The document outlines effective anti-phishing strategies presented at the 30th annual FISSEA conference by Hoala Greevy, focusing on the evolving nature of phishing threats and the importance of user awareness. Key points include the increased targeting of familiar contacts, the surge in ransomware attacks, and notable cases of financial fraud related to phishing techniques. The presentation emphasizes best practices such as the use of Google Safe Browsing, improved user training, and potential future solutions like two-factor authentication and machine learning.

1. EFFECTIVE ANTI-PHISHING
STRATEGIES & EXERCISES
30th Annual FISSEA Conference | Gaithersburg, MD
19 June 2017
@pauboxhq
#FISSEA30

2. Hoala Greevy
Founder CEO, Paubox, Inc. -
HIPAA Compliant Email Made
Easy.
18 years’ experience in email
security & encryption.
Phishing & Fishing expert. =)
#FISSEA30

3. I. What is Phishing Today?
II. Threat Landscape
III. Best Practices
IV. Looking Ahead
Agenda
#FISSEA30

4. I. What is Phishing Today?
#FISSEA30
Overconfidence Dilemma
Display Name Spoofs
Ransomware stealing thunder

5. I. What is Phishing Today?
#FISSEA30
It’s always been about the $$$.

6. I. What is Phishing Today?
#FISSEA30
Now it’s about Politics too.

7. Overconfidence Dilemma
#FISSEA30
2017 phishing study, University of
Texas at San Antonio
Fatal Flaw: Most people believe they
are smarter than the criminals
perpetrating them.
Source: Science Daily

8. Display Name Spoofs
#FISSEA30
91% of phishing attacks
Highly targeted
Impersonates someone familiar to the
recipient (usually C-Level)

9. II. Threat Landscape
#FISSEA30

10. #FISSEA30

11. Google Docs Phish
#FISSEA30
Shut down quickly.
Yet millions affected.
Named the app Google
Docs
Source: Wired

12. Ransomware
#FISSEA30
2015: 1K daily
attacks
2016: 4K daily
attacks
2017: ?

13. WannaCry at a Glance
#FISSEA30
Stolen NSA tools
North Korea GDP
150 countries
At least 230K infected

14. Big Tech Companies Get Hit Too
#FISSEA30

15. Facebook & Google Phished
#FISSEA30
Each paid nearly $100M in fake invoices
Impersonated Quanta Computer
Most funds recovered
Source: The Guardian

16. Insider Threat
#FISSEA30

17. Office 365 Accounts Hacked
#FISSEA30
Wire transfer request
sent from actual HR
employee mailboxes
18,000 accounts
affected (why so
many?)
Source: SC Magazine

18. Politics
#FISSEA30

19. #FISSEA30

20. The Perfect Weapon*
#FISSEA30
Cheap
Hard to see coming
Hard to trace
* NY Times

21. Let’s Dive In
#FISSEA30

22. Domain Name Shell Game
#FISSEA30
http://shop.radioactivegamingeu.com
Resolves to:
104.31.65.24
104.31.64.24

23. Who owns these IPs?
#FISSEA30
104.31.65.24
104.31.64.24

24. Cloudflare
#FISSEA30
Legitimate CDN provider

25. III. Best Practices
#FISSEA30
Google Safe Browsing
Macro Policy
Level Up User Training (hold contests)
Nuclear Option: Macs only?

26. Google Safe Browsing
#FISSEA30
It’s Free & Constantly Updated
Lots of data sources (over 1B users)
Used in Chrome, Firefox & Safari
Can be used in Email too
Source: Google Safe Browsing

27. Macro Policy
#FISSEA30
Re: allowing macros via attachments
Does the business downside now
outweigh the upside?
Blog post: We’re Clamping Down on Deadly Macros and Ransomware

28. Arthur Ream
#FISSEA30
CISO,
Cambridge
Health Alliance
Steak Dinner
phishing bounty
Source: HIMSS Privacy and Security Forum in Boston

29. Nuclear Option: Macs only?
#FISSEA30
Something to think about.

30. IV. Looking Ahead
#FISSEA30
2FA by default
Clamp down on Domain Registrars
Google Safe Browsing API

31. IV. Looking Ahead
#FISSEA30
Machine Learning FTW
Death of the Appliance (Cloud will win)
Port-based Geographic Segmentation

32. Mahalo!
#FISSEA30
@hoalagreevy
www.paubox.com