Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Dealing with a Spoof mail attack and Phishing
mail attacks | A little story with a sad end
Part 1/9
Eyal Doron o365info.com
The common feeling of IT persons is –
that they know and understand everything that is
related to ...
Eyal Doron o365info.com
The simple truth is that most of the time, we don t really
have any idea, about the threats and da...
Eyal Doron o365info.com
You fell a powerful header which brings down the floor
Eyal Doron o365info.com
In each security event, in which we discover the
damage which was caused by the Spoof  Phishing
ma...
Eyal Doron o365info.com
Shout and scream anyone you can!
Eyal Doron o365info.com
The silent grief phase
Eyal Doron o365info.com
The only difference between those events that
organizations experience is - the faces and the name...
The little story
about Jeff
Eyal Doron o365info.com
Let me tell you a story that happened long
long ago in a far away land
Eyal Doron o365info.com
Scene number 1/9
1
2 3 4 5 6 7 8 9
Eyal Doron o365info.com
It's 9:30 in the morning; the sun is shining.
In our little story, your name is Jeff, and you are ...
Eyal Doron o365info.com
You're sitting in your Office, drinking a cup of hot coffee
(no sugar because you need to maintain...
Eyal Doron o365info.com
Your phone is ringing.
Your gut feeling is telling you that something
is wrong!
On the line is Suz...
Eyal Doron o365info.com
The facial expression of Brad is grave and serious.
This morning, after a brief conversation with ...
Eyal Doron o365info.com
1. I want my money back!
2. I want you to locate the person that carried out this ugly
fraud + rep...
Eyal Doron o365info.com
3. I demand to know - how can it be that our security
infrastructure that costs us so much money, ...
Eyal Doron o365info.com
3 4 5 6 7 8 9
2
1
Scene number 2/9
Eyal Doron o365info.com
You can hear your heart pounding.
Eyal Doron o365info.com
Billy enters your office.
You ask Billy to close the door behind him.
You instantly call Billy (th...
Eyal Doron o365info.com
You inform Billy about the "mess", waving your finger in his face.
You inform Billy that you need ...
Eyal Doron o365info.com
4 5 6 7 8 91 2
3
Scene number 3/9
Eyal Doron o365info.com
Billy rushes into his office, finds Bob (the Help desk manager), and
informs him about the "issue"...
Eyal Doron o365info.com
1. How did the hostile element manage to hack our system, despite the advanced
security infrastruc...
Eyal Doron o365info.com
5 6 7 8 91 2 3
4
Scene number 4/9
Eyal Doron o365info.com
Bob calls the technical support of the IT company that built our mail
infrastructure, informs them...
Eyal Doron o365info.com
The "other side", explains that this problem
is not related to "their side" in any way, and that t...
Eyal Doron o365info.com
After an exchange of harsh words, Bob disconnects the
call and informs Billy that the provider, re...
Eyal Doron o365info.com
6 7 8 91 2 3 4
5
Scene number 5/9
Eyal Doron o365info.com
Billy (the company IT manager) picks up the phone and calls the
technical support of the provider ...
Eyal Doron o365info.com
Stephen explains that this problem is not related to "their side" in any
way, and that responsibil...
Eyal Doron o365info.com
After an exchange of harsh words, Billy disconnects the call.
Eyal Doron o365info.com
7 8 91 2 3 4 5
6
Scene number 6/9
Eyal Doron o365info.com
The bottom line – Stephen that represents the IT company that
built our mail infrastructure declar...
Eyal Doron o365info.com
You ordered Billy to immediately summon a
conference call, that includes yourself, Billy
(the comp...
Eyal Doron o365info.com
You start the phone conversation with some statement
about the fact that you have decades of exper...
Eyal Doron o365info.com
You continue to the "threats phase", and clarify unambiguously that if he (the
provider) will not ...
Eyal Doron o365info.com
Stephen says that he is very sorry, that he understands my pain, but
nothing he can do to help us ...
Eyal Doron o365info.com
8 91 2 3 4 5
Scene number 7/9
6
7
Eyal Doron o365info.com
You start to stutter and mumble about security risks, cyber-
attacks, the difficulty in dealing wi...
Eyal Doron o365info.com
Brad (your CEO) informs you that you will have drawn the
required conclusions.
Eyal Doron o365info.com
91 2 3 4 5 6 7
8
Scene number 8/9
Eyal Doron o365info.com
Two years passed since you have been fired following the unfortunate incident.
You could not find ...
Eyal Doron o365info.com
1 2 3 4 5 6 7 8
9
Scene number 9/9
Eyal Doron o365info.com
The wind blows in your face.
You're standing on a high bridge looking into the abyss which
pours d...
Dealing with a spoof mail attacks and phishing mail attacks   a little story with a sad end - part 1#9 | Eyal Doron | o365...
Upcoming SlideShare
Loading in …5
×

0

Share

Download to read offline

Dealing with a spoof mail attacks and phishing mail attacks a little story with a sad end - part 1#9 | Eyal Doron | o365info.com

Download to read offline

In the current article, I would like to review the chain of events that occurs every time, again and again, in a scenario in which the attacker manages to successfully execute a Phishing mail attack.
The reaction of the involved persons is known in advance, and the sad end of the story is known in advance.
The main goal of the story is - to serve as a wakeup call, so you do not have to be a character in the play of – Phishing mail attack!
http://o365info.com/dealing-spoof-mail-attacks-phishing-mail-attacks-little-story-sad-end-part-1-of-9/

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Dealing with a spoof mail attacks and phishing mail attacks a little story with a sad end - part 1#9 | Eyal Doron | o365info.com

  1. 1. Dealing with a Spoof mail attack and Phishing mail attacks | A little story with a sad end Part 1/9
  2. 2. Eyal Doron o365info.com The common feeling of IT persons is – that they know and understand everything that is related to security and threats in their environment.
  3. 3. Eyal Doron o365info.com The simple truth is that most of the time, we don t really have any idea, about the threats and dangers that exist, and what is happening under our noses.
  4. 4. Eyal Doron o365info.com You fell a powerful header which brings down the floor
  5. 5. Eyal Doron o365info.com In each security event, in which we discover the damage which was caused by the Spoof Phishing mail attacks, we act the same – panic!
  6. 6. Eyal Doron o365info.com Shout and scream anyone you can!
  7. 7. Eyal Doron o365info.com The silent grief phase
  8. 8. Eyal Doron o365info.com The only difference between those events that organizations experience is - the faces and the names of the people who are involved in the process.
  9. 9. The little story about Jeff
  10. 10. Eyal Doron o365info.com Let me tell you a story that happened long long ago in a far away land
  11. 11. Eyal Doron o365info.com Scene number 1/9 1 2 3 4 5 6 7 8 9
  12. 12. Eyal Doron o365info.com It's 9:30 in the morning; the sun is shining. In our little story, your name is Jeff, and you are the CIO of a company that belongs to the financial sector named – Don t do anything and hope that everything will work out by itself .
  13. 13. Eyal Doron o365info.com You're sitting in your Office, drinking a cup of hot coffee (no sugar because you need to maintain your weight). You log on to Facebook, and start to watch some boring video of a dog or a cat doing something.
  14. 14. Eyal Doron o365info.com Your phone is ringing. Your gut feeling is telling you that something is wrong! On the line is Suzan, the personal assistant of Brad, the company CEO. Suzan is asking you to urgently come to Brad s office.
  15. 15. Eyal Doron o365info.com The facial expression of Brad is grave and serious. This morning, after a brief conversation with David, I understand that I was a victim of an ugly fraud! You enter Brad s room. Brad asks you to close the door behind you. Brad says: "Jeff, let's make it simple and straight-forward. Yesterday, I got an E-mail message from David (David is the company CFO) that asked me to deposit 500, 000$ in a specific bank account. The purpose of the deposit was an initial payment for a big acquisition deal, which is about to take place soon.
  16. 16. Eyal Doron o365info.com 1. I want my money back! 2. I want you to locate the person that carried out this ugly fraud + report the information to the police!
  17. 17. Eyal Doron o365info.com 3. I demand to know - how can it be that our security infrastructure that costs us so much money, didn t recognize and blocked this attack, and I demand to know who to blame, and who is the person that is responsible for this failure!
  18. 18. Eyal Doron o365info.com 3 4 5 6 7 8 9 2 1 Scene number 2/9
  19. 19. Eyal Doron o365info.com You can hear your heart pounding.
  20. 20. Eyal Doron o365info.com Billy enters your office. You ask Billy to close the door behind him. You instantly call Billy (the company IT manager), and ask him firmly to reach your office immediately!
  21. 21. Eyal Doron o365info.com You inform Billy about the "mess", waving your finger in his face. You inform Billy that you need instant answers and that someone will have to pay the price!
  22. 22. Eyal Doron o365info.com 4 5 6 7 8 91 2 3 Scene number 3/9
  23. 23. Eyal Doron o365info.com Billy rushes into his office, finds Bob (the Help desk manager), and informs him about the "issue". Billy asks Bob to call the IT company that planned and built our mail infrastructure immediately, and inform them that they will have to provide an accurate answer to the following questions:
  24. 24. Eyal Doron o365info.com 1. How did the hostile element manage to hack our system, despite the advanced security infrastructure that was supposed to protect our mail infrastructure? 2. How to identify with certainty the hostile element, and locate the hostile element which carried out the attack? 3. How are they going to compensate us for the Indignities and the financial losses?
  25. 25. Eyal Doron o365info.com 5 6 7 8 91 2 3 4 Scene number 4/9
  26. 26. Eyal Doron o365info.com Bob calls the technical support of the IT company that built our mail infrastructure, informs them about the incident that happened, and present the list of questions.
  27. 27. Eyal Doron o365info.com The "other side", explains that this problem is not related to "their side" in any way, and that the responsibility for protecting the organization mail infrastructure from such attack, is the responsibility of the organization that owns the mail infrastructure meaning, our responsibility.
  28. 28. Eyal Doron o365info.com After an exchange of harsh words, Bob disconnects the call and informs Billy that the provider, refuses to help us and in addition, blames us for the "mess".
  29. 29. Eyal Doron o365info.com 6 7 8 91 2 3 4 5 Scene number 5/9
  30. 30. Eyal Doron o365info.com Billy (the company IT manager) picks up the phone and calls the technical support of the provider who built our mail infrastructure. Billy asks politely but firmly to talk to Stephen, the manager!
  31. 31. Eyal Doron o365info.com Stephen explains that this problem is not related to "their side" in any way, and that responsibility for protecting the organization mail infrastructure from such attack, is the responsibility of the organization who owns and manages the mail infrastructure.
  32. 32. Eyal Doron o365info.com After an exchange of harsh words, Billy disconnects the call.
  33. 33. Eyal Doron o365info.com 7 8 91 2 3 4 5 6 Scene number 6/9
  34. 34. Eyal Doron o365info.com The bottom line – Stephen that represents the IT company that built our mail infrastructure declares that – they are not willing to take any kind of responsibility for this mess! Billy calls you (just a quick reminder; you are Jeff the company CIO) and reports on the conversation with Stephen.
  35. 35. Eyal Doron o365info.com You ordered Billy to immediately summon a conference call, that includes yourself, Billy (the company IT manager) and Stephen.
  36. 36. Eyal Doron o365info.com You start the phone conversation with some statement about the fact that you have decades of experience in the field (usually, the magic number is 15 years).
  37. 37. Eyal Doron o365info.com You continue to the "threats phase", and clarify unambiguously that if he (the provider) will not take responsibility, provide immediate answers and solve the mess, you will: fire him sue him and in addition publish negative information about his company on Facebook.
  38. 38. Eyal Doron o365info.com Stephen says that he is very sorry, that he understands my pain, but nothing he can do to help us in this scenario.
  39. 39. Eyal Doron o365info.com 8 91 2 3 4 5 Scene number 7/9 6 7
  40. 40. Eyal Doron o365info.com You start to stutter and mumble about security risks, cyber- attacks, the difficulty in dealing with the risks and threats of the modern work environment. You enter the office of the CEO with heavy steps
  41. 41. Eyal Doron o365info.com Brad (your CEO) informs you that you will have drawn the required conclusions.
  42. 42. Eyal Doron o365info.com 91 2 3 4 5 6 7 8 Scene number 8/9
  43. 43. Eyal Doron o365info.com Two years passed since you have been fired following the unfortunate incident. You could not find another job (because of age and other reasons). Your financial situation is not good, and you get a call from the bank on a daily basis. After many reflections and obsessive thoughts, you decide that .
  44. 44. Eyal Doron o365info.com 1 2 3 4 5 6 7 8 9 Scene number 9/9
  45. 45. Eyal Doron o365info.com The wind blows in your face. You're standing on a high bridge looking into the abyss which pours down! Goodbye cruel world!

In the current article, I would like to review the chain of events that occurs every time, again and again, in a scenario in which the attacker manages to successfully execute a Phishing mail attack. The reaction of the involved persons is known in advance, and the sad end of the story is known in advance. The main goal of the story is - to serve as a wakeup call, so you do not have to be a character in the play of – Phishing mail attack! http://o365info.com/dealing-spoof-mail-attacks-phishing-mail-attacks-little-story-sad-end-part-1-of-9/

Views

Total views

143

On Slideshare

0

From embeds

0

Number of embeds

5

Actions

Downloads

5

Shares

0

Comments

0

Likes

0

×