SlideShare a Scribd company logo

How to Spot and Combat Phishing Email Attacks

ControlScan, Inc.
ControlScan, Inc.

Phishing is a top organizational security vulnerability because it involves the exploitation of human weakness. This ControlScan National Cyber Security Awareness Month presentation teaches employees how to spot and combat a phishing attack.

Internet
1 of 23
Download to read offline
How to Spot and Combat a Phishing Attack Webinar October 20th, 2015 kpatel@controlscan.com Kevin Patel – Sr Director of Information Security, Compliance & IT Risk Mgmt
© ControlScan 2015 2 1) National Cyber Security Awareness Month (NCSAM) overview 2) Phishing overview 3) By the numbers - phishing stats 4) Which phishing tactics are on the rise and old tactics that are still working today 5) Anatomy of a phishing email 6) Sample phishing emails – can you spot the phish? 7) What to do if an email appears to be a phishing attempt 8) So why should I care about phishing? 9) Online phishing resources 10) Q&A Agenda
© ControlScan 2015 3 National Cyber Security Awareness Month (NCSAM) NCSAM is celebrated every October 2015 marks NCSAM 12th year A collaborative initiative between the government and industry to promote online safety awareness Primary goal of NCSAM is to educate people about the risks of cybersecurity and provide resources to stay safe and secure online. ControlScan supports NCSAM and is a champion this year joining a growing global effort of 400+ colleges and universities, businesses, government agencies, associations and non-profit organizations
© ControlScan 2015 4 They Didn’t Avoid the Bait Majority of all the major data breaches over the past few years have what in common? PHISHING was the initial point of entry The following companies fell for sophisticated phishing attacks: Target - 110 million records compromised Anthem – 78.8 million records JPMC – 83 million records breached Sony – 102 million records South Carolina DOR – 8 million records
© ControlScan 2015 5 So What is Phishing? Phishing is a fraudulent attempt (a type of spam) which is usually made through email to steal your personal/sensitive information. Phishing is a psychological attack used by cybercriminals to trick you into giving up information or taking an action such as clicking on a link, opening an attachment, or responding to a scam. Phishing is a common form of social engineering and has become the preferred method for cybercriminals. The bad guys spoof legitimate companies and brands that the email recipient may be familiar with. Image Source: SANS
© ControlScan 2015 6 So What is Phishing? (cont.) Spear Phishing – Sophisticated highly targeted phishing scam aimed at specific individuals or groups within an organization (i.e. C-Suite, Accounting, HR or IT) with the sole purpose of obtaining unauthorized access to sensitive data. Most popular form of phishing and on the rise. High-profile individuals are targeted, which is why its referred to as “whaling”. Spear Phishing makes use of information about a target to make attacks more specific and targeted. Hackers do their research! Intent remains the same - to steal intellectual property, financial data, trade or military secrets and other confidential data. Vishing – A form of social engineering similar to email phishing but occurs over the phone primarily using automated voice systems. Instead of sending an e-mail, you receive a call on your home phone or mobile device, claiming to be from your bank or another institution you trust, and will request you share sensitive info. SMiShing – Accomplished through text messages (SMS) via a cell phone or mobile device by asking you to call a particular number to gain sensitive information or click on a link that could contain malicious code.
© ControlScan 2015 7 Why is Phishing So Popular with Hackers? Phishing is a top hacker technique since it is usually the path of least resistance for the bad guys to get the sensitive data they want without being detected. Phishing is the No. 1 method to gain unauthorized access and steal data since the bad guys like to take advantage of human error.
© ControlScan 2015 8 What do the Cybercriminals want? Protected Health Information (PHI)
© ControlScan 2015 9 Top 3 Ways to get Phished
© ControlScan 2015 10 By the Numbers - Phishing Stats Data/Image Sources: 1. Lireo Designs - The State of Phishing 2. Kaspersky Labs - The Evolution of Phishing Attacks: 2011-2013 3. APWG - Global Phishing Survey: Trends and Domain Names Use in 1H2014 4. http://www.returnpath.com/wp-content/uploads/2015/07/The-Anatomy-of-a-Phishing-Email.pdf 5. http://blog.inspiredelearning.com/wp-content/uploads/2014/04/phishing-infographic-full.jpg
© ControlScan 2015 11 By the Numbers - Phishing Stats (cont.) Data/Image Sources: 1. Kaspersky Labs - The Evolution of Phishing Attacks: 2011-2013 2. APWG - Global Phishing Survey: Trends and Domain Names Use in 1H2014 3. HP - State of Network Security, August 2014
© ControlScan 2015 12 Anatomy of a Phishing Email • In order for you to successfully identify and combat phishing emails we must first understand the anatomy of the email. • To deceive email recipients into divulging sensitive information, cybercriminals will use a variety of tactics such as: Image Source: http://www.returnpath.com/wp-content/uploads/2015/07/The-Anatomy-of-a-Phishing-Email.pdf
© ControlScan 2015 13 Sample Phishing Email – Can you spot the phish? Source: www.phishtank.com
© ControlScan 2015 14 Sample Phishing Email – Can you spot the phish? Source: www.phishtank.com
© ControlScan 2015 15 Sample Phishing Email – Can you spot the phish? Source: www.phishtank.com
© ControlScan 2015 16 Phishing Indicators – Can you spot the phish? Sent from someone's personal email account Generic greeting Grammar and spelling mistakes Requires immediate action and creates a sense of urgency Malicious Link – mouse over to verify link Generic sender – lack of contact info Suspicious attachment Source: SANS – Don’t Get Hooked Poster
© ControlScan 2015 17 Sample Phishing Website – Can you spot the phish? Source: www.phishtank.com
© ControlScan 2015 18 Sample Phishing Website – Can you spot the phish? Source: www.phishtank.com
© ControlScan 2015 19 Phishing Email Checklist   Don’t believe everything you see – If it sounds to good to be true it usually is. No, you didn’t just win a $1,000 gift card.  Beware of threatening language or invoking a sense of urgency  Analyze the greeting – generic salutation “Dear Customer” use is a tell-tale sign  Look but do NOT click – mouse over links, avoid URLs with “@” signs  Be suspicious of attachments – i.e. .exe, .com, .pif, .bat, .msi, .scr, .zip, .vbs  Requests personal information - Do NOT share personal/sensitive information  Check for mistakes in spelling and grammar – most organizations proofread  Review the signature – generic and lack of detail or contact info Source: www.returnpath.com
© ControlScan 2015 20 What to do if you receive a Phishing Email? Report It & Delete It You should report suspected phishing emails to your local IT support staff or security team immediately Notify the company, bank, or organization impersonated by the phishing email. Many large companies provide directions on there websites on how to report phishing. FTC: Forward phishing emails to spam@uce.gov APWG: https://apwg.org/report-phishing/ Forward the suspected phishing email to reportphishing@apwg.org US-CERT: Report phishing emails and sites https://www.us-cert.gov/report-phishing Forward phishing emails to US-CERT phishing-report@us-cert.gov **Remember to include the full email header when reporting phishing emails
© ControlScan 2015 21 So Why Should I Care About Phishing? We are the first line of defense in successfully detecting and stopping phishing attacks We are all phishing targets both at work and at home Hackers take advantage of the human factor (potential for human error) by enticing you to click or download. The bad guys know that careless or untrained employees are the quickest and easiest way to circumvent even the best security controls. Hackers want your personal and financial information, access to your accounts and your devices. If it has value on the black-market the hackers want it! Its that simple
© ControlScan 2015 22 Online Phishing Resources CRI Cyber Security Awareness - Phishing Video: https://youtu.be/wZwxxdXmazs
© ControlScan 2015 23 Q&A Remember all it takes is ONE click to become a victim of phishing When in doubt DELETE

Recommended

Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 

Recommended

Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle managementhaneen Emeir, CISA, ISO27001
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
 
Teaching Your Staff About Phishing
Teaching Your Staff About PhishingTeaching Your Staff About Phishing
Teaching Your Staff About PhishingLegal Services National Technology Assistance Project (LSNTAP)
 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best PracticesKnowBe4
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...IRJET Journal
 

More Related Content

What's hot

Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best PracticesKnowBe4
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 

What's hot (20)

Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
 
Teaching Your Staff About Phishing
Teaching Your Staff About PhishingTeaching Your Staff About Phishing
Teaching Your Staff About Phishing
 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best Practices
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Phishing
PhishingPhishing
Phishing
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 

Similar to How to Spot and Combat Phishing Email Attacks

Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...IRJET Journal
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Cybersecurity - Webinar Session
Cybersecurity - Webinar SessionCybersecurity - Webinar Session
Cybersecurity - Webinar SessionKalilur Rahman
 
Cyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptxCyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptxNavinKumarDewangan
 
Data Security: A Guide To Whale Phishing
Data Security: A Guide To Whale PhishingData Security: A Guide To Whale Phishing
Data Security: A Guide To Whale PhishingPhil Astell
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2Conf
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of ITMahdiRahmani15
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 

Similar to How to Spot and Combat Phishing Email Attacks (20)

Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
 
Cybersecurity - Webinar Session
Cybersecurity - Webinar SessionCybersecurity - Webinar Session
Cybersecurity - Webinar Session
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Cyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptxCyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptx
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
 
Data Security: A Guide To Whale Phishing
Data Security: A Guide To Whale PhishingData Security: A Guide To Whale Phishing
Data Security: A Guide To Whale Phishing
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New Normal
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
 
phishing-infographic
phishing-infographicphishing-infographic
phishing-infographic
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of IT
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
Little book of cyber scams
Little book of cyber scamsLittle book of cyber scams
Little book of cyber scams
 

Recently uploaded

Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 

How to Spot and Combat Phishing Email Attacks

  • 1. How to Spot and Combat a Phishing Attack Webinar October 20th, 2015 kpatel@controlscan.com Kevin Patel – Sr Director of Information Security, Compliance & IT Risk Mgmt
  • 2. © ControlScan 2015 2 1) National Cyber Security Awareness Month (NCSAM) overview 2) Phishing overview 3) By the numbers - phishing stats 4) Which phishing tactics are on the rise and old tactics that are still working today 5) Anatomy of a phishing email 6) Sample phishing emails – can you spot the phish? 7) What to do if an email appears to be a phishing attempt 8) So why should I care about phishing? 9) Online phishing resources 10) Q&A Agenda
  • 3. © ControlScan 2015 3 National Cyber Security Awareness Month (NCSAM) NCSAM is celebrated every October 2015 marks NCSAM 12th year A collaborative initiative between the government and industry to promote online safety awareness Primary goal of NCSAM is to educate people about the risks of cybersecurity and provide resources to stay safe and secure online. ControlScan supports NCSAM and is a champion this year joining a growing global effort of 400+ colleges and universities, businesses, government agencies, associations and non-profit organizations
  • 4. © ControlScan 2015 4 They Didn’t Avoid the Bait Majority of all the major data breaches over the past few years have what in common? PHISHING was the initial point of entry The following companies fell for sophisticated phishing attacks: Target - 110 million records compromised Anthem – 78.8 million records JPMC – 83 million records breached Sony – 102 million records South Carolina DOR – 8 million records
  • 5. © ControlScan 2015 5 So What is Phishing? Phishing is a fraudulent attempt (a type of spam) which is usually made through email to steal your personal/sensitive information. Phishing is a psychological attack used by cybercriminals to trick you into giving up information or taking an action such as clicking on a link, opening an attachment, or responding to a scam. Phishing is a common form of social engineering and has become the preferred method for cybercriminals. The bad guys spoof legitimate companies and brands that the email recipient may be familiar with. Image Source: SANS
  • 6. © ControlScan 2015 6 So What is Phishing? (cont.) Spear Phishing – Sophisticated highly targeted phishing scam aimed at specific individuals or groups within an organization (i.e. C-Suite, Accounting, HR or IT) with the sole purpose of obtaining unauthorized access to sensitive data. Most popular form of phishing and on the rise. High-profile individuals are targeted, which is why its referred to as “whaling”. Spear Phishing makes use of information about a target to make attacks more specific and targeted. Hackers do their research! Intent remains the same - to steal intellectual property, financial data, trade or military secrets and other confidential data. Vishing – A form of social engineering similar to email phishing but occurs over the phone primarily using automated voice systems. Instead of sending an e-mail, you receive a call on your home phone or mobile device, claiming to be from your bank or another institution you trust, and will request you share sensitive info. SMiShing – Accomplished through text messages (SMS) via a cell phone or mobile device by asking you to call a particular number to gain sensitive information or click on a link that could contain malicious code.
  • 7. © ControlScan 2015 7 Why is Phishing So Popular with Hackers? Phishing is a top hacker technique since it is usually the path of least resistance for the bad guys to get the sensitive data they want without being detected. Phishing is the No. 1 method to gain unauthorized access and steal data since the bad guys like to take advantage of human error.
  • 8. © ControlScan 2015 8 What do the Cybercriminals want? Protected Health Information (PHI)
  • 9. © ControlScan 2015 9 Top 3 Ways to get Phished
  • 10. © ControlScan 2015 10 By the Numbers - Phishing Stats Data/Image Sources: 1. Lireo Designs - The State of Phishing 2. Kaspersky Labs - The Evolution of Phishing Attacks: 2011-2013 3. APWG - Global Phishing Survey: Trends and Domain Names Use in 1H2014 4. http://www.returnpath.com/wp-content/uploads/2015/07/The-Anatomy-of-a-Phishing-Email.pdf 5. http://blog.inspiredelearning.com/wp-content/uploads/2014/04/phishing-infographic-full.jpg
  • 11. © ControlScan 2015 11 By the Numbers - Phishing Stats (cont.) Data/Image Sources: 1. Kaspersky Labs - The Evolution of Phishing Attacks: 2011-2013 2. APWG - Global Phishing Survey: Trends and Domain Names Use in 1H2014 3. HP - State of Network Security, August 2014
  • 12. © ControlScan 2015 12 Anatomy of a Phishing Email • In order for you to successfully identify and combat phishing emails we must first understand the anatomy of the email. • To deceive email recipients into divulging sensitive information, cybercriminals will use a variety of tactics such as: Image Source: http://www.returnpath.com/wp-content/uploads/2015/07/The-Anatomy-of-a-Phishing-Email.pdf
  • 13. © ControlScan 2015 13 Sample Phishing Email – Can you spot the phish? Source: www.phishtank.com
  • 14. © ControlScan 2015 14 Sample Phishing Email – Can you spot the phish? Source: www.phishtank.com
  • 15. © ControlScan 2015 15 Sample Phishing Email – Can you spot the phish? Source: www.phishtank.com
  • 16. © ControlScan 2015 16 Phishing Indicators – Can you spot the phish? Sent from someone's personal email account Generic greeting Grammar and spelling mistakes Requires immediate action and creates a sense of urgency Malicious Link – mouse over to verify link Generic sender – lack of contact info Suspicious attachment Source: SANS – Don’t Get Hooked Poster
  • 17. © ControlScan 2015 17 Sample Phishing Website – Can you spot the phish? Source: www.phishtank.com
  • 18. © ControlScan 2015 18 Sample Phishing Website – Can you spot the phish? Source: www.phishtank.com
  • 19. © ControlScan 2015 19 Phishing Email Checklist   Don’t believe everything you see – If it sounds to good to be true it usually is. No, you didn’t just win a $1,000 gift card.  Beware of threatening language or invoking a sense of urgency  Analyze the greeting – generic salutation “Dear Customer” use is a tell-tale sign  Look but do NOT click – mouse over links, avoid URLs with “@” signs  Be suspicious of attachments – i.e. .exe, .com, .pif, .bat, .msi, .scr, .zip, .vbs  Requests personal information - Do NOT share personal/sensitive information  Check for mistakes in spelling and grammar – most organizations proofread  Review the signature – generic and lack of detail or contact info Source: www.returnpath.com
  • 20. © ControlScan 2015 20 What to do if you receive a Phishing Email? Report It & Delete It You should report suspected phishing emails to your local IT support staff or security team immediately Notify the company, bank, or organization impersonated by the phishing email. Many large companies provide directions on there websites on how to report phishing. FTC: Forward phishing emails to spam@uce.gov APWG: https://apwg.org/report-phishing/ Forward the suspected phishing email to reportphishing@apwg.org US-CERT: Report phishing emails and sites https://www.us-cert.gov/report-phishing Forward phishing emails to US-CERT phishing-report@us-cert.gov **Remember to include the full email header when reporting phishing emails
  • 21. © ControlScan 2015 21 So Why Should I Care About Phishing? We are the first line of defense in successfully detecting and stopping phishing attacks We are all phishing targets both at work and at home Hackers take advantage of the human factor (potential for human error) by enticing you to click or download. The bad guys know that careless or untrained employees are the quickest and easiest way to circumvent even the best security controls. Hackers want your personal and financial information, access to your accounts and your devices. If it has value on the black-market the hackers want it! Its that simple
  • 22. © ControlScan 2015 22 Online Phishing Resources CRI Cyber Security Awareness - Phishing Video: https://youtu.be/wZwxxdXmazs
  • 23. © ControlScan 2015 23 Q&A Remember all it takes is ONE click to become a victim of phishing When in doubt DELETE