0
Something In the Library Smells Phishy
Presented by Nicholas Davis, CISSP, CISA
OverviewOverview
Phishing Background
Threat to IT on campus
Phishing education
Tricks employed
Sample phishing emails uniq...
Phishing DefinedPhishing Defined
Phishing is the act of attempting to
acquire information such as usernames,
passwords, an...
Why Phishing Is Such a ThreatWhy Phishing Is Such a Threat
UW-Madison IT infrastructure is
designed to protect the campus
...
Your Password Is the Key to theYour Password Is the Key to the
KingdomKingdom
If an attacker can
persuade you to give
them...
UW-Madison’s ProprietaryUW-Madison’s Proprietary
Research Interests PhishersResearch Interests Phishers
Consider the value...
I am Too Smart to Fall For aI am Too Smart to Fall For a
Trick Like PhishingTrick Like Phishing
Most large organizations h...
Phishing Relies Upon SocialPhishing Relies Upon Social
EngineeringEngineering
The practice of deceiving someone,
either in...
Tricks Used By Expert PhishersTricks Used By Expert Phishers
Socially Aware: Mining of information
about the target from p...
Specific Examples of ComplexSpecific Examples of Complex
Phishing AttemptsPhishing Attempts
Baiting: Placing a USB flash d...
Specific Examples of ComplexSpecific Examples of Complex
Phishing AttemptsPhishing Attempts
QR Code Curiosity: Embedding
m...
Specific Examples of ComplexSpecific Examples of Complex
Phishing AttemptsPhishing Attempts
Out of Office, Out of Control:...
What Would Happen If YouWhat Would Happen If You
Received This Email?Received This Email?
03/18/14 UNIVERSITY OF WISCONSIN...
What Would Happen If YouWhat Would Happen If You
Received This Email?Received This Email?
03/18/14 UNIVERSITY OF WISCONSIN...
Tips To Spot Social EngeeringTips To Spot Social Engeering
Within a Phishing AttemptWithin a Phishing Attempt
Asks you to ...
Spotting the Phish After theSpotting the Phish After the
ClickClick
Website address looks odd or incorrect
IP address show...
Can You Spot the Issue HereCan You Spot the Issue Here
03/18/14 UNIVERSITY OF WISCONSIN 17
Combat Phishing AttemptsCombat Phishing Attempts
Never give away personal information,
especially username and password
Do...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Faculty and staff email Notif...
DiscussionDiscussion
• Odd use of the English language
• Email references a service which you
may never have heard of, and...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Secure Account Notification
D...
DiscussionDiscussion
• A punishment has been specified for
previous actions, making you feel
guilty
• A sense of urgency o...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Web!User
Date: February 19, 2...
DiscussionDiscussion
• Poor English grammar usage
• Sense of urgency implied
• Refers to you by some odd generic
name “web...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Apple Customer Alert!
Date: F...
DiscussionDiscussion
• Sense of urgency contained in email
• You have been made to feel guilty
• Context aware reference f...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: RE: Faculty Staff & Employee ...
DiscussionDiscussion
• Socially aware email appears to be
familiar with your association with
the university as a faculty ...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: ACH Notification
Date: Octobe...
DiscussionDiscussion
• References commonly known “ACH”
term, which is familiar to people who
deal with accounts payable an...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Court attendance notification...
DiscussionDiscussion
• Context issues: You don’t live in
Goergia and have not been there
recently (warning sign)
• You are...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Scanned Image from a HP Digit...
DiscussionDiscussion
• Lots of context aware references in
this email….Almost all of us use HP
printers and Adobe Acrobat ...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Your account has been tempora...
DiscussionDiscussion
• Context aware attack, for those who
have a Chase credit card. An immediate
red flag for those who d...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Microsoft Security Update
Dat...
DiscussionDiscussion
• A sense of urgency is explicit in this
email
• A sense of guilt, for some action you did,
is presen...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Photos
Date: August 13, 2012
...
DiscussionDiscussion
• Context aware. At some point, most
of us have received links to pictures,
sent by friends, through ...
What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: NetTeller Watch Notice
Date: ...
DiscussionDiscussion
• Appeals to human nature of wanting
to believe we can get something for
nothing…In this case $40,866...
Curiosity Killed the Cat!Curiosity Killed the Cat!
Lack of Curiosity Killed the Phish!Lack of Curiosity Killed the Phish!
...
Upcoming SlideShare
Loading in...5
×

Something in the library smells phishy

281

Published on

Phishing and Social Engineering presentation I gave to UW-Madison library staff, on 3/18/2014

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
281
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Something in the library smells phishy"

  1. 1. Something In the Library Smells Phishy Presented by Nicholas Davis, CISSP, CISA
  2. 2. OverviewOverview Phishing Background Threat to IT on campus Phishing education Tricks employed Sample phishing emails unique to UW- Madison Spotting the phish, after the click 10 quick tests for the audience! Q&A 03/18/14 UNIVERSITY OF WISCONSIN 2
  3. 3. Phishing DefinedPhishing Defined Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication, usually email. 03/18/14 UNIVERSITY OF WISCONSIN 3
  4. 4. Why Phishing Is Such a ThreatWhy Phishing Is Such a Threat UW-Madison IT infrastructure is designed to protect the campus computing assets with many technical controls However, this persuades hackers to pursue access via alternate means, often choosing to exploit the human factor 03/18/14 UNIVERSITY OF WISCONSIN 4
  5. 5. Your Password Is the Key to theYour Password Is the Key to the KingdomKingdom If an attacker can persuade you to give them your password, they can evade all the controls put in place to protect sensitive systems 03/18/14 UNIVERSITY OF WISCONSIN 5
  6. 6. UW-Madison’s ProprietaryUW-Madison’s Proprietary Research Interests PhishersResearch Interests Phishers Consider the value of UW-Madison’s intellectual property 03/18/14 UNIVERSITY OF WISCONSIN 6
  7. 7. I am Too Smart to Fall For aI am Too Smart to Fall For a Trick Like PhishingTrick Like Phishing Most large organizations have a phishing participation rate of around 10% This rises when the population become the subjects of Spear Phishing, which is phishing email designed specifically for the recipient 03/18/14 UNIVERSITY OF WISCONSIN 7
  8. 8. Phishing Relies Upon SocialPhishing Relies Upon Social EngineeringEngineering The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The targets of social engineering may never realize they have been victimized. 03/18/14 UNIVERSITY OF WISCONSIN 8
  9. 9. Tricks Used By Expert PhishersTricks Used By Expert Phishers Socially Aware: Mining of information about the target from publicly available resources, such as Facebook, property records, or even CCAP Context Aware: Make reference to an activity you are likely to engage in, such as Amazon.com, or UPS package receipt 03/18/14 UNIVERSITY OF WISCONSIN 9
  10. 10. Specific Examples of ComplexSpecific Examples of Complex Phishing AttemptsPhishing Attempts Baiting: Placing a USB flash drive or CD, with malware on it, in a public place 03/18/14 UNIVERSITY OF WISCONSIN 10
  11. 11. Specific Examples of ComplexSpecific Examples of Complex Phishing AttemptsPhishing Attempts QR Code Curiosity: Embedding malicious code within a QR code, on a printout posted to a community bulletin board 03/18/14 UNIVERSITY OF WISCONSIN 11
  12. 12. Specific Examples of ComplexSpecific Examples of Complex Phishing AttemptsPhishing Attempts Out of Office, Out of Control: Taking advantage of an autoresponder, leveraging specific knowledge to exploit co-workers 03/18/14 UNIVERSITY OF WISCONSIN 12
  13. 13. What Would Happen If YouWhat Would Happen If You Received This Email?Received This Email? 03/18/14 UNIVERSITY OF WISCONSIN 13
  14. 14. What Would Happen If YouWhat Would Happen If You Received This Email?Received This Email? 03/18/14 UNIVERSITY OF WISCONSIN 14
  15. 15. Tips To Spot Social EngeeringTips To Spot Social Engeering Within a Phishing AttemptWithin a Phishing Attempt Asks you to verify a sensitive piece of information A sense of urgency is implied in the message An overt or implied threat may be present Flattery is used to get you to drop your guard Use, and sometimes overuse of organizational knowledge in employed A bribe or reward for your “help” may be offered 03/18/14 UNIVERSITY OF WISCONSIN 15
  16. 16. Spotting the Phish After theSpotting the Phish After the ClickClick Website address looks odd or incorrect IP address shows in address bar Multiple pop-ups appear on top of legitimate website window Website contains spelling or grammar errors No SSL lock is present on what should be a secure site 03/18/14 UNIVERSITY OF WISCONSIN 16
  17. 17. Can You Spot the Issue HereCan You Spot the Issue Here 03/18/14 UNIVERSITY OF WISCONSIN 17
  18. 18. Combat Phishing AttemptsCombat Phishing Attempts Never give away personal information, especially username and password Don’t let curiosity get the best of you Look for the tell-tail signs we have discussed today There are no situations which justify exceptions If something sounds too good to be true… 03/18/14 UNIVERSITY OF WISCONSIN 18
  19. 19. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: Faculty and staff email Notification Date: February 21, 2014 Dear user, We currently upgraded to 4GB space. Please log-in to your account in order to validate E-space. Your account is still open for you to send and receive e-mail. Click on faculty and staff email upgrade <http://bad URL> to confirm details and upgrade. Note that failure to upgrade with this notification would lead to dismissal of your user account.Protecting your email account and improving the quality of your email is our primary concern. This has become necessary to serve you better. Copyright ©2014 IT Help desk. 03/18/14 UNIVERSITY OF WISCONSIN 19
  20. 20. DiscussionDiscussion • Odd use of the English language • Email references a service which you may never have heard of, and do not use • There is a sense of urgency in the email • There is a direct threat of implications, if you do not act immediately 03/18/14 UNIVERSITY OF WISCONSIN 20
  21. 21. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: Secure Account Notification Date: February 20, 2014 Blackboard Secure Account Notification A suspicious activity has been detected. For your safety, your account access has been suspended. Please re-activate your account immediately by clicking on the "Re-Activate My Account" link provided below: <Re-Activate My Account> We are sorry for any inconveniences caused as your safety is important to us. Thank you, Blackboard System Notifications. 03/18/14 UNIVERSITY OF WISCONSIN 21
  22. 22. DiscussionDiscussion • A punishment has been specified for previous actions, making you feel guilty • A sense of urgency of action on your part is asked for • A context aware attack is used, referencing Blackboard, a commonly used software package, in higher education 03/18/14 UNIVERSITY OF WISCONSIN 22
  23. 23. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: Web!User Date: February 19, 2014 Dear Web!User, We are under urgent upgrade service you are require to upgrade account by via hxxp://servacc.0ad.info/ System Administrator Web! Techs. 03/18/14 UNIVERSITY OF WISCONSIN 23
  24. 24. DiscussionDiscussion • Poor English grammar usage • Sense of urgency implied • Refers to you by some odd generic name “web user” 03/18/14 UNIVERSITY OF WISCONSIN 24
  25. 25. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: Apple Customer Alert! Date: February 18, 2014 Dear Apple Customer, Please confirm your identity today or your account will be Disabled due to concerns we have for the safety and integrity of the Apple Community. To confirm your identity, we recommend Click here Regards, Apple Customer Service. 03/18/14 UNIVERSITY OF WISCONSIN 25
  26. 26. DiscussionDiscussion • Sense of urgency contained in email • You have been made to feel guilty • Context aware reference for all Apple users • Threat of account disabling if you do not act 03/18/14 UNIVERSITY OF WISCONSIN 26
  27. 27. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: RE: Faculty Staff & Employee Mailbox Upgrade Date: January 21, 2014 Dear Faculty Staff & Employee Email Subscribers Welcome to 2014 Academic Season Your Email Account have been put on-hold by our server,you can no longer send or receive emails,to avoid this kindly click on the link UPGRADE to submit your old account for New to enable you to send and receive emails Thank You ITS Service Provider Team 03/18/14 UNIVERSITY OF WISCONSIN 27
  28. 28. DiscussionDiscussion • Socially aware email appears to be familiar with your association with the university as a faculty or staff member • Odd use of English language • Sense of moderate urgency implied 03/18/14 UNIVERSITY OF WISCONSIN 28
  29. 29. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: ACH Notification Date: October 9, 2013 Attached is a summary of Origination activity for 10/09/2013 If you need assistance please contact us via e- mail during regular business hours. Thank you for your cooperation. 03/18/14 UNIVERSITY OF WISCONSIN 29
  30. 30. DiscussionDiscussion • References commonly known “ACH” term, which is familiar to people who deal with accounts payable and accounts receivable • Plays on your sense of curiosity, to learn more….(What account is this? How much do I owe?) • Email is intentionally vague 03/18/14 UNIVERSITY OF WISCONSIN 30
  31. 31. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: Court attendance notification #ID608 Date: January 9, 2014 From: Illegal software Sent: Thursday, January 09, 2014 1:18 AM Subject: Court attendance notification #ID608 Warrant to appear, Please be informed that you are expected in the Court of Georgia on February 2nd, 2014 at 9:30 a.m. where the hearing of your case of illegal software use will take place. You may obtain protection of a lawyer, if necessary. Please bring your identity documents to the Court on the named day. Attendance is compulsory. The detailed plaint note is attached to this letter, please download and read it thoroughly. Court clerk, LANE Pruitt 03/18/14 UNIVERSITY OF WISCONSIN 31
  32. 32. DiscussionDiscussion • Context issues: You don’t live in Goergia and have not been there recently (warning sign) • You are made to feel guilty for some previous action which you supposedly engaged in • A sense of urgency is implied • The email may appeal to your sense of curiosity 03/18/14 UNIVERSITY OF WISCONSIN 32
  33. 33. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: Scanned Image from a HP Digital Device Date: June 19, 2013 Please open the attached document. This document was digitally sent to you using an HP Digital Sending device. To view this document you need to use the Adobe Acrobat Reader. 03/18/14 UNIVERSITY OF WISCONSIN 33
  34. 34. DiscussionDiscussion • Lots of context aware references in this email….Almost all of us use HP printers and Adobe Acrobat reader, on our computer. Do not let your guard down simply because of some familiar references • This email appeals to your curiosity to see what is in the attachment… Don’t fall for it! 03/18/14 UNIVERSITY OF WISCONSIN 34
  35. 35. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: Your account has been temporarily limited. ID K5008204 Date: September 1, 2012 Your account has been temporarily limited. To remove the limitation from your account please confirm your credit card details on file. For confirmation, please click the link below: Sign-on to Chase online account Sincerely, Cardmember Services © 2012 JPMorgan Chase & Co. 03/18/14 UNIVERSITY OF WISCONSIN 35
  36. 36. DiscussionDiscussion • Context aware attack, for those who have a Chase credit card. An immediate red flag for those who do not • A punishment has been applied, which will harm your ability to engage in credit card transactions, instilling a sense of fear • The email is so vague, it makes you curious to learn more by clicking on a link 03/18/14 UNIVERSITY OF WISCONSIN 36
  37. 37. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: Microsoft Security Update Date: August 10, 2012 Dear Window Users, You have a urgent windows security alert. A deadly virus that can replicate itself was detected yesterday on one of our servers. You are to download the latest windows defender from the below link to prevent your hard drive from getting damanged. CLICK HERE to log in with your email and download the updated version. Windows Security Team 03/18/14 UNIVERSITY OF WISCONSIN 37
  38. 38. DiscussionDiscussion • A sense of urgency is explicit in this email • A sense of guilt, for some action you did, is present • Context aware for Microsoft users…For others, the Microsoft reference should be a red flag • Requires you to click on something to fix the problem. Note, in reality, most such maintenance is performed by your network administrator and should not require action on your part. 03/18/14 UNIVERSITY OF WISCONSIN 38
  39. 39. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: Photos Date: August 13, 2012 Hi, as promised your photos - hxxp://127.0.0.1/badstuff.htm 03/18/14 UNIVERSITY OF WISCONSIN 39
  40. 40. DiscussionDiscussion • Context aware. At some point, most of us have received links to pictures, sent by friends, through email, so are fooled into thinking that this email could apply to you • The email is intentionally vague, making you curious to learn more… Don’t fall for the click! 03/18/14 UNIVERSITY OF WISCONSIN 40
  41. 41. What Do You Think?What Do You Think? Can You Spot the Phish?Can You Spot the Phish? Subject: NetTeller Watch Notice Date: July 2, 2012 The following ACH batch has been initiated: Confirmation number: 0829703846 Category: MONTHLY PAYROLL Effective Date: 7/03/12 Debits: $.00 Credits: $40,866.29 Class Code: PPD Offset Account: CHECKING For details, please log in to your NetTeller account. Click here to access NetTeller account NOTE: Some web browsers do not open a new window when the above link is clicked. If you find that a new window did not open, please check the other open browsers on your computer. 03/18/14 UNIVERSITY OF WISCONSIN 41
  42. 42. DiscussionDiscussion • Appeals to human nature of wanting to believe we can get something for nothing…In this case $40,866.29, to be specific • Since you were not expecting a windfall of money, this email appeals to your sense if curiosity, to click and learn what it is all about • You don’t have a Net Teller account, so this should be a red flag. 03/18/14 UNIVERSITY OF WISCONSIN 42
  43. 43. Curiosity Killed the Cat!Curiosity Killed the Cat! Lack of Curiosity Killed the Phish!Lack of Curiosity Killed the Phish! Nicholas Davis ndavis1@wisc.edu 03/18/14 UNIVERSITY OF WISCONSIN 43
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×