution