Spear Phishing Common cause of data breaches Targeted s

Slides:



Advertisements
Similar presentations
How to protect yourself, your computer, and others on the internet
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
What is identity theft, and how can you protect yourself from it?
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Reliability & Desirability of Data
Scams & Schemes Common Sense Media.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.
INTRODUCTION & QUESTIONS.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
Outline of this module By the end of this module, you will be able to: Identify the benefits of using social networking to communicate with family and.
Safe Computing Practices. What is behind a cyber attack? 1.
Avoiding Frauds and Scams Barbara Martin-Worley Director, Consumer Fraud Protection 18 th Judicial District Attorney’s Office Serving Arapahoe, Douglas,
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
Safe Computing Protect your electronic profile means protecting You and Case Information Security Office, ITS Case Western Reserve University 2015 Information.
Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.
Take the Quiz and find out more!
Important Information Provided by Information Technology Center
Objectives Define phishing and identify various types of phishing scams Recognize common baiting tactics used in phishing scams Examine real phishing messages.
Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC
Edexcel GCSE Cyber security threats Computer Science 1CP1
3.6 Fundamentals of cyber security
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.
General Cybersecurity Awareness
Learn how to protect yourself against common attacks
Unit 4 IT Security.
Social Engineering Charniece Craven COSC 316.
Information Security.
Lesson 3 Safe Computing.
Overview 1. Phishing Scams
I S P S loss Prevention.
Report Phishing Forward phishing s to
How to Protect Yourself from ID Theft and Social Engineering
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Encryption Ransomware
Protect Your Computer Against Harmful Attacks!
Staying Austin College
Jon Peppler, Menlo Security Channels
Cybersecurity Awareness
Practice Safe Computing
Robert Leonard Information Security Manager Hamilton
Risk of the Internet At Home
Spear Phishing Ways to Minimize its Risks
Information Security Session October 24, 2005
Report Phishing Forward phishing s to
Anatomy of a Large Scale Attack
Security Hardening through Awareness August 2018
Qiyu chen, Xiaomin Dong, Chenhui Lai, Xinteng Chen, Vittorio DiPentino
Business Compromise and Cyber Threat
Social Engineering Humans are often the weakest point in security
What is Phishing? Pronounced “Fishing”
Spear Phishing Awareness
Phishing 101.
Cybersecurity Simplified: Phishing
Cybersecurity Simplified: Ransomware
Presentation transcript:

Spear Phishing

Spear Phishing Common cause of data breaches Targeted emails Sent to small groups or individuals Uses social engineering tactics Common cause of data breaches Targeted emails Spear phishing messages are targeted at small groups or individuals. Attackers personalize these messages to bypass technical controls like spam filters. Sent to small groups or individuals Use social engineering tactics Examples of social engineering tactics: Pretexting: Exploiting the authority of another person or organization (e.g. pretending to be the IT department to solicit a password) Baiting: dangling an item (or file) of value Appealing to emotions or sense of urgency

Spear Phishing Emails Deliver file attachments Entice you to click on links  Trick you into handing over your login credentials  Spear phishing emails: Deliver file attachments that can infect your computer with malware Entice you to click on links that take you to websites that will infect your computer Trick you into handing over your login credentials, which phishers can later use to gain access to your network, sites, and data

Type #1: Highly Personalized Spear phishers personalize emails to try to gain your trust Full name Mailing address Bank account number Name of your employer Even if the email or text message appears to be from someone you know, use caution. Examples of advanced spear phishing attacks include Highly Personalized, Double Barrel, and Business Email Compromise. Highly Personalized phishing emails include personal information to gain the target’s trust. Spear phishers often use information like your full name, mailing address, tax ID number, phone number, bank account number, and the name of your employer to try to gain your trust. Spear phishers scavenge social media profiles to craft highly personalized messages. They could also use information like the names of your family, friends, and colleagues to trick you into clicking a link or downloading an attachment. Every bit of information you post on a social network makes you vulnerable to spear phishing. Even if the email or text message appears to be from someone you know, use caution. Phishers can also impersonate email addresses and phone numbers.

Type #1: Highly Personalized This example of a real phishing email includes the target’s email address (redacted) to establish a sense of trust.

Type #2: Double Barrel The Double Barrel uses multiple emails to create a believable narrative. The Lure: The first email is designed to build trust The Double Barrel uses multiple emails to create a believable narrative. First, phishers send a Lure email designed to build trust. In this example, Jack receives an email from his boss Lena, letting him know that she is about to get on a flight and to expect a file soon. In this email, the phisher tells the target to expect another email with an attachment or link.

Type #2: Double Barrel The Phish: The second email contains malicious attachments or links After a period of time, the attacker sends a follow-up email that is a phish, and it contains malicious attachments or links.

Type #3: Business Email Compromise Use email to solicit wire transfers Impersonate executives or vendors/suppliers Resemble spear phishing Targets financial officers Phishers have stolen billions of dollars in these scams. A Business Email Compromise scam uses emails to trick recipients into initiating a fraudulent wire transfer, often by impersonating a high-ranking executive or a vendor/supplier. A BEC scam may resemble a spear phishing attack. However, it does not always contain a malicious hyperlink or attachment. Most often, BEC scams target financial officers and other employees who are authorized to initiate a wire transfer, like financial directors and accountants. According to the United States FBI, phishers have stolen over 5.3 billion dollars in these scams as of 2017.

Type #3: Business Email Compromise Here is an example of an attempt against PhishMe. Our VP of Finance was able to identify the BEC scam because the email says “Sent from my iPhone,” but he knew Rohyt uses Android. There are a few formatting mistakes (an extra space before “?”) and punctuation errors (“i”). That’s no surprise since errors in punctuation, spelling, grammar and formatting are common in phishing emails.

Why You Should Be Concerned The global cost of cyber crime was $445 billion in 2016 [1] The typical 10,000 employee company spends $3.7 million per year dealing with phishing attacks [1] 5.3 Billion (USD) in actual and attempted losses from BEC [2] 131 Countries have recently been impacted by BEC scams [2] References: [1] – PhishMe. “Techniques for Dealing with Ransomware, Business Email Compromise and Spearphishing” https://phishme.com/project/techniques-for-dealing-with-ransomware-bec-and-spearphishing/ [2] – PhishMe. “Business Email Fraud Scams: What They Are and How to Shut Them Down” https://phishme.com/project/business-email-fraud-scams/ The World Economic Forum places the global cost of cyber crime at $445 billion in 2016 The Ponemon Institute estimates that the typical 10,000 employee company spends $3.7 million per year dealing with just phishing attacks Those losses – representing more than USD 5.3 billion – affected over 22,000 companies (large and small) in all 50 states and in 131 countries.

How to Spot a Phish Look closely for errors Look for Contextual Clues Grammar Spelling Punctuation Syntax Look for Contextual Clues Device Tone Signature Look for unusual grammar, spelling, punctuation, or syntax errors, which are often present in malicious emails. If you know the sender, look for clues that something isn’t right. For example: the email is overly formal, when you and the sender are on friendly terms, or the email uses an incorrect signature.  

Prevent Spear Phishing Attacks Never download strange/unsolicited attachments Update software frequently Back up your files regularly Use caution while surfing the web and checking your inbox Keep your emotions in check Always verify Never download attachments that are out of context, like if you received an email with the subject “Attached Invoices” and you work in the engineering department. Even if the email is from someone you know, it is always safest to verify with the sender if anything in the email seems off. Update software frequently. Unpatched software can contain security holes, used to gain access into your system. Back up your files regularly. Secure your backup in a safe place and disconnect it from your computer when you aren’t using it. Some malware will encrypt network and USB drives. Use caution while surfing the web and checking your inbox. Never download attachments or click any links from unknown senders. Never enable macros on Microsoft Office documents from unknown senders. Enabling macros can allow a malicious program to run and download malware. Keep your emotions in check Spear phishing emails are successful because they catch recipients off guard by appealing to emotions like fear, curiosity, recognition, urgency, and opportunity. Always verify. Reach out to the sender on the phone to verify that the file is legitimate.

Report It! Report Spear Phishing Report any suspected threats Help stop attacks Protect your co-workers Protect customer data Report It! Report any suspected threats Prompt reporting allows our IT team or security provider to respond before more damage is done Help stop attacks Protect your co-workers If they’ve targeted you, they may have also targeted other people that you work with or for. Protect customer data Any successful cyber attack puts sensitive customer data at risk. Prompt reporting satisfies an obligation to our customers by doing our best to prevent the loss or breach of sensitive information.

Related Resources Whitepapers Techniques for Dealing with Ransomware, BEC, and Spearphishing Business Email Fraud Scams: What They Are and How to Shut Them Down Why Can’t We Solve Phishing? Blog posts Threat Actors Continue Abusing Google Docs and Other Cloud Services to Deliver Malware FBI Announces That BEC Scam Losses Continue to Skyrocket, as Losses Exceed $3.1B BEC Scams Hits Technology Giants for over $100 Million Dollars With apologies to Led Zeppelin fans: The (BEC) Song (Still) Remains the Same CBT Advanced Spear Phishing BEC Scams Infographics How to Spot a Phish Phishing and Social Media How to Shield Your Company from BEC Attacks Videos Phishing vs. Spear Phishing Please see the above resources to learn more about BEC scams.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.