phishing in depth
play

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content - PowerPoint PPT Presentation

Dec 19, 2022 •285 likes •565 views

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos & Practical INTRODUCTION

  1. PHISHING IN DEPTH (ATTACKS & MITIGATIONS)

  2. Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos & Practical

  3. INTRODUCTION • ERIC NII SOWAH BADGER (NiiHack) • Software Developer / Certified Ethical Hacker • Penetration Tester / CTF Player on HackTheBox • Member of Inveteck Global • LinkedIn: Eric Nii Sowah Badger • INSTAGRAM: ni1hack • TWITTER: ens_nii

  4. PHISHING Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The recipient is tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. Phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack,

  5. What kind data do criminals want from victims? Credit card Social details, security account numbers and numbers PINS Username Birthdays Passport and and numbers passwords anniversaries

  6. PHISHING KIT • A phishing kit is the web component, or the back-end to a phishing attack. • It's the final step in most cases, where the criminal has replicated a known brand or organization. • Once loaded, the kit is designed to mirror legitimate websites, such as those maintained by Microsoft, Apple or Google.

  7. ANATOMY OF A PHISHING KIT STEPS IN CREATING A PHISHING KIT

  8. TYPES OF PHISHING EMAIL PHISHING Usually appear to come from a well-known 1 organization and ask for your personal information — SMISHING such as credit card number, social security number, When someone tries to trick you into account number or password 2 giving them your private information via a text or SMS message VISHING is the telephone equivalent of phishing. It is described as the 3 SPEAR PHISHING act of using the telephone in an attempt to scam the user into surrendering private information that will be used for The fraudulent practice of sending emails identity theft. 4 ostensibly from a known or trusted sender in order to induce targeted WHALING individuals to reveal confidential information 5 A method to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes.

  9. EMAIL PHISHING SAMPLE EMAIL PHISHING TO HAVEST PASSWORDS

  10. SMISHING PHISHING SAMPLE SMISHING MESSAGE TO HARVEST PERSONAL INFO

  11. VISHING VIDEO DEMO OF A VISHING ATTACK TO GET SENSITIVE INFO

  12. SPEAR PHISHING SAMPLE SPEAR PHISHING MESSAGE TARGETED AT A NETFLIX USER

  13. WHALING SAMPLE WHALING MESSAGE TO GET PERSONAL INFO

  14. AVOIDANCE TECHNIQUES • Always, Always Think Twice Before EMAIL Clicking PHISHING • Two Factor Authentication (2FA) • Don’t click on links, type them directly in PHISHING the URL • Verify link first before clicking (www.virustotal.com) • Hover mouse on link to be sure its legit before clicking

  15. AVOIDANCE TECHNIQUES • Always, Always Think Twice Before Clicking (There is no free lunch) • Avoid clicking on any UNKNOWN SMISHING messages with links • Verify links if there are malicious(contains PHISHING malwares or viruses) first before clicking (www.virustotal.com) • Ignore and flags suspicious texts • Do extensive research before replying to any message.

  16. AVOIDANCE TECHNIQUES SMISHING PHISHING HOW TO USE VIRUSTOTAL TO VERIFY LINKS FOR MALWARES AND OTHER MALICIOUS CODES BEFORE CLICKING ON THEM WWW.VIRUSTOTAL.COM

  17. AVOIDANCE TECHNIQUES • Be very suspicious of any caller who asks you to share login information over the phone. If a caller asks you to provide account • data or personally identifiable PHISHING information, refuse to do so Security won’t call you to request that • VISHING you change logins, passwords, or network settings. Always do a 2 nd Verification of suspicious • calls

  18. AVOIDANCE TECHNIQUES • Don’t be swayed just because a correspondent seems to know a lot about you • Don’t rush to send out data just because the other person tells you it’s urgent PHISHING • Don’t be afraid to get a second opinion SPEAR • Verify and validate PHISHING • Trust no one

  19. AVOIDANCE TECHNIQUES • Use two-factor authentication for email to avoid accounts becoming compromised. • Establish a verification process for transferring funds, WHALING such as face-to-face verification or verification over the phone. PHISHING • Utilize an email filtering system for inbound emails that flags emails sent from similar-looking domain names. • Use mock whaling attacks against employees to teach them how easy it is to be tricked. • Enforce strict Passwords policies

  20. AVOIDANCE TECHNIQUES HOW TO DETECT PHISHING EMAIL

  21. EFFECTS OF PHISHING ON BUSINESSES 1. Reputational Damage Headlines like “British Airways data breach: Russian hackers sell 245,000 credit card details” and “Uber concealed massive hack that exposed data of 57m users and drivers”. 2. Loss of customers 6. Safeguarding against After 157,000 of TalkTalk’s customers had their data compromised phishing in 2015, customers left in their thousands. The company’s eventual financials revealed the true costs of the breach to be Phishing filters can help but, unfortunately, no phishing around £60m in 2016 alone. filter is 100% effective. Phishing 3. Loss of company value Effects 5. Business disruption Following the compromise of Facebook user data in 2018, After being infected by malware in 2017 (most likely Facebook’s valuation dropped by $36bn – a loss from which (at following a phishing email), the advertising the time of writing) the company is yet to fully recover. In public multinational WPP instructed its 130,000 employees companies, the pattern is clear: following a breach, company to “immediately turn off and disconnect all Windows value decreases. servers, PCs and laptops until further notice.” 4. Regulatory fines Financial penalties for the misuse or mishandling of data have been in place for decades. Under GDPR, the penalties can total €20 million or 4% of a company’s annual global turnover – whichever is higher.

  22. SPEAR-PHISHING ATTACK USED TO DELIVER RANSOMWARE TO A COMPANY’S INTERNAL NETWORK EFFECTS OF PHISHING ON INDIAN ARMY

  23. WORLD HEALTH ORGANIZATION WARNS OF CORONAVIRUS PHISHING ATTACKS

  24. DEMOS & PRACTICALS

  25. REFERENCES https://www.imperva.com/learn/application-security/phishing-attack-scam/ • • https://digitalguardian.com/blog/what-is-spear-phishing-defining-and- differentiating-spear-phishing-and-phishing https://www.mimecast.com/blog/2018/10/4-simple-tips-for-stopping-vishing/ • • https://www.ntiva.com/blog/how-phishing-affects-businesses https://www.newindianexpress.com/nation/2019/dec/07/military-comes-under- • phishing-attack-army-points-finger-at-crooks-in-pak-china-2072861.html • https://thehackernews.com/2020/02/critical-infrastructure-ransomware- attack.html?m=1

  26. QUESTIONS

  27. THANK YOU

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types & Techniques 3. Phishing Stats & Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring: What is phishing? How phishing can damage a business What are the difgerent types of phishing? How to spot a phishing email What to do if

159 views • 12 slides
of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

PhishEye: Xiao Han Nizar Kheir Live Monitoring Davide Balzarotti of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd Quarter 2016] All time high record

921 views • 59 slides
Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing 2. Strategic defense techniques 3. A new client based solution: DOMAntiPhish 4. Conclusions Nature of Phishing Statistics from the Anti

536 views • 31 slides
Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke Tian, Steve T.K. Jan , Hang Hu, Danfeng Yao, Gang Wang Computer Science, Virginia Tech Phishing is a Big Th Threat Phishing: fraudulent attempt

411 views • 30 slides
Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able to: Define phishing Identify signs of a potential phishing email Know where to report phishing emails to and how to report them

168 views • 15 slides
Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why Phishing Works. Gelernter, N., Kalma, S., Magnezi, B., & Porcilan, H. (2017). The Password Reset MitM Attack. What is Phishing? Dhamija, R.,

528 views • 50 slides
Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition of spear phishing Why is spear phishing so valuable to attackers Spear phishing defenses / countermeasures Training concepts and delivery

434 views • 8 slides
Social Engineering Phishing & More Phishing Fake Email Accounts Real Email Accounts

Social Engineering Phishing & More Phishing Fake Email Accounts Real Email Accounts

Social Engineering Phishing & More Phishing Fake Email Accounts Real Email Accounts DrLaneA@mail.com b.miller@tcu.edu Bursar-SecureServices@me.com jbickford@necc.mass.edu No proof of identity Could already be compromised

343 views • 7 slides
Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing

Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing

Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing Attack An email address that tries to disguise itself as legitimate Outlook Team <msOutlook@outlook.com> Confirm Acount Details Hello

108 views • 7 slides
Analyzing the Effectiveness of Phishing at Network Level Sagar Mehta, Nitya Sundareswaran, Kevin

Analyzing the Effectiveness of Phishing at Network Level Sagar Mehta, Nitya Sundareswaran, Kevin

Analyzing the Effectiveness of Phishing at Network Level Sagar Mehta, Nitya Sundareswaran, Kevin D. Fairbanks, Nick Feamster Motivation Source - Phishing Activity Trends Report July, 2006 , Anti-Phishing workgroup Our work done from Jan

395 views • 24 slides
Phishing Emails CS 142 Lecture Notes: Security Attacks: Phishing Slide 1 Legitimate: Extended

Phishing Emails CS 142 Lecture Notes: Security Attacks: Phishing Slide 1 Legitimate: Extended

Phishing Emails CS 142 Lecture Notes: Security Attacks: Phishing Slide 1 Legitimate: Extended Validation CS 142 Lecture Notes: Security Attacks: Phishing Slide 2 Obviously Illegitimate http://rusprory.mass.hc.ru/old_site/update/index.php CS

550 views • 10 slides
The Microservices journey from a startup perspective Susanne Kaiser CTO @suksr Just Software

The Microservices journey from a startup perspective Susanne Kaiser CTO @suksr Just Software

The Microservices journey from a startup perspective Susanne Kaiser CTO @suksr Just Software @JustSocialApps Each journey is different People try to copy Netflix, but they can only copy what they see. They copy the results, not the

1.04k views • 34 slides
London Academy Business School About Me University Lecturer, Accredited Conducted 50+ training

London Academy Business School About Me University Lecturer, Accredited Conducted 50+ training

Topic: Innovative Entrepreneurship Definitions and The Assessment Development We will look at: The Definition of Entrepreneurship. Stages of Managing New Ventures (enterprises/businesses). The definition of the word/entrepreneur/s.

331 views • 14 slides
Japan Japan s economy slows as confidence slides ahead of sales tax rise PMI surveys point

Japan Japan s economy slows as confidence slides ahead of sales tax rise PMI surveys point

Markit Economic Research 03/04/2014 Japan Japan s economy slows as confidence slides ahead of sales tax rise PMI surveys point to slower economic growth in Chart 1: PMI & GDP compared Q1, but paint a rosier picture than GDP data

622 views • 3 slides
EN ENGL GLISH ISH LAN ANGUAG GUAGE Topic 16: Solutions. Intermediate. Unit 2. stimulus-based

EN ENGL GLISH ISH LAN ANGUAG GUAGE Topic 16: Solutions. Intermediate. Unit 2. stimulus-based

ACADEMIC LYCEUM INTERNATIONAL HOUSE TASHKENT 1 st semester EN ENGL GLISH ISH LAN ANGUAG GUAGE Topic 16: Solutions. Intermediate. Unit 2. stimulus-based discussion. A blog post How to Writ ite a B a Blog Post STEPS: 1.

279 views • 6 slides
HCOMP 2016 Business Meeting hcompconference@gmail.com 1. HCOMP 2016 Report 2. HCOMP 2018:

HCOMP 2016 Business Meeting hcompconference@gmail.com 1. HCOMP 2016 Report 2. HCOMP 2018:

HCOMP 2016 Business Meeting hcompconference@gmail.com 1. HCOMP 2016 Report 2. HCOMP 2018: Announcement of chairs 3. HCOMP 2017 Steven Dow (U.C. San Diego) & Adam Kalai (MSR) Announcement of Location & Dates 4. Discussion

670 views • 18 slides
Janice Lopez Womens Business Development Center Welcome In this Webinar you will: Obtain

Janice Lopez Womens Business Development Center Welcome In this Webinar you will: Obtain

Early Childhood Program Business 101: Basic Business Planning for Growth Presented by: Janice Lopez Womens Business Development Center Welcome In this Webinar you will: Obtain tools to develop a business plan Revisit your

1.02k views • 36 slides
DDD Domain Driven Design - The way back to OO! Felipe Rodrigues de Almeida DDD blog.fratech.net

DDD Domain Driven Design - The way back to OO! Felipe Rodrigues de Almeida DDD blog.fratech.net

DDD Domain Driven Design - The way back to OO! Felipe Rodrigues de Almeida DDD blog.fratech.net 1 TOPICS THE PROBLEM Where are we missing the way? 3 THE CONCEPT What is DDD about? 4 Why use

1.16k views • 46 slides
ldc.govt.nz Geo ff McDonald @BookRapper BookRapper.com The Book Geo ff McDonald.com/blog The

ldc.govt.nz Geo ff McDonald @BookRapper BookRapper.com The Book Geo ff McDonald.com/blog The

ldc.govt.nz Geo ff McDonald @BookRapper BookRapper.com The Book Geo ff McDonald.com/blog The Book LeadershipChallenge.com Jim Kouzes Barry Posner The Authors Behaviour = Credibility The BIG Idea Five Key Practices Speed RAP Make

495 views • 48 slides

More recommend