SlideShare a Scribd company logo

Fighting the next wave of sophisticated phishing attacks

S
Shashi Prakash

In this talk, we take a look at the latest trends in phishing - volume of attacks, brands and other interesting data points. We examine some newer techniques like use of free SSL services, social media based attacks, homograph attacks and some older techniques like reputation hijacking. We share tips and techniques that security researchers can use to identify each of the aforementioned attack types and uncover details on infrastructure of the bad actors. Lookup tool: https://checkphish.ai Company: https://www.redmarlin.ai

Technology
1 of 51
Download to read offline
Shashi Prakash Chief Scientist Fighting the next wave of sophisticated phishing attacks
SPOT THE FAKE 1 2 Browser: Firefox (Desktop Version 54.0.1)
SPOT THE FAKE 1 2 Browser: Firefox (Desktop Version 54.0.1)
PHISHING…STILL ALIVE AND THRIVING •…phishing attacks in 2016 was 1,220,523, a 65% increase over 2015. •…APWG saw an average of 92,564 phishing attacks per month, an increase of 5,753% over 12 years Source: http://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf
WHO IS AFFECTED July 24 - July 31 Source: https://checkphish.ai/stats
TYPES OF PHISHING • Credential phishing: Link based • Malicious files: html attachments, malware • BEC scam (Whaling) • Ransomware: links, attachments
Let’s dive into real-world examples
SUPPORT ON TWITTER
SUPPORT ON TWITTER
PHISHING ON TWITTER
PHISHING ON TWITTER
PHISHING ON TWITTER
PHISHING ON TWITTER
PHISHING ON TWITTER
PHISHING ON TWITTER
HOMOGRAPH ATTACKS • Homograph - Different entities that look the same • Perpetrated via similar looking domains as famous brands • Domains registered are IDNs in Punycode • Punycode - Encoding to convert Unicode characters to a subset of ASCII - consisting of letters, digits and hyphens. E.g. - Cyrillic characters Source: https://www.xudongz.com/blog/2017/idn-phishing/
HOMOGRAPH ATTACKS • Homograph - Different entities that look the same • Perpetrated via similar looking domains as famous brands • Domains registered are IDNs in Punycode • Punycode - Encoding to convert Unicode characters to a subset of ASCII - consisting of letters, digits and hyphens. E.g. - Cyrillic characters Source: https://www.xudongz.com/blog/2017/idn-phishing/ xn--80ak6aa92e.comapple.com
HOMOGRAPH ATTACKS
HOMOGRAPH ATTACKS xn--parkank-8l3c.com
HOMOGRAPH ATTACKS xn--parkank-8l3c.com
HOMOGRAPH ATTACKS xn--parkank-8l3c.com xn--instgram-3za.com
HUNTING FOR HOMOGRAPH DOMAINS https://domainpunch.com/premium/daily.php DNSTwist: https://github.com/elceef/dnstwist/
HUNTING FOR HOMOGRAPH ATTACKS • Just by searching two characters ‘ou’ • Over 20 day period Source: https://www.redmarlin.ai/punycode-new-domains-passive-dns-tale-hunting/
PHISHING VIA HTTPS • Misinformation on https leads to bigger problems • Rapid rise in https phishing in June-July 2017 • 10% of all phishing sites are now on https
PHISHING VIA HTTPS • Misinformation on https leads to bigger problems • Rapid rise in https phishing in June-July 2017 • 10% of all phishing sites are now on https
PHISHING VIA HTTPS • Top abused CAs • Let’s Encrypt • Comodo SSL • cPanel • GoDaddy • GlobalSign
PHISHING VIA HTTPS • Top abused CAs • Let’s Encrypt • Comodo SSL • cPanel • GoDaddy • GlobalSign
PHISHING VIA HTTPS • Top abused CAs • Let’s Encrypt • Comodo SSL • cPanel • GoDaddy • GlobalSign
PHISHING VIA HTTPS • Top abused CAs • Let’s Encrypt • Comodo SSL • cPanel • GoDaddy • GlobalSign
PHISHING VIA HTTPS • Top abused CAs • Let’s Encrypt • Comodo SSL • cPanel • GoDaddy • GlobalSign
TECH SUPPORT SCAMS • $1.5B estimated loss in 2015 as per Microsoft • $25M defrauded by one scamming company alone • 2 out of 3 Microsoft users affected • FBI reported users from 78 countries affected in 2016 http://www.aarp.org/money/scams-fraud/info-2017/how-to-handle-tech-support-scams-fd-jj.html https://blogs.microsoft.com/on-the-issues/2017/05/18/fight-tech-support-scams/
TECH SUPPORT SCAMS • User gets a cold call from the scammer • User visits a site that maliciously redirects them to the scam site or pops us another window • User mistypes the URL in a browser and the scammer controls the incorrectly typed domain
JAVASCRIPT TRICKS
TECH SUPPORT SCAM - EXAMPLES
TECH SUPPORT SCAM - EXAMPLES
TECH SUPPORT SCAM - EXAMPLES
TECH SUPPORT SCAM - EXAMPLES
TECH SUPPORT SCAM - EXAMPLES
WHAT’S UP WITH THIS ATTACK?
https://youtu.be/qjGyBGPEHSs
WHAT’S UP WITH THIS ATTACK? https://youtu.be/qjGyBGPEHSs
POPULAR BLOCKING TECHNIQUES • Block URL if there is prior confirmed intelligence (blacklists) • Penalize hosts if repeat offenders • Penalize based on bad IP addresses/ASNs/registration dates • Patterns in URLs (e.g. paypal.com.badwebsite.com)
TOOLS - DOMAINTOOLS whois.domaintools.com
TOOLS - GOOGLE https://toolbox.googleapps.com/apps/dig/#TXT/
TOOLS - VIRUSTOTAL PASSIVE DNS
TOOLS - VIRUSTOTAL PASSIVE DNS
TOOLS - VIRUSTOTAL REAL-TIME LOOKUP
TOOLS - VIRUSTOTAL REAL-TIME LOOKUP
TOOLS - VIRUSTOTAL REAL-TIME LOOKUP
TOOLS - CHECKPHISH REAL-TIME LOOKUP
THANK YOU shashi@redmarlin.ai LinkedIn: https://www.linkedin.com/in/shashi-prakash-/ Twitter: @skiddzo @RedMarlinAI

Recommended

Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
INtroduction to Zagros!
INtroduction to Zagros!INtroduction to Zagros!
INtroduction to Zagros!Gita Ziabari
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 

Recommended

Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
INtroduction to Zagros!
INtroduction to Zagros!INtroduction to Zagros!
INtroduction to Zagros!Gita Ziabari
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNorth Texas Chapter of the ISSA
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing PageEmerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing PageCybersecurity Education and Research Centre
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
Die Evolution der Sicherheit
Die Evolution der SicherheitDie Evolution der Sicherheit
Die Evolution der SicherheitDr. Amir Alsbih
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNorth Texas Chapter of the ISSA
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?North Texas Chapter of the ISSA
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsOpenDNS
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatCyren, Inc
 
Pubcon Vegas Session - WordPress Site Security Audits
Pubcon Vegas Session - WordPress Site Security AuditsPubcon Vegas Session - WordPress Site Security Audits
Pubcon Vegas Session - WordPress Site Security AuditsKristine Schachinger SEO and Online Marketing
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 

More Related Content

What's hot

Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNorth Texas Chapter of the ISSA
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
Die Evolution der Sicherheit
Die Evolution der SicherheitDie Evolution der Sicherheit
Die Evolution der SicherheitDr. Amir Alsbih
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNorth Texas Chapter of the ISSA
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsOpenDNS
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatCyren, Inc
 

What's hot (20)

Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat report
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing PageEmerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
 
Die Evolution der Sicherheit
Die Evolution der SicherheitDie Evolution der Sicherheit
Die Evolution der Sicherheit
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower Costs
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threat
 

Similar to Fighting the next wave of sophisticated phishing attacks

Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
2018 Hacked Website Trends
2018 Hacked Website Trends2018 Hacked Website Trends
2018 Hacked Website TrendsSucuri
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016Tudor Damian
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposedtamfin
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threatsZscaler
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
 
PhishThreat.pptx
PhishThreat.pptxPhishThreat.pptx
PhishThreat.pptxJorgeRosa46
 
Why Security Matters for Marketers
Why Security Matters for MarketersWhy Security Matters for Marketers
Why Security Matters for MarketersHubSpot
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallAlienVault
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
Hacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHostway|HOSTING
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani GolandCODE BLUE
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCanSecWest
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five yearsSABBY GILL
 

Similar to Fighting the next wave of sophisticated phishing attacks (20)

Pubcon Vegas Session - WordPress Site Security Audits
Pubcon Vegas Session - WordPress Site Security AuditsPubcon Vegas Session - WordPress Site Security Audits
Pubcon Vegas Session - WordPress Site Security Audits
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
2018 Hacked Website Trends
2018 Hacked Website Trends2018 Hacked Website Trends
2018 Hacked Website Trends
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
 
Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
 
Phishing
PhishingPhishing
Phishing
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to go
 
PhishThreat.pptx
PhishThreat.pptxPhishThreat.pptx
PhishThreat.pptx
 
Why Security Matters for Marketers
Why Security Matters for MarketersWhy Security Matters for Marketers
Why Security Matters for Marketers
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
 
Hacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHacking Airwaves with Pineapples
Hacking Airwaves with Pineapples
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Fighting the next wave of sophisticated phishing attacks