Transcript
Transcript: Discover Cyber Security: Louise’s Lesson
[The text "Canadian Centre for Cyber Security | Centre canadien pour la cybersécurité" appears onscreen.]
[The text "Canada School of Public Service | École de la fonction publique du Canada" appears onscreen.]
Louise's Lesson
[A threat actor is standing in front of a blue background; the image zooms out to a crowd of people.]
Threat actors look for any way they can to gain access to a system. Most of the time, they look for opportunities to compromise a large group of people; that way their attack is more likely to be successful in at least a few cases.
[A thought bubble appears with a person typing some code into a laptop.]
They may try to guess passwords linked to thousands of users' emails. Emails such as Louise's.
[Louise, with brown hair and glasses, is sitting at her computer.]
Meet Louise.
[A thought bubble appears with a laptop.]
Louise has to remember a lot of passwords.
[The laptop shows a list of different online sites and accounts which are owned by Louise.]
Passwords for rewards cards, social media accounts, bank accounts, personal and work email accounts, hobby websites and online shopping. Louise reuses four or five passwords to access more than 100 services.
[A list of accounts and corresponding passwords appear with red lines underlining the similarities in each password.]
Sometimes, Louise will change the number at the end of the password or add a letter at the beginning.
[Louise stands on a blank screen with a blue background, pulls out her phone from her pocket and answers a call – the background then turns orange, and her jaw drops open.]
Louise was informed by a company that her personal information had been compromised because of a privacy breach.
[Louise is typing on a laptop next to the list of accounts and passwords which she is trying to change.]
She changed her password for the service that had been breached, but she did not change that same password that she was also using for accounts on social media, with an online retailer, and her personal email.
[Laptop screen appears with the threat actor standing to the side. The screen shows them accessing different sites using the same passwords.]
Hackers had looked at the breached information, figured out Louise's email and password, and tried that combination on numerous other sites. This is called credential stuffing.
[The laptop screen pauses at a page with an email icon in the middle.]
Through these attempts, they managed to access her personal email. The threat actors then crafted malicious emails that were disseminated to all of Louise's contacts, including her co workers' work email.
[The threat actor's laptop is shown at the bottom of the screen with animated emails flying into an office space's computers. There are seven employees shown at the upper centre of the screen, all working at shared desks. A building with the Canadian flag appears, used to represent Louise's department in the Government of Canada.]
Emails from Louise's account persuaded her co workers to send money to a payment system, send sensitive business information to the threat actor and follow a link to a spoofed website, causing them to become victims as well.
[Transition to a co-worker opening an email sent to him by the threat actor impersonating Louise and clicking a link which leads to a big warning sign implying that his information was breached.]
Louise's bad habit ignited a series of cyber compromises throughout her department.
[Bullet points appear.]
Louise could have kept herself and her department safe by using strong passwords or passphrases, by using a different password for every account, by using a password manager to store her passwords and by setting up two-factor authentication on her accounts. Doing so would have limited the likelihood of a cyber attack and reduced the impact on her department.
[Green checkmarks appear over the bullet points.]
The Government of Canada has dealt with the impact of cyber attacks like this. Are you confident in your passwords? If not, then it's time to learn from Louise and take some action.
[This video was co-created by: Canadian Centre for Cyber Security | Centre canadien pour la cybersécurité, Canada School of Public Service | École de la fonction publique du Canada.]
[The Government of Canada logo appears.]
