Phishing O que ? Ttica de engenharia social Pescaria de - - PowerPoint PPT Presentation

phishing o que t tica de engenharia social pescaria de
SMART_READER_LITE
LIVE PREVIEW

Phishing O que ? Ttica de engenharia social Pescaria de - - PowerPoint PPT Presentation

Sep 05, 2023 158 likes •477 views

Phishing O que ? Ttica de engenharia social Pescaria de credenciais Ttica 1 - site convincente + Ctrl-S www.ltau.com.br www.ltau.com.br www.LTAU.com.br Ttica 2 - Email customizado exemplo: promoes exclusivas para

slide-1
SLIDE 1

Phishing

slide-2
SLIDE 2

O que é? Tática de engenharia social ‘Pescaria’ de credenciais

slide-3
SLIDE 3

Tática 1 -

site convincente

slide-4
SLIDE 4

+ Ctrl-S

slide-5
SLIDE 5
slide-6
SLIDE 6

www.ltau.com.br

slide-7
SLIDE 7

www.ltau.com.br www.LTAU.com.br

slide-8
SLIDE 8

Tática 2 -

Email customizado

slide-9
SLIDE 9

exemplo: promoções exclusivas para funcionários de uma empresa

slide-10
SLIDE 10

exemplo: promoções exclusivas para funcionários de uma empresa (spear phishing)

slide-11
SLIDE 11

419 Scams:

https://www.hoax-slayer.net/category/scams/scam-catalogue /nigerian-scam-list/

slide-12
SLIDE 12

Good Day, My name is Dr William Monroe, a staff in the Private Clients Section of a well-known bank, here in London, England. One of our accounts, with holding balance of £15,000,000 (Fifteen Million Pounds Sterling) has been dormant and last operated three years ago. From my investigations and confirmation, the owner of the said account, a foreigner by name John Shumejda died on the 4th of January 2002 in a plane crash in Birmingham. I have decided to find a reliable foreign partner to deal with. I therefore propose to do business with you, standing in as the next of kin of these funds from the deceased and funds released to you after necessary processes have been followed. This transaction is totally free of risk and troubles as the fund is legitimate and does not

  • riginate from drug, money laundry, terrorism or any other illegal act.

On your interest, let me hear from you URGENTLY. Best Regards, Dr William Monroe Financial Analysis and Remittance Manager [Phone Number Removed]

slide-13
SLIDE 13

Tática 3 -

“Amigo”

slide-14
SLIDE 14

Engenharia social Mensagens privadas

slide-15
SLIDE 15

Tática 4 -

Link Shortener

slide-16
SLIDE 16

amzn.to/totallyLegitDiscount

slide-17
SLIDE 17

amzn.to/totallyLegitDiscount maliciouswebsite.com/phish

slide-18
SLIDE 18

Tática 5 -

XSS (e outros)

slide-19
SLIDE 19

Site anfitrião tem vulnerabilidade => informação fake no site genuíno

slide-20
SLIDE 20
slide-21
SLIDE 21

Mais?

http://www.phishing.org/phishing-examples https://phishing-cujwhblmvp.now.sh/ (expirado após apresentação)

slide-22
SLIDE 22

Finalidades

slide-23
SLIDE 23

Roubo de credenciais

slide-24
SLIDE 24

Roubo de credenciais

Roubar usuário e senha da pessoa

slide-25
SLIDE 25

Roubo de credenciais

Roubar usuário e senha da pessoa Problemas: 2-factor authentication, alarmes

slide-26
SLIDE 26

Session Hijacking

slide-27
SLIDE 27

Session Hijacking

Roubar o cookie do usuário

slide-28
SLIDE 28

Session Hijacking

Roubar o cookie do usuário Problema: Logout => invalidação do cookie

slide-29
SLIDE 29

Roubo de informações

slide-30
SLIDE 30

Roubo de informações

Às vezes não é necessário o login e senha de alguém - só a informação que essa pessoa detém

slide-31
SLIDE 31

Obrigado!