Strategies for Landing an Oracle DBA Job as a Fresher
Phishing Simulation By Shield Alliance
1. 1
Introduction
EC-Council Training & Certification Division
Professional Workforce Development
IIB Council Division of Business Technology and Enterprise
Digital Transformation Training and Certification Body
EC-Council University
Creating Cybersecurity Leaders of Tomorrow
EC-Council Global Services
Division of Corporate Consulting & Advisory Services
Hackers
are Here.
WHere are
you?
1
Shield Alliance International Private Limited
EC-Council group company providing
Cybersecurity Products/Solutions like OhPhish
5. PHISHING MAIL
“All Human Connected to internet
Received Millions of Phishing Mail on
daily basis ”
Human is the gateway
for Cyber attack!!
6. Phishing is a form of social engineering
Phishing attacks use email or malicious websites to solicit personal
information by posing as a trustworthy organization
For example, an attacker may send email seemingly from a reputable credit
card company or financial institution that requests account information,
often suggesting that there is a problem. When users respond with the
requested information, attackers can use it to gain access to the accounts.
Phishing attacks may also appear to come from other types of
organizations, such as charities. Attackers often take advantage of
current events and certain times of the year, such as
natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
epidemics and health scares (e.g., H1N1)
economic concerns (e.g., IRS scams)
major political elections
What is Phishing?
7. PHISHING ATTACK
“Out of millions of phishing mail into
any Network it takes a click to be a
Victim of Cyber Attack ”
Human is the weakest
Link into
SYSTEM
8. 156 million
phishing emails
are sent out every
day
Email users
receive up to 20
phishing emails
each month
On average, it takes
just 82 seconds from
the time for
a phishing email to
be distributed and the
first victim is hooked.
FEW FACTS & FIGURE
The global spear phishing protection
market is expected to reach a valuation
of US$1.8 Billion by 2025. In terms of
revenue, the market is projected to
expand at a CAGR of 9.6% during the
forecast period from 2017 to 2025.
91% of reported data
breaches resulted from
phishing schemes
within 30 minutes of a
phishing attack, 20% of
user accounts were
compromised
The average large
company loses $4
million every year to
phishing attacks
9. Spear phishing
Clone phishing
Whaling
TYPES OF PHISHING MODES OF PHISHING
Entice to Click
Please give me
your Credentials!
Email
Phishing
IVR Response
Capturing
Voice Response
Capturing
Voice Phishing
(Vishing)
Please give me
your Credentials!
Do me a favour!Entice to Click
SMS Phishing
(SMShing)
To open that
Attachment or not?
Conference call
10. Private and Confidential
Cyber Attacks triggered through
Phishing
A new study has
revealed that a large-
sized company in
India loses an
average of
71,96,72,000 Rs/-
each year due to
cyberattacks, while a
mid-sized firm loses
an average of
7916392 Rs/-
annually. ... In
addition,
cybersecurity attacks
have resulted in job
losses in 64 percent
of organizations that
have experienced
breaches.
Phishing
12. What is Vishing?
Voice Phishing, commonly known as vishing, is the
telephone equivalent of phishing. Like its email
counterpart, vishing tricks users into revealing
confidential information over the phone by posing
as a trusted entity. Vishing scams can be very
convincing because these callers are usually
experts in their respective fields.
The main reason why vishing scams are on the rise is
because of how easily cybercriminals can execute these
attacks with minimal risk of detection.
Scammers often use caller ID spoofing to lend them
credibility when they send out calls to potential victims.
As a result, victims are compelled to pick up the call,
especially if it appears to be coming from a legitimate
source or from a number like their own.
13. THE SOLUTION
“Building organizational memory
by building subconscious
competency and human
firewall to protect the
organization”
EARLY
WARNING
SYSTEM
14. HOW CAN WE
HELP?
Design Simulation
Campaign
Initiate/Execute
the Campaign
Monitor the Campaign
Analyze Report
Remediate
1
3
4
5
2
16. 2 – 12:
OUR ADVANTAGE
On-demand customization
Integration with existing systems
Simple, intuitive UI
Flexible & Time efficient
Single platform to conduct Phishing,
Vishing and Smishing simulations
Complete DIY solution
Scalable
Management Dashboards &
Executive Reporting Structure
Integrated with world class LMS
Pre-defined repository of templates.
24X7 support.
17. AGILE HOSTING MODEL
The shortest delivery time, OPEX Model
Cloud Solution
A mixture of OPEX and CAPEX
Hybrid Solution
CAPEX model.
On Premise Solution
Shield Alliance gives
flexibility to customers to
choose the model of
delivery based on their
preferences.
1. OUR ADVANTAGE
18. Intelligence
Gathering
15. CREATING THE HUMAN FIREWALL
DefenseviaPhishingReporter
Report
User
Cybersec Department
Phishing Simulation report
Reporting to
Phishing Simulation
adds to report.
OhPhish shall gather intelligence
related to potential (non-simulation)
Phishing email(s) reported.
Further, the email along with intelligence
gathered shall be sent to respective information
security/ incident response teams.
EARLY WARNING SYSTEM: “OHPHISH” REPORTER
19. Department
Wise
Phishing
link clicked
Summary
5
4 4
2
1
2
1
4
0
1
3 3
0
2
0
0
1
2
3
4
5
6
Marketing Finance Sales System Support Admin
Phishing Link Clicked Summary
Total Employees Phishing Link Clicked Phishing Link Not Clicked
Departments Total Employees Phishing Link Clicked Phishing Link Not Clicked Compliance %
Marketing 5 2 3 60%
Finance 4 1 3 75%
Sales 4 4 0 0%
System Support 2 0 2 100%
Admin 1 1 0 0%
Grand Total 16 8 16 50%
20. Overall Summary
Employee Id Employee Name EmployeeMail Department Mail Opened Time Mail Clicked Time
Phishing Link
Clicked
1 User kousikster@gmail.com Admin Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 3:28 PM Yes
5 User souvikbanik92@gmail.com Sales Tue, Oct 29, 2019 3:25 PM Wed, Oct 30, 2019 4:11 PM Yes
2 User soumyadeb260@gmail.com Sales Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 5:27 PM Yes
3 User koustuv02@gmail.com Sales Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 4:36 PM Yes
7 User chanchalpatra89@gmail.com Marketing Thu, Oct 31, 2019 6:25 PM Thu, Oct 31, 2019 6:26 PM Yes
9 User tchakraborty28@gmail.com Marketing Tue, Oct 29, 2019 3:25 PM Wed, Oct 30, 2019 11:25 AM Yes
6 User
sayantanbhattacharjee.04@gmail.co
m
Marketing Tue, Oct 29, 2019 3:25 PM Nil No
12 User mamata10momi@gmail.com Finance Tue, Oct 29, 2019 3:25 PM Nil No
10 User urmi.dasadhikari007@gmail.com Marketing Tue, Oct 29, 2019 3:25 PM Nil No
14 User anupam21@gmail.com Finance Tue, Oct 29, 2019 3:35 PM Nil No
11 User sanjoy633@gmail.com Finance Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 5:06 PM Yes
4 User rishinbanerjee2013@gmail.com Sales Tue, Oct 29, 2019 4:07 PM Tue, Oct 29, 2019 4:09 PM Yes
15 User ani.cs2008@gmail.com System Support Tue, Oct 29, 2019 3:25 PM Nil No
8 User hi92deependra@gmail.com Marketing Tue, Oct 29, 2019 3:25 PM Nil No
13 User dipankar.dipu.99@gmail.com Finance Tue, Oct 29, 2019 3:25 PM Nil No
16 User sourav.mitra@live.com System Support Nil Nil No
21. Remediation through Security
Awareness Training
Awareness Training Dashboard
4 Steps To Complete Awareness Training
Sample Training Videos
Phishing Spear Phishing
SMSshing USB Baiting
22. LMS - Security Awareness Training
A world class platform to provide extraordinary security
awareness training content.
E-leaning gives organizations an access to plethora of videos,
interactive cyber security awareness contents and pre-
designed module to select from or create their own security
awareness training for their employees.
Kwizzer is a part of gamification that brings fun, interaction and
learning to users who opt or have been assigned to play
security awareness quizzes.
LearningManagementSystem
24. Microsoft
O365
Onboarding of Users
Auto-delivery of training reports to Admin
Branch wise Reports
Designation wise Reports
Department wise Reports
Detailed Reporting
Executive Report
Management Dashboard
Leader board
01
02
03
04
05
Custom Alerts
G-Suite Active
Directory
CSV/XLS
file upload
Manual Entry
Microsoft
O365
Authentication of Users
G-Suite Active
Directory
Simple
Login and
Password
Training Reminders to users
LMS: E-Learning
Key Features
25. LMS: Kwizzer Key Features
User Onboarding
Detailed
Reporting
Custom
Alerts
Authentication
of User
Leader board
01
02
03
04
05
Auto-delivery of training
reports to Admin
Branch wise Reports
Designation wise Reports
Department wise Reports
In-app notification for
Quiz Master Mode
Auto e-mail notification
for Quiz Master Mode
Pending Quiz reminders
to users Leader board for Admin
with top 3 scorers
highlighted
User score and top 3
scorers
27. Training Content
Premium
Security Awareness
Security Awareness Essentials
Security Awareness - Strongest Link
Security Awareness Essentials
Security Awareness – A Day in the Life
Working Remotely
Physical Security
Password Mgmt
Cloud Security
IoT/Home Security
Security Awareness for the Home
Introduction into Insider Threats
Protecting Against Malicious Insiders
Incident Reporting
Social Media
BYOD/Mobile Security
Protecting Mobile Data and Devices
Phishing Awareness
Phishing
Phishing Defense Essentials
Email & Instant Messaging Security
Social Engineering
Social Engineering (Advanced)
Ransomware
Ransomware: How to Defend Yourself
Malware
The Malware Threat
Preventing Malware: Mobile Devices
Security Awareness for Executives
Security Awareness for Executives
Security Awareness for Managers
Power User Training
Baseline Information Security Training
for IT Professionals
OWASP Top 10 Web Application
Vulnerabilities
Page 1
28. Compliance
HIPAA/HITECH Privacy for Business
Associates
HIPAA/HITECH Privacy for Covered
Entities
PCI Essentials for Account Data
Handlers and Supervisors - DSS 3.2
PCI Requirements Overview for IT
Professionals - DSS 3.2
Privacy and Data Protection
Preventing Bullying in the Workplace
Preventing Workplace Violence for
Supervisors
Active Shooter
GDPR: How to Comply With the GDPR
in the US
Phishing Defense Best Practices
Before You Post
Living Mobile Secure
Training Content
Premium
Compliance
Password Strong
The Fake App Trap
Fake News
Home Cybersecurity
Evil Twin
Home Invasion: The Internet of Terrors?
(Defending Against Ransomware)
Tales From CPU City™ (Episode 1) –
Cryptojacking
Tales From CPU City™ (Episode 2) -
Tailgating
Protecting Against Spear Phishers
The Business Email Compromise
SMiShed!
How to Defeat Social Engineers
The In-Personator: A Social Engineering
Threat
USB Baiting: Don't Take the Bait
Page 2
29. Training Content
Module 1.1 - Data Digital Building Blocks
(Done)
Module 1.2 - Importance of data in the
Information age
Module 1.3 - Threats to Data
Module 1.4 - Data Security
Module 1.5 - Elements of Security
Module 1.6 - Implementing Security
Module 2.1 - Securing Operating System
Module 2.2 - Guidelines to Secure Windows 10
Module 2.3 - Guidelines to MAC OS X Security
Module 3.1 - What is Malware
Module 3.2 - What is Anti virus
Module 3.3 - Kaspersky 3.0
Module 3.4 - Avast Anti virus
CSCU
Standard
CSCU
Module 4.1 - Understanding web browser
concepts
Module 4.2 - What is Instant Messaging
Module 4.3 - Child online Safety
Module 5.1 - Introduction to Social
Networking sites
Module 5.2 - Geotagging
Module 5.3 - Social media threat to minors
Module 5.4 - Social Networking Sites
Facebook
Module 5.5 - Social Networking Sites
Twitter
Module 6.1 - Introduction to Email
Module 6.2 - Email Security.mov
Module 6.3 - Email Security Procedures
Module 6.4 - Encryption
Module 6.5 - Email Security Tools
Page 3
30. Training Content
Module 7.1 - Securing Mobile Devices
Module 7.2 - Understanding Mobile Device
Threats
Module 7.3 - Understanding Various Mobile
Security Procedures
Module 7.4 - Understanding how to secure
IOS Devices
Module 7.5 - Understanding how to secure
Android Devices
Module 7.6 - Understanding how to secure
Windows Phone Devices
Module 7.7 - Mobile Phone and Bluetooth
Security
Module 8.1 - The Concept of Cloud
Module 8.2 - Threats to Cloud Security
Module 8.3 - Cloud Privacy Issues &
Choosing service provider
CSCU
Standard
CSCU
Module 9.1 - Understanding Various
Networking Concepts
Module 9.2 - Understanding Setting Up a
Wireless Network
Module 9.3 - Understanding Threats to
Wireless Network Security and
Countermeasures
Module 10.1 - Data Backup Concepts
Module 10.2 - Types of Data Backup
Module 10.3 - Windows 10 Backup and
Restore Procedures
Module 10.4 - MAC OS X Backup and
Restore Procedures
Module 10.5 - Understanding Safe Data
Destruction
Page 4