How to Spot and Combat a Phishing Attack Webinar

Transcription

1 How to Spot and Combat a Phishing Attack Webinar October 20 th, 2015 Kevin Patel Sr Director of Information Security, Compliance & IT Risk Mgmt kpatel@controlscan.com

2 Agenda 1) National Cyber Security Awareness Month (NCSAM) overview 2) Phishing overview 3) By the numbers - phishing stats 4) Which phishing tactics are on the rise and old tactics that are still working today 5) Anatomy of a phishing 6) Sample phishing s can you spot the phish? 7) What to do if an appears to be a phishing attempt 8) So why should I care about phishing? 9) Online phishing resources 10) Q&A ControlScan

3 National Cyber Security Awareness Month (NCSAM) NCSAM is celebrated every October 2015 marks NCSAM 12 th year A collaborative initiative between the government and industry to promote online safety awareness Primary goal of NCSAM is to educate people about the risks of cybersecurity and provide resources to stay safe and secure online. ControlScan supports NCSAM and is a champion this year joining a growing global effort of 400+ colleges and universities, businesses, government agencies, associations and non-profit organizations ControlScan

4 They Didn t Avoid the Bait Majority of all the major data breaches over the past few years have what in common? PHISHING was the initial point of entry The following companies fell for sophisticated phishing attacks: Target million records compromised Anthem 78.8 million records JPMC 83 million records breached Sony 102 million records South Carolina DOR 8 million records ControlScan

5 So What is Phishing? Phishing is a fraudulent attempt (a type of spam) which is usually made through to steal your personal/sensitive information. Phishing is a psychological attack used by cybercriminals to trick you into giving up information or taking an action such as clicking on a link, opening an attachment, or responding to a scam. Phishing is a common form of social engineering and has become the preferred method for cybercriminals. The bad guys spoof legitimate companies and brands that the recipient may be familiar with. Image Source: SANS ControlScan

6 So What is Phishing? (cont.) Spear Phishing Sophisticated highly targeted phishing scam aimed at specific individuals or groups within an organization (i.e. C-Suite, Accounting, HR or IT) with the sole purpose of obtaining unauthorized access to sensitive data. Most popular form of phishing and on the rise. High-profile individuals are targeted, which is why its referred to as whaling. Spear Phishing makes use of information about a target to make attacks more specific and targeted. Hackers do their research! Intent remains the same - to steal intellectual property, financial data, trade or military secrets and other confidential data. Vishing A form of social engineering similar to phishing but occurs over the phone primarily using automated voice systems. Instead of sending an , you receive a call on your home phone or mobile device, claiming to be from your bank or another institution you trust, and will request you share sensitive info. SMiShing Accomplished through text messages (SMS) via a cell phone or mobile device by asking you to call a particular number to gain sensitive information or click on a link that could contain malicious code. ControlScan

7 Why is Phishing So Popular with Hackers? Phishing is a top hacker technique since it is usually the path of least resistance for the bad guys to get the sensitive data they want without being detected. Phishing is the No. 1 method to gain unauthorized access and steal data since the bad guys like to take advantage of human error. ControlScan

8 What do the Cybercriminals want? Protected Health Information (PHI) ControlScan

9 Top 3 Ways to get Phished ControlScan

10 By the Numbers - Phishing Stats Data/Image Sources: 1. Lireo Designs - The State of Phishing 2. Kaspersky Labs - The Evolution of Phishing Attacks: APWG - Global Phishing Survey: Trends and Domain Names Use in 1H ControlScan

11 By the Numbers - Phishing Stats (cont.) Data/Image Sources: 1. Kaspersky Labs - The Evolution of Phishing Attacks: APWG - Global Phishing Survey: Trends and Domain Names Use in 1H HP - State of Network Security, August 2014 ControlScan

12 Anatomy of a Phishing In order for you to successfully identify and combat phishing s we must first understand the anatomy of the . To deceive recipients into divulging sensitive information, cybercriminals will use a variety of tactics such as: Image Source: ControlScan

13 Sample Phishing Can you spot the phish? Source: ControlScan

14 Sample Phishing Can you spot the phish? Source: ControlScan

15 Sample Phishing Can you spot the phish? Source: ControlScan

16 Phishing Indicators Can you spot the phish? Sent from someone's personal account Generic greeting Grammar and spelling mistakes Requires immediate action and creates a sense of urgency Malicious Link mouse over to verify link Generic sender lack of contact info Suspicious attachment Source: SANS Don t Get Hooked Poster ControlScan

17 Sample Phishing Website Can you spot the phish? Source: ControlScan

18 Sample Phishing Website Can you spot the phish? Source: ControlScan

19 Phishing Checklist Don t believe everything you see If it sounds to good to be true it usually is. No, you didn t just win a $1,000 gift card. Beware of threatening language or invoking a sense of urgency Analyze the greeting generic salutation Dear Customer use is a tell-tale sign Look but do NOT click mouse over links, avoid URLs signs Be suspicious of attachments i.e..exe,.com,.pif,.bat,.msi,.scr,.zip,.vbs Requests personal information - Do NOT share personal/sensitive information Check for mistakes in spelling and grammar most organizations proofread Review the signature generic and lack of detail or contact info Source: ControlScan

20 What to do if you receive a Phishing ? Report It & Delete It You should report suspected phishing s to your local IT support staff or security team immediately Notify the company, bank, or organization impersonated by the phishing . Many large companies provide directions on there websites on how to report phishing. FTC: Forward phishing s to spam@uce.gov APWG: Forward the suspected phishing to reportphishing@apwg.org US-CERT: Report phishing s and sites Forward phishing s to US-CERT phishing-report@us-cert.gov **Remember to include the full header when reporting phishing s ControlScan

21 So Why Should I Care About Phishing? We are the first line of defense in successfully detecting and stopping phishing attacks We are all phishing targets both at work and at home Hackers take advantage of the human factor (potential for human error) by enticing you to click or download. The bad guys know that careless or untrained employees are the quickest and easiest way to circumvent even the best security controls. Hackers want your personal and financial information, access to your accounts and your devices. If it has value on the black-market the hackers want it! Its that simple ControlScan

22 Online Phishing Resources CRI Cyber Security Awareness - Phishing Video: ControlScan

23 Q&A Remember all it takes is ONE click to become a victim of phishing When in doubt DELETE ControlScan