phishing o que t tica de engenharia social pescaria de
play

Phishing O que ? Ttica de engenharia social Pescaria de - PowerPoint PPT Presentation

Sep 05, 2023 •158 likes •476 views

Phishing O que ? Ttica de engenharia social Pescaria de credenciais Ttica 1 - site convincente + Ctrl-S www.ltau.com.br www.ltau.com.br www.LTAU.com.br Ttica 2 - Email customizado exemplo: promoes exclusivas para

  1. Phishing

  2. O que é? Tática de engenharia social ‘Pescaria’ de credenciais

  3. Tática 1 - site convincente

  4. + Ctrl-S

  6. www.ltau.com.br

  7. www.ltau.com.br www.LTAU.com.br

  8. Tática 2 - Email customizado

  9. exemplo: promoções exclusivas para funcionários de uma empresa

  10. exemplo: promoções exclusivas para funcionários de uma empresa (spear phishing)

  11. 419 Scams: https://www.hoax-slayer.net/category/scams/scam-catalogue /nigerian-scam-list/

  12. Good Day, My name is Dr William Monroe, a staff in the Private Clients Section of a well-known bank, here in London, England. One of our accounts, with holding balance of £15,000,000 (Fifteen Million Pounds Sterling) has been dormant and last operated three years ago. From my investigations and confirmation, the owner of the said account, a foreigner by name John Shumejda died on the 4th of January 2002 in a plane crash in Birmingham. I have decided to find a reliable foreign partner to deal with. I therefore propose to do business with you, standing in as the next of kin of these funds from the deceased and funds released to you after necessary processes have been followed. This transaction is totally free of risk and troubles as the fund is legitimate and does not originate from drug, money laundry, terrorism or any other illegal act. On your interest, let me hear from you URGENTLY. Best Regards, Dr William Monroe Financial Analysis and Remittance Manager [Phone Number Removed]

  13. Tática 3 - “Amigo”

  14. Engenharia social Mensagens privadas

  15. Tática 4 - Link Shortener

  16. amzn.to/totallyLegitDiscount

  17. maliciouswebsite.com/phish amzn.to/totallyLegitDiscount

  18. Tática 5 - XSS (e outros)

  19. Site anfitrião tem vulnerabilidade => informação fake no site genuíno

  21. Mais? http://www.phishing.org/phishing-examples https://phishing-cujwhblmvp.now.sh/ (expirado após apresentação)

  22. Finalidades

  23. Roubo de credenciais

  24. Roubo de credenciais Roubar usuário e senha da pessoa

  25. Roubo de credenciais Roubar usuário e senha da pessoa Problemas: 2-factor authentication, alarmes

  26. Session Hijacking

  27. Session Hijacking Roubar o cookie do usuário

  28. Session Hijacking Roubar o cookie do usuário Problema: Logout => invalidação do cookie

  29. Roubo de informações

  30. Roubo de informações Às vezes não é necessário o login e senha de alguém - só a informação que essa pessoa detém

  31. Obrigado!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Social Engineering Phishing & More Phishing Fake Email Accounts Real Email Accounts

Social Engineering Phishing & More Phishing Fake Email Accounts Real Email Accounts

Social Engineering Phishing & More Phishing Fake Email Accounts Real Email Accounts DrLaneA@mail.com b.miller@tcu.edu Bursar-SecureServices@me.com jbickford@necc.mass.edu No proof of identity Could already be compromised

343 views • 7 slides
Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social Engineering Scams Allen Zhou Comp116 Final Presentation What is Phishing? Social Engineering Steal credentials, data, or money Infect

438 views • 26 slides
Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017 Agenda

Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017 Agenda

Ray-Ban phishing scams occur a lot on Facebook CS 88S Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017 Agenda Review last weeks material Phishing & Social Engineering Various Malwares Spam

774 views • 52 slides
The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types & Techniques 3. Phishing Stats & Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos & Practical INTRODUCTION

565 views • 27 slides
Phi.sh/$oCiaL: The Phishing landscape through Short URL's 1. Introduction With the advent of

Phi.sh/$oCiaL: The Phishing landscape through Short URL's 1. Introduction With the advent of

Phi.sh/$oCiaL: The Phishing landscape through Short URL's 1. Introduction With the advent of Web 2.0 technologies, social services like Twitter, Facebook, and MySpace have emerged as popular media for information sharing; While phishing

813 views • 33 slides
Phishing Junxiao Shi, Sara Saleem University of Arizona Apr 23, 2012 1 Introduction 2 Email

Phishing Junxiao Shi, Sara Saleem University of Arizona Apr 23, 2012 1 Introduction 2 Email

Phishing Junxiao Shi, Sara Saleem University of Arizona Apr 23, 2012 1 Introduction 2 Email Spoofing 3 Web Spoofing 4 Pharming 5 Malware 6 Phishing through PDF 7 References What is Phishing a form of social engineering to fraudulently retrieve

640 views • 38 slides
Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring: What is phishing? How phishing can damage a business What are the difgerent types of phishing? How to spot a phishing email What to do if

159 views • 12 slides
Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of

Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of

Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of Amsterdam) Supervisors: Alex Stavroulakis, Rick van Galen (KPMG) Phishing emails Special type of spam message Fraudulent social

1.11k views • 29 slides
of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

PhishEye: Xiao Han Nizar Kheir Live Monitoring Davide Balzarotti of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd Quarter 2016] All time high record

921 views • 59 slides
Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing 2. Strategic defense techniques 3. A new client based solution: DOMAntiPhish 4. Conclusions Nature of Phishing Statistics from the Anti

536 views • 31 slides
Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing,

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing,

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing, Vishing 2. Payment Fraud CEO Impersonation, Invoice Fraud. 3. Online / Cyber Fraud Malware & Trojans, Security Software, Social

448 views • 13 slides
Insights Conference! Welcoming Remarks David Bradford Co-Founder & Chief Strategy Officer

Insights Conference! Welcoming Remarks David Bradford Co-Founder & Chief Strategy Officer

Welcome to Advisens Cyber Risk Insights Conference! Welcoming Remarks David Bradford Co-Founder & Chief Strategy Officer Advisen Thank you to our Advisory Board Elisabeth Case, Marsh Nick Economidis, Beazley James J. Giszczak, McDonald

1.09k views • 80 slides
CS 204: Multipath TCP Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139

CS 204: Multipath TCP Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139

CS 204: Multipath TCP Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139 http://www.cs.ucr.edu/~jiasi/teaching/cs204_spring16/ 1 Goals Use the available network paths at least as well as regular TCP, but without starving TCP. Usable as

761 views • 26 slides
Hash Function Based MAC Message Authentication Codes (MAC) provide the integrity and

Hash Function Based MAC Message Authentication Codes (MAC) provide the integrity and

Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5 Yu Sasaki 1 and Lei Wang 2 1 NTT Secure Platform Laboratories 2 Nanyang Technological University, Singapore SAC 2013 (16/August/2013) 1 Hash Function Based

822 views • 25 slides
Cryptography [Finish Hash Functions; Start Asymmetric Cryptography] Spring 2020 Franziska

Cryptography [Finish Hash Functions; Start Asymmetric Cryptography] Spring 2020 Franziska

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Finish Hash Functions; Start Asymmetric Cryptography] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi

406 views • 19 slides
Advanced Topics in Information Retrieval Vinay Setty Jannik Strtgen (vsetty@mpi-inf.mpg.de)

Advanced Topics in Information Retrieval Vinay Setty Jannik Strtgen (vsetty@mpi-inf.mpg.de)

Advanced Topics in Information Retrieval Vinay Setty Jannik Strtgen (vsetty@mpi-inf.mpg.de) (jtroetge@mpi-inf.mpg.de) 1 Agenda Organization Course overview What is IR? Retrieval Models Link Analysis Indexing and

1.56k views • 111 slides
VAT Refunds: Balancing fraud against cash flow Jacqui Wierzbowski, Deloitte South Africa Agenda

VAT Refunds: Balancing fraud against cash flow Jacqui Wierzbowski, Deloitte South Africa Agenda

VAT Refunds: Balancing fraud against cash flow Jacqui Wierzbowski, Deloitte South Africa Agenda VAT fraud and refunds in South Africa Main VAT risk areas SARS risk detection Tax Ombuds report on the investigation into alleged

641 views • 20 slides
Exploring Polarization in Climate Change Debate on Twitter Aman Tyagi Center for Computational

Exploring Polarization in Climate Change Debate on Twitter Aman Tyagi Center for Computational

<Your Name> Exploring Polarization in Climate Change Debate on Twitter Aman Tyagi Center for Computational Analysis of Social and Organizational Systems Engineering & Public Policy http://www.casos.cs.cmu.edu/ Engineering &

287 views • 15 slides
Why Circumcision on the 8 th Day? Clotting factor #1 : Vitamin K not manufactured in the babys

Why Circumcision on the 8 th Day? Clotting factor #1 : Vitamin K not manufactured in the babys

Why Circumcision on the 8 th Day? Clotting factor #1 : Vitamin K not manufactured in the babys intestinal tract until the 5 th to 7 th day. Clotting factor #2 : Prothrombin peaks at 110% of normal on the 8 th day. Structure of Chapters 6 &

337 views • 7 slides

More recommend