وحدة 2
Interpersonal Skills for Malicious Infrastructure/Phishing Response
آخر تحديث في: 23 أغسطس 2024
تعديل هذه الصفحة على GitHubوحدة 2
آخر تحديث في: 23 أغسطس 2024
تعديل هذه الصفحة على GitHubIn almost every intervention or support case, practitioners will be working directly with persons affected by an attack or attempted attack. This can often be a stressful and anxiety-inducing experience for targeted persons, and every practitioner should know how to mitigate those pressures.
After completing this subtopic, practitioners will be able to support those who might have received or clicked on malicious emails or links in a responsible way, embodying empathy and focusing on harm reduction informed by the targeted person’s own threat model.
The Security Education Companion contains a multitude of advice on thoughtful, careful, harm-reducing ways to interact as a technology helper. If you are not already familiar with this type of content, we highly advise reviewing the resources in Security Education 101.
After reading through the above resources, you should be able to do the following:
Once you are familiar with the above foundational knowledge, take some time to think about particular interpersonal skills which might be needed for this specific learning path. Every learning path and intervention are slightly different; each one might bring with it different narratives or concerns by learners.
You should be able to:
Note that the skills outlined later on in this learning path also contain advice on developing the interpersonal skills in order to deliver thoughtful, harm-reducing support.
By the time a phishing email has been shared with you, it is possible that the intended target has already been harmed: they might have clicked it and entered some data, or they may be impacted by the psychosocial impact of feeling targeted or watched. It’s important to support the intended target while, at the same time, avoiding causing harm to yourself during active interaction with malicious content.
Harm reduction for the targeted person should start with collecting some information on the actions they took and the circumstances in which they received and interacted with the email. You might ask different sets of questions for people you know well, such as colleagues, and beneficiaries whom you know less about. Some questions worth asking include: What is their threat model? Are they an anonymous blogger? A dissident in exile attempting to hide their location? Were they using a VPN? Is their browser and operating system up to date? What email system did they receive and open the email in? Did they interact with links, forms, or attachments? Did they reply to the email or forward it to anyone else? Did others in their organization or community receive a same or similar email?
The answers to these questions will both help provide useful harm reduction support and aid in your investigations. As you progress in analysis and understanding of the malicious content, update the targeted person especially insofar as is relevant to harm reduction.
For operational security to protect yourself while working with malicious emails, check out the next subtopic.
Reflect on and answer/discuss the following with peers, colleagues, friends, or a mentor. If available and if appropriate, talk to a ‘client’ you have worked with before to ask their input and experiences on some of these questions.
Do a role-playing exercise with a peer or mentor, in which you play the part of the digital protector, and they play the part of somebody who received a phishing email which is still in their mailbox. They received the email several hours ago, do not remember whether they clicked on it, and only started to think that it’s suspicious and that they should alert others now. They are very stressed, worried that they might have put their colleagues and organization at risk. Some of the topics the conversation could touch upon include:
Security Education 101
FreeA popular community resource on how to teach and talk about digital security
تهانينا على انتهاء وحدة 2!
وسم المربع لتأكيد اكتمالك والمتابعة إلى الوحدة التالية.
يوسم الوحدة الحالية كمكتملة ويحفظ التقدم للمستخدم.
لقد أكملت جميع الوحدات في مسار التعلم هذا.