Phishing. Exciting horror stories and the very boring antidote

Similar documents

Layered security in authentication. An effective defense against Phishing and Pharming

Information Security Field Guide to Identifying Phishing and Scams

Recognizing Spam. IT Computer Technical Support Newsletter

OIG Fraud Alert Phishing

SK International Journal of Multidisciplinary Research Hub

It s easy to protect our files our school work, our music, our photos, our games everything that we save on our computers from loss by malware.

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks

RC284. Protect Yourself Against Identity Theft

Information Security Technology?...Don t Rely on It A Case Study in Social Engineering

What are the common online dangers?

Phishing Scams Security Update Best Practices for General User

SPEAR PHISHING TESTING METHODOLOGY

I know what is identity theft but how do I know if mine has been stolen?

When Fraud Comes Knocking

Please note the information contained within this document is for Educational purposes only.

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY

Protecting your business from fraud

C-SAVE. Scenario #1 Jake and the Bad Virus. The two major C3 concepts this scenario illustrates are:

Analytics, Big Data, & Threat Intelligence: How Security is Transforming

Cyber Security. Securing Your Mobile and Online Banking Transactions

How to Recognize Phishing s Targeting the University of Mary

The Devil is Phishing: Rethinking Web Single Sign On Systems Security. Chuan Yue USENIX Workshop on Large Scale Exploits

Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks

S.A.F.E. Recognize a scam before you become a victim of fraud Division of Consumer Protection

WHY YOU NEED AN SSL CERTIFICATE

IDENTITY THEFT: MINIMIZING YOUR RISK

Attack Intelligence: Why It Matters

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

PROTECTING YOURSELF FROM IDENTITY THEFT. The Office of the Attorney General of Maryland Identity Theft Unit

THINGS YOU SHOULD KNOW ABOUT IDENTITY THEFT

Security Bank of California Internet Banking Security Awareness

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

FTC Fact Sheet Identify Yourself

How To Get Help From The Police Department

How to Prevent It What to Do If You Are a Victim

Activities for Protecting Your Identity and Computer for Middle and High School Students

How To Protect Yourself Online

BE SAFE ONLINE: Lesson Plan

Hint: Best actions: Find out more in videos and FAQ: Hint: Best actions: Find out more in videos and FAQ:

Securing Your Business s Bank Account

When you are prompted to enroll, you will be asked to enter a Security Phrase and select/answer three different Challenge Questions.

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.

Could you spot a scammer?

Corporate Account Take Over (CATO) Guide

WHITE PAPER. The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks

Enhanced Security for Online Banking

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group

Join the conversation (Part 1)

Internet Basics. Meg Wempe, Adult Services Librarian ABOUT THIS CLASS. P a g e 1

Designing an Identity Theft Prevention Program

Helping you to protect yourself against fraud and financial crime

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Deception scams drive increase in financial fraud

Protecting Yourself from Identity Theft

Shield Your Business - Combat Phishing Attacks. A Phishnix White Paper

Website Privacy Policy Statement York Rd Lutherville, MD We may be reached via at

Advice about online security

WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2

CUSTOMERS & CRIMINALS: USE WEB SESSION INTELLIGENCE TO DETECT WHO IS WHO ONLINE

Fraud Prevention Guide

Reduce your Risk of Credit Card & Identity Fraud

NATIONAL CYBER SECURITY AWARENESS MONTH

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Don t Click That Link and other security tips. Laura Perry Jennifer Speegle Mike Trice

CyberbullyNOT Student Guide to Cyberbullying

A FOTONOVELA FROM THE FEDERAL TRADE COMMISSION

Social Media and Cyber Safety

Deter, Detect, Defend

A Parents' Guide to. Snapchat ConnectSafely.org

Identity Protection Services

mycampus Portal Student ASU Network Software Student Edition ASU IT Services

Would You Like To Earn $1000 s With The Click Of A Button?

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives

Avoid completing forms in messages that ask for personal financial information.

Credit Card Fraud Training

Information to Protect Our Customers From Identity Theft

CYBERSECURITY HOT TOPICS

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about:

Transcription:

Phishing Exciting horror stories and the very boring antidote

EXPECTATIONS WHAT YOU LL KNOW, AND NOT KNOW, AFTER I M DONE WITH YOU WHAT YOU WILL KNOW How the phishing attack is carried out Some really embarrassing examples.. ( and some less embarrassing ones) How you can prevent phishing and why you probably won t succeed WHAT YOU WONT KNOW How someone can be stupid enough the wire $46.7 million to an offshore account without making sure the mail asking you to do so is legit. Anything revolutionizing

BIO OR WHO AM I TO TELL YOU WHAT TO DO HANNA LIDZELL SEC-T Collector of stories and images WORK? Works with MSS Services IDS and SIEM solutions Background in operations.... SO WHAT DOES THIS MEAN?.... meetings

CASE STUDIES HORROR STORIES FROM THE REAL WORLD CLARA THE CLASSMATE & the Facebook scam FREDERICK THE FRIEND & the Netflix account AN AUNT & the targeted attack UBIQUITY & the really stupid wire transfer

THE FACEBOOK SCAM CLARA THE CLASSMATE CLICKS AN UNFORTUNATE LINK CLARA hellu CLARA What s up? @home? thought I d check if you re up for helping me out real quickly CLARA Thanks! CLARA I really need to pay a bill but my bank acount thingie has stopped working, do you have yours close by? Or, what s your bank? CLARA Great. I have HSB too HANNA Hi! HANNA Sure thing. I d love to help out if I can be of assistance. HANNA sooo.. What do you need? HANNA Handelsbanken.

THE FACEBOOK SCAM CAUSE AND RESOLUTION WHAT CLARA DID WRONG Clicked a clickbait link Filled in her account information WHAT CLARA DID RIGHT Told her friends Logged out from all devices Changed her Facebook password Didn t change the password everywhere

THE NETFLIX ACCOUNT FREDERICK THE FRIEND HAS A CASE OF BAD LUCK FREDERICK THE FRIEND 28 y/o Tech-savvy Slightly hung over Bank troubles New email client Already logged in to Netflix

MY AUNT MY AUNT IS TARGETED IN A MORE SOPHISTICATED WAY MY AUNT Works at large Swedish corporation Indian tech support scam

UBIQUITY UBIQUITY & THE STUPIDLY LARGE MONEY TRANSFER "employee impersonation and fraudulent requests from an outside entity targeting the Company's finance department. "The investigation uncovered no evidence that our systems were penetrated or that any corporate information, including our financial and account information, was accessed. The investigation found no evidence of employee criminal involvement in the fraud," $46,7 MILLION

BUSINESS EMAIL COMPROMISE HOW IT MIGHT HAVE HAPPENED SPOOFED EMAIL A spoofed email impersonating a CEO/CIO requesting/approving the transfer. Continual follow up. TARGETED (SPEAR) PHISHING Phishing targeting a CEO/CIO, resulting in access to company email and the ability to request/approve the transfer from a legitimate account. Once the credentials to the trusted account has been uncovered the attacker can contact users within the organization without triggering any alerts.

MASS-ATTACKS Wide spectrum attacks targeting a large audience Hit or miss, active for short period of time. Low success rate (0,2% 5%) Low profit per success Collecting and selling data Often detected by IDS, threat intelligence-, or host protection-tools SPEAR PHISHING Targeted attacks Well researched Small attack surfaces Attack tailored to target Specific goal Difficult to detect

WHY PHISHING WORKS LACK OF KNOWLEDGE of computer systems of security indicators VISUAL DECEPTION deceptive text deceptive images deceptive windows look & feel BOUNDED ATTENTION lack of attention to security indicators lacking attention to absence of security indicators Credit: Dhamija, R., Tygar, J.D., & Hearst, Marti. 2006

So how do we fix it? You can t

RISK MITIGATION Awareness training Good support systems Be serious about your security policy Help your users understand your security policy Lead by example Be a good person

https://privat.ib.seb.se/wow/1000/1000/wow1020.aspx Ridiculous URL Old copy right stamp (2011) Sloppy graphics Doesn t adapt to screen LEADING BY EXAMPLE https://secure.handelsbanken.se/bb/glss/servlet/ssco_auth2?appaction=doauthentication&path=ssse&entryid=privfor mse&language=sv&country=se Doesn t adapt to screen Looks like my make your own webpage -project from fifth grade Crazy long URL https://internetbanken.privat.nordea.se/nsp/login Again, fifth grade project Inaccurate description of SSL/TLS padlock https://internetbank.swedbank.se/idp/portal/identifieringidp/idp/dap1/ver=2.0/rparam=execution=e1s2 No copy right date

LEADING BY EXAMPLE

BE A GOOD PERSON

POP QUIZ! WHERE WILL WE END UP? http://www.test/example.com/test/test2/destination http://www.test.com/example.com/destination.url http://www.test.com.example.com/example.com/destination.url http://www.example domaine.com.name/test/test2/destination http://testsite.com:trial@example.com