Report. Phishing Deceives the Masses: Lessons Learned from a Global Assessment
|
|
- Horatio West
- 8 years ago
- Views:
Transcription
1 Phishing Deceives the Masses: Lessons Learned from a Global Assessment
2 Table of Contents Executive Summary...3 Phishing Preys on the Uninformed...4 Introducing the McAfee Phishing Quiz....5 Lessons Learned...5 Recommendations for Security Practitioners Phishing Deceives the Masses: Lessons Learned from a Global Assessment 2
3 Executive Summary Organizations worldwide succumb to a constant barrage of cyberinfiltration attempts. The actors behind these efforts want information personal, financial, or even intellectual property and have shown no signs of slowing down. Our research shows that social engineering is the most effective way to exploit employees. Most commonly, through phishing s that deliver malware, or simply lead an unsuspecting user to divulge information. Part of the solution is to educate every connected worker on the tactics used in phishing attacks, so they are better prepared when a phishing makes it to their inbox. Using an online quiz, we re bringing attention to these tactics and are attempting to raise the skill level of anyone who takes it. With over 50,000 respondents to date, we are able to both grasp the overall performance level of employees around the world when it comes to detecting phishing s and help give them a more astute view of the potential threats in their inbox. Several trends have emerged from this assessment. First the vast majority of us will miss at least one phishing , especially if it looks like it is coming from a legitimate and known address. Unfortunately, we re not all equal. Finance and HR departments around the world performed worse on this assessment than their counterparts, especially those in IT and R&D who were consistently top performers. In this report, we ll look at what caused respondents to struggle, and what can be done to prevent future attacks from occurring with a combination of education and technology. Phishing Deceives the Masses: Lessons Learned from a Global Assessment 3
4 Phishing Preys on the Uninformed Phishing attacks exploit what is often the weakest link in cyberdefense human behavior. Bypassing our best judgment can be as simple as creating urgency with a fake bank notice, or as complex as assuming the persona of a known business partner all in an effort to steal information. Numerous high-profile breaches such as the theft of credit card data from Target and the compromise of multiple celebrities Apple icloud accounts are purported to be the result of targeted spear phishing. Effectively, it has become easier for the bad guys to know their targets, where they work, what they are interested in, and more. All forms of digital media have accelerated this capability, especially social media. We base our decisions on trust: Did the come from a party or organization I know and currently do business with? Does it contain an element of personalization that makes it appear legitimate? That is often enough to ensure a click. Take a look at some of the top brands used in phishing attacks these days, identified by McAfee Labs. PayPal Amazon ebay Bank Of America HSBC Would you click a link in an that appears to come from one of these companies? Through research conducted by McAfee Labs, we have seen phishing enable the vast majority of successful attacks in the wild. Verizon found similar evidence in their investigations this year: 80% of all espionage-motivated attacks used either a link or attachment in a phishing to gain access to their victim s environment 1 On the front lines, there are often unsuspecting employees just trying to navigate the constant flow of entering their inboxes. Phishing attacks have moved from the classic Nigerian 419 scams of the past, to targeted spear phishing messages that look no different on the surface than any other shipment notification, bank statement, or business solicitation you may receive from a legitimate party. Technology can only solve part of the problem. Key to defending against sophisticated phishing attacks is employee education and the level of awareness they have about potential threats in their inboxes. Only education can raise awareness around recognizing malicious s but many organizations lack the tools and resources to roll out an effective educational program to their employees. Phishing Deceives the Masses: Lessons Learned from a Global Assessment 4
5 Introducing the McAfee Phishing Quiz In an effort to build awareness around phishing and the tactics used to deceive victims of phishing attacks, McAfee now a part of Intel Security developed an online phishing quiz in mid This quiz presents 10 real s in replicated inboxes, asking respondents to determine whether each message is legitimate, or a phishing attempt. At the time of this report, over 50,000 business users in 49 countries have completed the quiz. The ability to detect fraudulent , as demonstrated by the results of this assessment, varies by country and even more dramatically, by department of employment. Key statistics from the quiz findings include: Only 6% of respondents worldwide were able to identify all s as phishing or legit. 80% of all respondents fell for at least one phishing . The average score around the world came in at a mediocre 65% correctly identified s. IT and R&D teams performed the best both at a 69% detection accuracy. HR and Finance departments performed the worst both with a 60% detection accuracy. EMEA proved to be the most skilled, at an average of 67% correct. Both NA and LTAM averaged 66% as well. APAC respondents were the least skilled, with an average score of 61% correctly identified s. An overview of these findings can also be viewed in this infographic. Lessons Learned While the results of this assessment are telling, it is enlightening to look deeper at where respondents fell short in their ability to detect the legitimacy of a message. Figure 1 below shows the frequency each question was answered incorrectly. Several messages were notoriously more difficult than the others. In this section, we ll explore why these s were more difficult to identify, and what that means for strengthening business defenses against attacks which use similar (and numerous other) tactics. Individual Question Failure Rate 70% 60% 63% 62% 50% 49% % Incorrect 40% 30% 43% 42% 27% 20% 21% 10% 13% 7% 8% 0% Blue = Legitimate Red = Phishing Figure 1. Overall failure rate for individual questions in the McAfee Phishing Quiz. Phishing Deceives the Masses: Lessons Learned from a Global Assessment 5
6 Looking at the full range of questions, we see a mix of both accurate identification and overwhelming misidentification of s by respondents overall. Notably, two s which both used forged addresses were the most difficult to detect as phishing ( s 4 and 8, above). We ll dive deeper into those in the analysis below. Not exempt from misidentification were several legitimate s, which highlight the difficulty in identifying the true nature of any , whether legitimate or malicious, when sitting in an inbox. Let s dive into the most missed questions to uncover the source of difficulty. 1 of 10: LinkedIn (missed by 63% of respondents) In a strange twist of fate, the single most-missed was actually legitimate. This marketing message from LinkedIn asks the recipient to take action and claim their free ads. Claiming a free prize is a tactic many are familiar with in phishing or spam campaigns, which is likely the reason behind this s misidentification as a phishing . Despite its harmless nature, the high rate of failure on this question further highlights the issue at hand it is extremely difficult to detect the legitimacy of an message in today s technology landscape. Ambiguous messages like this only cloud the judgment of end-users, as a fake message could easily follow the same template and lead to a malicious payload. We also recognize an inherent bias in the data regarding this question, as respondents were aware of the intention of the quiz as a phishing assessment, and were presented with this question first. Phishing Deceives the Masses: Lessons Learned from a Global Assessment 6
7 4 of 10: efax (missed by 49% of respondents) No excuses here. This is simply well-crafted and proved very difficult to detect any malicious intent. Business users may be familiar with the online service efax, and even if they haven t received a digital fax in their own professional lives, it is easy enough to place yourself in the shoes of someone who might. The relatively accurate branding and convincing layout in this would fool most people at first glance. Savvier users might look to the sender address for validation that the originates from a known party and that it matches the brand in the body of the . Unfortunately this wouldn t help here, as the address has been spoofed or forged to appear as if it came from the actual efax domain. In many cases, using your cursor to hover over links in an body would reveal the true destination of a URL, and give evidence of malicious activity if it does not match up with a known domain, or is random enough to raise suspicion. The malicious actors here however chose a fairly safe sounding domain with minimal additions to the URL strings behind each link. While this doesn t line up with efax perfectly, it is close enough to be mistaken in a quick glance, which is all most employees give an link if they even check the destination URL at all. So what can we learn from the high failure rate here? Reinforcing safe practices such as hovering over URLs (long-press on mobile devices) may be enough for some to avoid being tricked. All it takes is one employee clicking a link, however, to give the sender a chance to deliver their malware payload hidden in URL content. Instructing end users to never click on links in is going to be a futile effort for most. Web security technology which scans HTML content for both known and zero-day malware, even from links on mobile devices (which are often excluded from proxy-based scanning), is the most comprehensive resolution here. More on technology in the final section of this report. Phishing Deceives the Masses: Lessons Learned from a Global Assessment 7
8 5 of 10: Venmo (missed by 43% of respondents) Here we see a case of what is likely a high level of suspicion towards a new application, Venmo, and minimal evidence to base a decision of legitimacy. With a proverbial flood of new online services and mobile applications coming to market, most technology users receive sign-up confirmation s like this on a fairly regular basis. Cybercriminals are aware of this trend, and use similar shortformat s to trick recipients into clicking malicious links. In this case, the message was legitimate, displaying the Venmo domain in both the sender address and destination URL of the link. Educating users to long-press links within on mobile devices can help avoid any unintentional web access, but in this case, they would have been safe. Phishing Deceives the Masses: Lessons Learned from a Global Assessment 8
9 8 of 10: UPS (missed by 62% of respondents) Most people have received a tracking from UPS at some point in their life. The universal recognition of this brand and familiarity with package tracking play a large role in the high failure rate for this question and also for those that fell for this phishing attack when it made the rounds on real business networks. The methods of disguise here were common but effective. First, the sender address was spoofed to appear as if it originated from the UPS.com domain. Several UPS branding elements were part of the message, including the official logo. Most interesting was the use of only one malicious URL in the entire . The first URL directed the recipient to track the shipment and actually sent you to the UPS package-tracking website. The second URL prompted a download of the invoice, and it indeed opened a file but not one in the UPS domain. That link delivered the payload: malware wrapped in a.zip file. Phishing s like this are notoriously difficult to stop before they enter a business network, and even more difficult to prevent action at the user level. A common takeaway in this report hovering over links to reveal their true destination may raise enough suspicion for an end user. But this attacker clearly knew better. What are the chances an employee would hover over not just the first link, but the second as well? Probably not very high. Taking into account the legitimacy of the first URL brings a level of trust strong enough to warrant clicking on the second without thinking twice. Even more worrisome is that this phishing would have made it past most filters, and some web-based malware detection, as the.zip file contained zero-day malware. While end-user education could divert the attack from a percentage of recipients advanced malware detection technology for web traffic would have been needed to interrogate the.zip file download and uncover its zero-day payload. Phishing Deceives the Masses: Lessons Learned from a Global Assessment 9
10 Recommendations for Security Practitioners Phishing is still heavily in use, and carries with it a high level of efficacy leading the charge for most attacks we see in the wild. It is not an easy problem to address, requiring both technology and behavioral filters. To give readers a sense of our best practices, we offer a short checklist to help guide security initiatives. Activity Eliminate mass phishing campaigns. Reduce risk of cybercriminals being mistaken for trusted parties. Detect and eliminate malicious attachments. Scan URLs in when received, and again when clicked. Scan web traffic for malware when phishing leads the user on a multiclick journey to infection. Stop exfiltration in the event of a breach or user input. Educate users on best practices in detecting and acting upon suspicious s. Key Technologies Secure gateway with sender IP, URL, file, and network reputations, antivirus (AV), and real-time block lists. Secure gateway with identity verification including Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), Domain-Based Message Authentication, Reporting, and Conformance (DMARC). Secure gateway combined with advanced malware protection for file reputation, AV, content emulation, sandboxing, and static code analysis. Secure gateway with URL reputation, AV, content emulation, sandboxing, and static code analysis. Secure web gateway combined with advanced malware protection for URL reputation, AV, content emulation, sandboxing, and static code analysis. Data loss prevention for endpoints, traffic, and web traffic. Follow this link for a list of recommended tips for end users. Interested in assessing the phishing detection capability of your own organization? Run the McAfee Phishing Quiz internally at no cost. Follow these simple steps: 1. Add a unique identifier of your choice (red) to a. b. Test this URL in your browser to ensure it displays the quiz start page. 2. Send this URL to your employees, instructing them to take the quiz. 3. When employees have completed the quiz, contact phishingquiz@mcafee.com for your results. For more information, visit McAfee. Part of Intel Security Mission College Boulevard Santa Clara, CA Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2015 McAfee, Inc rpt_phishing-quiz-retrospective_0615
McAfee Phishing Quiz. Partner Enablement Guide
McAfee Phishing Quiz Partner Enablement Guide Use the Phishing Quiz to educate your own organization, prospects, and existing customers about phishing and how McAfee security solutions can help. This guide
More informationTargeted Phishing. Trends and Solutions. The Growth and Payoff of Targeted Phishing
White Paper Targeted Phishing Email is the medium most organizations have come to rely on for communication. Unfortunately, most incoming email is unwanted or even malicious. Today s modern spam-blocking
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationAnti-Phishing Best Practices for ISPs and Mailbox Providers
Anti-Phishing Best Practices for ISPs and Mailbox Providers Version 2.01, June 2015 A document jointly produced by the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG) and the Anti-Phishing
More informationMcAfee Endpoint Protection for SMB. You grow your business. We keep it secure.
McAfee Endpoint Protection for SMB You grow your business. We keep it secure. Big Protection for Small to Medium-Sized Businesses With the Internet and connected devices now an integral part of your business,
More informationTargeted Phishing SECURITY TRENDS
Security Trends Overview Targeted Phishing SECURITY TRENDS Overview Email is the communication medium most organizations have come to rely on. Unfortunately, most incoming email is unwanted or even malicious.
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationHow to Spot and Combat a Phishing Attack Webinar
How to Spot and Combat a Phishing Attack Webinar October 20 th, 2015 Kevin Patel Sr Director of Information Security, Compliance & IT Risk Mgmt kpatel@controlscan.com Agenda 1) National Cyber Security
More informationWHITEPAPER. V12 Group www.v12groupinc.com 141 West Front Street, Suite 410 Red Bank, NJ 07701 info@v12groupinc.com 1.866.842.1001
WHITEPAPER Phishing Facts for Email Marketers: Understanding the phishing factor impact on your email programs. Email phishing attacks are destructive for everyone, it s not just the brands (and their
More informationSPEAR-PHISHING ATTACKS
SPEAR-PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM WHITE PAPER RECENTLY, THERE HAS BEEN A RAPID AND DRAMATIC SHIFT FROM BROAD SPAM ATTACKS TO TARGETED EMAIL-BASED-PHISHING CAMPAIGNS THAT
More informationHow to Identify Phishing E-Mails
How to Identify Phishing E-Mails How to recognize fraudulent emails and avoid being phished. Presented by : Miguel Fra, Falcon IT Services (miguel@falconitservices.com) http://www.falconitservices.com
More informationExecutive Summary. McAfee Labs Threats Report: Third Quarter 2013
Executive Summary McAfee Labs Threats Report: Third Quarter Although summer can be a relatively slow season for cybercriminal activity (even the bad guys need a break occasionally), the third quarter of
More informationPhishing Scams Security Update Best Practices for General User
Phishing Scams Security Update Best Practices for General User hishing refers to the malicious attack Pmethod by attackers who imitate legitimate companies in sending emails in order to entice people to
More informationDefending Against. Phishing Attacks
Defending Against Today s Targeted Phishing Attacks DeFending Against today s targeted phishing attacks 2 Introduction Is this email a phish or is it legitimate? That s the question that employees and
More informationEvaluating DMARC Effectiveness for the Financial Services Industry
Evaluating DMARC Effectiveness for the Financial Services Industry by Robert Holmes General Manager, Email Fraud Protection Return Path Executive Summary Email spoofing steadily increases annually. DMARC
More informationCyber Security. Securing Your Mobile and Online Banking Transactions
Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet
More informationSPEAR PHISHING AN ENTRY POINT FOR APTS
SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationBad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads
Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves
More informationSCORECARD EMAIL MARKETING. Find Out How Much You Are Really Getting Out of Your Email Marketing
EMAIL MARKETING SCORECARD Find Out How Much You Are Really Getting Out of Your Email Marketing This guide is designed to help you self-assess your email sending activities. There are two ways to render
More informationEmail deliverability: The good, the bad and the ugly
Email deliverability: The good, the bad and the ugly An Experian Data Quality White Paper March 2015 CONTENTS Introduction...1 The good...2 Open rate...2 Click-through rate...3 Authentication...4 The bad...4
More informationState of the Phish 2015
Introduction The threat is real Phishing continues to pose a growing threat to the security of industries of every kind from financial organizations to government contractors to healthcare firms. Though
More informationEmail Correlation and Phishing
A Trend Micro Research Paper Email Correlation and Phishing How Big Data Analytics Identifies Malicious Messages RungChi Chen Contents Introduction... 3 Phishing in 2013... 3 The State of Email Authentication...
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationPrimer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS
A Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS Even with today s breakthroughs in online communication, email is still one of the main ways that most
More informationManaging Junk Mail. About the Junk Mail Filter
Managing Junk Mail Outlook can filter out certain types of messages and send them to a separate folder to keep your Inbox from being cluttered with junk mail. Outlook can also disable links in suspicious
More informationAdvanced Security Methods for efraud and Messaging
Advanced Security Methods for efraud and Messaging Company Overview Offices: New York, Singapore, London, Tokyo & Sydney Specialization: Leader in the Messaging Intelligence space Market focus: Enterprise,
More informationRecognizing Spam. IT Computer Technical Support Newsletter
IT Computer Technical Support Newsletter March 23, 2015 Vol.1, No.22 Recognizing Spam Spam messages are messages that are unwanted. If you have received an e-mail from the Internal Revenue Service or the
More informationMcAfee Security Architectures for the Public Sector
White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed
More informationDON T BE FOOLED BY EMAIL SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam E-Mail FREE GUIDE. December 2014 Oliver James Enterprise
Provided by: December 2014 Oliver James Enterprise DON T BE FOOLED BY EMAIL SPAM FREE GUIDE 1 This guide will teach you: How to spot fraudulent and spam e-mails How spammers obtain your email address How
More informationConducting an Email Phishing Campaign
Conducting an Email Phishing Campaign WMISACA/Lansing IIA Joint Seminar May 26, 2016 William J. Papanikolas, CISA, CFSA Sparrow Health System Estimated cost of cybercrime to the world economy in 2015 was
More informationPhishing and the threat to corporate networks
Phishing and the threat to corporate networks A Sophos white paper August 2005 SUMMARY This paper explains the online fraud known as phishing, examining how it threatens businesses and looking at the dramatic
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationOCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informatione-shot Unique Deliverability
e-shot Unique Deliverability Email Deliverability What is Email Deliverability? Email deliverability s aim is to maximise the number of email messages that reach the intended recipients inboxes. It is
More informationPractical guide for secure Christmas shopping. Navid
Practical guide for secure Christmas shopping Navid 1 CONTENTS 1. Introduction 3 2. Internet risks: Threats to secure transactions 3 3. What criteria should a secure e-commerce page meet?...4 4. What security
More informationProtect your brand from phishing emails by implementing DMARC 1
Protect your brand from phishing emails by implementing DMARC 1 Message from the Certified Senders Alliance supported by AOL, Microsoft and Google In the following article we want to clarify why marketers
More informationSPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015
SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015 The Usual Players Indebtedness for driving on toll road Transaction receipts Notice to appear Major and Emerging Trends
More informationTips for Banking Online Safely
If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining
More informationWith the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.
With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more
More informationA new fake Citibank phishing scam using advanced techniques to manipulate users into surrendering online banking access has emerged.
A new fake Citibank phishing scam using advanced techniques to manipulate users into surrendering online banking access has emerged. The Citibank scam tricks users into surrendering their online banking
More informationWhite paper. Phishing, Vishing and Smishing: Old Threats Present New Risks
White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have
More informationHow to stay safe online
How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware
More informationInformation Security Field Guide to Identifying Phishing and Scams
Information Security Field Guide to Identifying Phishing and Scams 010001010100101010001010011010101010101010101 01000101010011010010100101001010 1 Contents Introduction Phishing Spear Phishing Scams Reporting
More informationCHAPTER 2: CASE STUDY SPEAR-PHISHING CAMPAIGN GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: CASE STUDY SPEAR-PHISHING CAMPAIGN 1 SPEAR-PHISHING CAMPAIGN CASE STUDY MORAL Attacks do not have to be technically advanced to succeed. OVERVIEW In August of 2014, Aerobanet (named changed to protect
More informationProtecting your business from fraud
Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.
More informationDeciphering and Mitigating Blackhole Spam from Email-borne Threats
Deciphering and Mitigating Blackhole Spam from Email-borne Threats Samir Patil Symantec Deciphering and Mitigating Blackhole Spam from Email-borne Threats 1 Outline 1 Background 2 Detection Challenges
More informationThe Anti-Phishing/Anti-Spoofing Guide: What Every Email Marketer Should Know About Brand Protection and Securing the Email Channel GET MORE INFO
The Anti-Phishing/Anti-Spoofing GET MORE INFO rpinfo@returnpath.net 1-866-362-4577 The Anti-Phishing/Anti-Spoofing : What Every Email Marketer Should Know About Brand Protection and Securing the Email
More informationTechnology Blueprint. Protect Your Email. Get strong security despite increasing email volumes, threats, and green requirements
Technology Blueprint Protect Your Email Get strong security despite increasing email volumes, threats, and green requirements LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationWhy phishing is back as the No. 1 web threat, and how web security can protect your company
Phishing 2.0 Why phishing is back as the No. 1 web threat, and how web security can protect your company Contents Why Business Needs to Prepare for Phishing 2.0....................... 1 The Rise and Decline
More informationYour Guide to Email Security
Your Guide to Email Security Protect your Information Email is a powerful way to connect with people. Unfortunately it also makes us vulnerable targets of scammers that can affect us from thousands of
More informationCommtouch RPD Technology. Network Based Protection Against Email-Borne Threats
Network Based Protection Against Email-Borne Threats Fighting Spam, Phishing and Malware Spam, phishing and email-borne malware such as viruses and worms are most often released in large quantities in
More informationPhishing Past, Present and Future
White Paper Phishing Past, Present and Future By Theodore Green, President, SpamStopsHere.com Abstract A particularly dangerous and now common type of spam known as "Phishing attempts to trick recipients
More informationWhen attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher
TrendLabs When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher Advanced persistent threats (APTs) refer to a category
More informationTHE WEBPULSE COLLABORATIVE DEFENSE
WHITEPAPER PROACTIVELY DEFENDING YOUR NETWORK AGAINST MALWARE The ease with which we can access and share information in today s highly connected world is changing everything the way we live our personal
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationCyber Crime: You Are the Target
Cyber Crime: You Are the Target When talking about computer crime, we often hear the observation from computer users that they aren t rich and therefore what they have isn t worth much to a cyber criminal.
More informationTransitioning to McAfee SaaS Email Protection from Postini
Technical FAQ Transitioning to McAfee SaaS Email Protection from Postini Frequently Asked Questions Google recently and abruptly announced that all Postini customers must either migrate to Google Apps,
More informationEmail AntiSpam. Administrator Guide and Spam Manager Deployment Guide
Email AntiSpam Administrator Guide and Spam Manager Deployment Guide AntiSpam Administration and Spam Manager Deployment Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec
More informationWHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware
WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationTrust the Innovator to Simplify Cloud Security
Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like
More informationENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM
WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is
More informationCloud Services. Email Anti-Spam. Admin Guide
Cloud Services Email Anti-Spam Admin Guide 10/23/2014 CONTENTS Introduction to Anti- Spam... 4 About Anti- Spam... 4 Locating the Anti- Spam Pages in the Portal... 5 Anti- Spam Best Practice Settings...
More informationMcAfee Web Reporter Turning volumes of data into actionable intelligence
McAfee Web Reporter Turning volumes of data into actionable intelligence Business today is more Internet-dependent than ever before. From missioncritical services to productivity tools, Internet access
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationThe Federal CISO Dilemma. You have to do FISMA. You must defend against cyber threats.
The Federal CISO Dilemma You have to do FISMA. You must defend against cyber threats. October 2012 Executive Summary Federal CISOs face a unique cyber security challenge copious amounts of regulatory compliance
More informationHow Do Threat Actors Move Deeper Into Your Network?
SECURITY IN CONTEXT LATERAL MOVEMENT: How Do Threat Actors Move Deeper Into Your Network? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is
More informationDEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER October 1, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationFinding Email Security in the Cloud
WHITE PAPER: FINDING EMAIL SECURITY IN THE CLOUD Finding Email Security in the Cloud CONTENTS Introduction 3 I. Why Good Enough Security is Never Good Enough 3 Mind your security gaps 4 II. Symantec Email
More informationTHE THREE Es OF MODERN EMAIL SECURITY FOR PHISHING
THE THREE Es OF MODERN EMAIL SECURITY FOR PHISHING AN ACCUVANT VIEWPOINT By James Robinson, Director, Office of the CISO Attempting to keep up with the ever-changing world of cyber security threats can
More informationSENIORS ONLINE SECURITY
SENIORS ONLINE SECURITY Seniors Online Security Five Distinct Areas Computer security Identity crime Social networking Fraudulent emails Internet banking 1 Computer security 2 There are several ways that
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationOIG Fraud Alert Phishing
U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C. 20507 Office of Inspector General Aletha L. Brown Inspector General July 22, 2005 OIG Fraud Alert Phishing What is Phishing? Phishing is a
More informationIs your data secure?
You re not as safe as you think Think for a moment: Where do you keep information about your congregants or donors? In an Excel file on someone s desktop computer? An Access database housed on your laptop?
More informationOverview An Evolution. Improving Trust, Confidence & Safety working together to fight the e-mail beast. Microsoft's online safety strategy
Overview An Evolution Improving Trust, Confidence & Safety working together to fight the e-mail beast Holistic strategy Prescriptive guidance and user education, collaboration & technology Evolution of
More informationThe following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationAVG AntiVirus. How does this benefit you?
AVG AntiVirus Award-winning antivirus protection detects, blocks, and removes viruses and malware from your company s PCs and servers. And like all of our cloud services, there are no license numbers to
More informationHow to Stop Spam Emails and Bounces
Managing Your Email Reputation For most companies and organizations, email is the most important means of business communication. The value of email today, however, has been compromised by the rampant
More informationImproving Business Outcomes: Plug in to Security As A Service Adrian Covich
Improving Business Outcomes: Plug in to Security As A Service Adrian Covich Principal Systems Engineer, Symantec.cloud 1 Who We Are 2 Security Challenges in Education 3 Security As A Service Email, Web,
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationSOLUTION CARD WHITE PAPER
WHITE PAPER Why Education is Among the Worst Affected Industries by Malware The Contradiction Between Perceived Anti-Virus Readiness and Actual Malware Infection Rates in the Education Industry About This
More informationSMALL BUSINESS IT SECURITY PRACTICAL GUIDE
SMALL BUSINESS IT SECURITY PRACTICAL GUIDE How to make sure your business has comprehensive IT security protection #protectmybiz Small businesses come in all shapes and sizes. But in today s world, no
More informationSecuring Cloud-Based Email
White Paper Securing Cloud-Based Email A Guide for Government Agencies White Paper Contents Executive Summary 3 Introduction 3 The Risks Posed to Agencies Running Email in the Cloud 4 How FireEye Secures
More informationProtect Yourself. Who is asking? What information are they asking for? Why do they need it?
Protect Yourself Your home computer serves many purposes: email, shopping, social networking and more. As you surf the Internet, you should be aware of the various ways to protect yourself. Of primary
More informationBuyers Guide to Web Protection
Buyers Guide to Web Protection The web is the number one source for malware distribution today. While many organizations have replaced first-generation URL filters with secure web gateways, even these
More informationContext Adaptive Scanning Engine: Protecting Against the Broadest Range of Blended Threats
Context Adaptive Scanning Engine: Protecting Against the Broadest Range of Blended Threats W h i t e P a p e r Executive Summary The email and Web security problem can no longer be addressed by point solutions
More informationYou ll learn about our roadmap across the Symantec email and gateway security offerings.
#SymVisionEmea In this session you will hear how Symantec continues to focus our comprehensive security expertise, global intelligence and portfolio on giving organizations proactive, targeted attack protection
More informationLearning to Detect Spam and Phishing Emails Page 1 of 6
Page 1 of 6 Email provides us a powerful communication tool. Unfortunately, it also provides scammers an easy means for luring potential victims. The scams they attempt run from old-fashioned bait-and-switch
More information