Uploaded bycentralohioissa
PDF, PPTX851 views

Rafeeq Rehman - Breaking the Phishing Attack Chain

The document outlines a comprehensive strategy to combat phishing attacks, highlighting the alarming statistics regarding victims' responses to phishing emails. It proposes zero-cost measures such as raising awareness, social media usage, and modifying email subjects and footers, alongside reinforcing firewalls and monitoring outbound traffic. Additionally, it emphasizes the gamification of detection and reporting to enhance organizational resilience against phishing threats.

Embed presentation

Download as PDF, PPTX
BREAKING A CO M PRE HE NS IVE STRATE GY TO RE S PO ND TO PHIS HING ATTACKS PHISHING CHAIN R AF E E Q U . R E HM AN CE N T R A L O H I O IS S A S U M M I T, M A R C H 3 0 2 0 1 6
PHISHING TAILS THE RECRUITER, THE JOB SEAKER, AND CASE OF A CLONED DIGGER MACHINE
CURRENT STATUS • CYBER ESPIONAGE - MORE THAN TWO THIRD INVOLVED PHISHING • VICTIMS - 23% OPEN PHISHING EMAIL • HALF CLICK ON LINKS WITHIN FIRST HOUR • IT TAKES 82 SECONDS TO GET FIRST CLICK How Bad It Really Is? SOURCE: Verizon Data Breach Investigations Report 2015
PHISHING CHAIN • RESEARCH AND CRAFT EMAIL • SEND PHISHING EMAIL • CREATE BACKDOOR AND/OR INSTALL MALWARE • DOWNLOAD ADDITIONAL MALWARE COMPONENTS • GATHER INFORMATION • EXFILTERATE DATA Typical Attack Patterns
Sto p Bleeding I nfo r matio n o n So cial Media Use SPAM Filter s Sandbo xing Techno lo g ies (expensiv e) H uman Fir ew all Desk to p H ar dening , White Listing , I nteg r ity C heck ing O utbo und Fir ew all Rules HOW TO MITIGATE RISK A SIX STEP APPROACH TO BREAK THE PHISHING CHAIN
ZERO COST • RAISING THE AWARENESS • SOCIAL MEDIA USE • EMAIL SUBJECT, FOOTER REWRITING • FIREWALL RULES AND OUTBOUND DROPPED TRAFFIC MONITORING • TESTING FIREWALLS • OTHERS TOOLS S H O U L D I B U Y N E W TO O L S O R U S E W H A T I H A V E ?
Verizon Data Breach Digest Attack-Defend Cards R A IS ING T HE A WA R ENES S SOURCE: http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest_xg_en.pdf
SOCIAL MEDIA USE The Killer Job Offer that Nobody can Resist HELLO RAFEEQ, I AM EX EC UTIVE REC RUITER AN D TRYIN G TO FILL SEN IOR DIREC TOR POSITION AT … Z E R O C O S T M E A S U R ES F O R B R E A K I N G P H I S H I N G C H A I N
SOCIAL MEDIA USE EDUCATE, BUILD AWARENESS, TEST Z E R O C O S T M E A S U R ES F O R B R E A K I N G P H I S H I N G C H A I N WHAT IS APPROPRIATE TO INCLUDE IN ONLINE PROFILES? DO MY ACCOMPLISHMENTS SECTION REVEAL TOO MUCH INFO? WHAT ACRONYMS I USE ONLINE? TEST LEVEL OF AWARENESS (OPEN SOURCE TOOLS)
EXTERNAL EMAIL REWRITE Subject: [EXTERNAL] … Footer: [Caution] This email … Z E R O C O S T M E A S U R ES F O R B R E A K I N G P H I S H I N G C H A I N MOST EMAIL SYSTEMS ALLOW REW RITIN G SUBJ EC T LIN ES AN D ADDIN G FOOTERS
OUTBOUND FIREWALL RULES RESTRICT OUTBOUND TRAFFIC Z E R O C O S T M E A S U R ES F O R B R E A K I N G P H I S H I N G C H A I N RESTRICT OUTBOUND FIREWALL TRAFFIC MONITOR OUTBOUND DENIED TRAFFIC TEST USING TOOLS LIKE NC AND NMAP
USE HUMAN FIREWALL REDUCE DETECTION TIME Z E R O C O S T M E A S U R ES F O R B R E A K I N G P H I S H I N G C H A I N GAMIFICATION OF DETECTION, REPORTING, RECOGNITION LIN K IN FOOTER TO REPORT PH ISH IN G ADD REPORT PH ISH IN G BUTTON
SUMMARY • SOCIAL MEDIA POLICIES • TRAINING AND AWARENESS • USE EXISTING TECHNOLOGIES • USE EMAIL SYSTEM: SUBJECT OR FOOTERS • HARDEN DESKTOPS, APPLY PATCHES • RESTRICT OUTBOUND TRAFFIC (FIREWALLS) • MONITOR DENIED TRAFFIC RECOMMENDED ACTION
CONTACT RAFEEQ.REHMAN@GMAIL.COM @RAFEEQ_REHMAN

More Related Content

PPTX
Testing or Hacking: Real Advice on Effective Security Testing Stratagies
byDaniel Billing
 
PPTX
OSINT Black Magic: Listen who whispers your name in the dark!!!
byNutan Kumar Panda
 
PPTX
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
byChema Alonso
 
PDF
LASCON 2015
byClare Nelson, CISSP, CIPP-E
 
PPTX
Datasploit - An Open Source Intelligence Tool
byShubham Mittal
 
PPTX
Basics of getting Into Bug Bounty Hunting
byMuhammad Khizer Javed
 
PDF
Wireless crime and forensic investigation g. kipper (auerbach, 2007) ww
byyesumanitvr
 
PPTX
OSINT mindset to protect your organization - Null monthly meet version
byChandrapal Badshah
 
Testing or Hacking: Real Advice on Effective Security Testing Stratagies
byDaniel Billing
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
byNutan Kumar Panda
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
byChema Alonso
 
LASCON 2015
byClare Nelson, CISSP, CIPP-E
 
Datasploit - An Open Source Intelligence Tool
byShubham Mittal
 
Basics of getting Into Bug Bounty Hunting
byMuhammad Khizer Javed
 
Wireless crime and forensic investigation g. kipper (auerbach, 2007) ww
byyesumanitvr
 
OSINT mindset to protect your organization - Null monthly meet version
byChandrapal Badshah
 

What's hot

PDF
From OSINT to Phishing presentation
byJesse Ratcliffe, OSCP
 
PDF
Osint ashish mistry
byn|u - The Open Security Community
 
PDF
Pen-testing is Dead?
byAmmar WK
 
PDF
Preparing for the inevitable: The mobile incident response playbook
byNowSecure
 
PPTX
Data Privacy for Activists
byGreg Stromire
 
PPTX
Maltego
bypenetration Tester
 
PPTX
Dark Arts Of Social Engineering
byNutan Kumar Panda
 
PDF
OSINT 2.0 - Past, present and future
byChristian Martorella
 
PDF
OSINT - Open Source Intelligence
byc0c0n - International Cyber Security and Policing Conference
 
PDF
Open source intelligence information gathering (OSINT)
byphexcom1
 
PDF
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
byPRISMA CSI
 
PPT
Owasp osint presentation - by adam nurudini
byAdam Nurudini
 
PDF
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
byEC-Council
 
PDF
OSINT- Leveraging data into intelligence
byDeep Shankar Yadav
 
PPT
Thane Barnier MACE 2016 presentation
byJeff Zahn
 
PPT
Digital investigations
bygarrettdiscovery
 
PDF
Toward distributed and virtualized enterprise security
byPriyanka Aash
 
PDF
How to make Android apps secure: dos and don’ts
byNowSecure
 
PDF
How to scale mobile application security testing
byNowSecure
 
PPTX
Threat Hunting with Splunk
bySplunk
 
From OSINT to Phishing presentation
byJesse Ratcliffe, OSCP
 
Osint ashish mistry
byn|u - The Open Security Community
 
Pen-testing is Dead?
byAmmar WK
 
Preparing for the inevitable: The mobile incident response playbook
byNowSecure
 
Data Privacy for Activists
byGreg Stromire
 
Maltego
bypenetration Tester
 
Dark Arts Of Social Engineering
byNutan Kumar Panda
 
OSINT 2.0 - Past, present and future
byChristian Martorella
 
OSINT - Open Source Intelligence
byc0c0n - International Cyber Security and Policing Conference
 
Open source intelligence information gathering (OSINT)
byphexcom1
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
byPRISMA CSI
 
Owasp osint presentation - by adam nurudini
byAdam Nurudini
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
byEC-Council
 
OSINT- Leveraging data into intelligence
byDeep Shankar Yadav
 
Thane Barnier MACE 2016 presentation
byJeff Zahn
 
Digital investigations
bygarrettdiscovery
 
Toward distributed and virtualized enterprise security
byPriyanka Aash
 
How to make Android apps secure: dos and don’ts
byNowSecure
 
How to scale mobile application security testing
byNowSecure
 
Threat Hunting with Splunk
bySplunk
 

Viewers also liked

PPT
Mysql
byRathan Raj
 
PDF
Learn PHP MySQL with Project
byayman diab
 
PPT
Apache
byRathan Raj
 
PPTX
CYBER CRIME PRESENTATION PART 2 BY KRISHNAKNT ARUNKUMAR MISHRA
byKrishnakant Mishra
 
PPT
Maria db the new mysql (Colin Charles)
byOntico
 
PDF
CFMA Cyber Crime Presentation
bySteve Machesney
 
PDF
MySQL Backup & Recovery
byMindfire Solutions
 
PPT
FBI Cybercrime Presentation
byStanislaus County Office of Education
 
PPT
Xampp Ppt
byguestb4b8d8e
 
PDF
Spear phishing attacks-by-hari_krishna
byRaghunath G
 
PPTX
Introduction to xampp
byJin Castor
 
PPTX
Cybercrime.ppt
byAeman Khan
 
PPTX
What to Upload to SlideShare
bySlideshare
 
PDF
Getting Started With SlideShare
bySlideshare
 
Mysql
byRathan Raj
 
Learn PHP MySQL with Project
byayman diab
 
Apache
byRathan Raj
 
CYBER CRIME PRESENTATION PART 2 BY KRISHNAKNT ARUNKUMAR MISHRA
byKrishnakant Mishra
 
Maria db the new mysql (Colin Charles)
byOntico
 
CFMA Cyber Crime Presentation
bySteve Machesney
 
MySQL Backup & Recovery
byMindfire Solutions
 
FBI Cybercrime Presentation
byStanislaus County Office of Education
 
Xampp Ppt
byguestb4b8d8e
 
Spear phishing attacks-by-hari_krishna
byRaghunath G
 
Introduction to xampp
byJin Castor
 
Cybercrime.ppt
byAeman Khan
 
What to Upload to SlideShare
bySlideshare
 
Getting Started With SlideShare
bySlideshare
 

Similar to Rafeeq Rehman - Breaking the Phishing Attack Chain

PDF
Cyber_Threats_and_CountermeasuresSeminar.pdf
byruturaj6333
 
PPTX
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
byBarakaMuyengi
 
PPTX
Gaining A Foothold
byClaranet UK
 
PDF
Drooger, jack cyber security
byHagerstown Chamber Business Expo
 
PPTX
PA SB DC Cyber Brief
byScott Zimmerman
 
PDF
Perimeter E-Security: Will Facebook Get You Hired or Fired?
byTaylor Van Sickle
 
PPTX
Organizational Phishing Education
byNicholas Davis
 
PDF
2015-06-16 IT Security - What You Need to Know
byRaffa Learning Community
 
PPTX
War on Stealth Cyberattacks that Target Unknown Vulnerabilities
byDataWorks Summit/Hadoop Summit
 
PDF
Frontier Secure: Handout for small business leaders on "How to be Secure"
byFrontier Small Business
 
PDF
Mobile Application pentesting blog.docx.pdf
byfortbridge4
 
DOCX
Mobile Application pentesting blog blog.docx
byfortbridge4
 
PPTX
Social Engineering Attacks security.pptx
by22bce363
 
PDF
2018 5-8 IT Security - What You Need to Know
byRaffa Learning Community
 
PDF
Phishing.pdf
byMariGogokhia
 
PPTX
Cyber Frontline - Level 3 - Module 1.pptx
bytrevor501353
 
PDF
Threats, Threat Modeling and Analysis
byIan G
 
PPTX
Breakfast Briefings - February 2018
byPKF Francis Clark
 
PDF
Cybersecurity - Webinar Session
byKalilur Rahman
 
PDF
2015-03-24 IT Security - What You Need to Know
byRaffa Learning Community
 
Cyber_Threats_and_CountermeasuresSeminar.pdf
byruturaj6333
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
byBarakaMuyengi
 
Gaining A Foothold
byClaranet UK
 
Drooger, jack cyber security
byHagerstown Chamber Business Expo
 
PA SB DC Cyber Brief
byScott Zimmerman
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
byTaylor Van Sickle
 
Organizational Phishing Education
byNicholas Davis
 
2015-06-16 IT Security - What You Need to Know
byRaffa Learning Community
 
War on Stealth Cyberattacks that Target Unknown Vulnerabilities
byDataWorks Summit/Hadoop Summit
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
byFrontier Small Business
 
Mobile Application pentesting blog.docx.pdf
byfortbridge4
 
Mobile Application pentesting blog blog.docx
byfortbridge4
 
Social Engineering Attacks security.pptx
by22bce363
 
2018 5-8 IT Security - What You Need to Know
byRaffa Learning Community
 
Phishing.pdf
byMariGogokhia
 
Cyber Frontline - Level 3 - Module 1.pptx
bytrevor501353
 
Threats, Threat Modeling and Analysis
byIan G
 
Breakfast Briefings - February 2018
byPKF Francis Clark
 
Cybersecurity - Webinar Session
byKalilur Rahman
 
2015-03-24 IT Security - What You Need to Know
byRaffa Learning Community
 

More from centralohioissa

PPTX
Mike Spaulding - Building an Application Security Program
bycentralohioissa
 
PPTX
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
bycentralohioissa
 
PPTX
Bob West - Educating the Board of Directors
bycentralohioissa
 
PDF
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
bycentralohioissa
 
PPTX
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
bycentralohioissa
 
PPTX
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
bycentralohioissa
 
PPTX
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
bycentralohioissa
 
PPTX
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
bycentralohioissa
 
PPTX
Tre Smith - From Decision to Implementation: Who's On First?
bycentralohioissa
 
PDF
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
bycentralohioissa
 
PPTX
Sean Whalen - How to Hack a Hospital
bycentralohioissa
 
PDF
Robert Hurlbut - Threat Modeling for Secure Software Design
bycentralohioissa
 
PPTX
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
bycentralohioissa
 
PDF
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
bycentralohioissa
 
PPTX
Jack Nichelson - Information Security Metrics - Practical Security Metrics
bycentralohioissa
 
PPTX
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
bycentralohioissa
 
PDF
Ruben Melendez - Economically Justifying IT Security Initiatives
bycentralohioissa
 
PPTX
Ed McCabe - Putting the Intelligence back in Threat Intelligence
bycentralohioissa
 
PDF
Ofer Maor - Security Automation in the SDLC - Real World Cases
bycentralohioissa
 
PPTX
Jim Libersky: Cyber Security - Super Bowl 50
bycentralohioissa
 
Mike Spaulding - Building an Application Security Program
bycentralohioissa
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
bycentralohioissa
 
Bob West - Educating the Board of Directors
bycentralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
bycentralohioissa
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
bycentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
bycentralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
bycentralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
bycentralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
bycentralohioissa
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
bycentralohioissa
 
Sean Whalen - How to Hack a Hospital
bycentralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
bycentralohioissa
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
bycentralohioissa
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
bycentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
bycentralohioissa
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
bycentralohioissa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
bycentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
bycentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
bycentralohioissa
 
Jim Libersky: Cyber Security - Super Bowl 50
bycentralohioissa
 

Recently uploaded

PDF
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PDF
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PDF
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PPTX
Introduction to Industrial-Arts Grade 8 ppt Lesson 1
byFSBTLEDNathanVince
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
Introduction to Industrial-Arts Grade 8 ppt Lesson 1
byFSBTLEDNathanVince
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 

Rafeeq Rehman - Breaking the Phishing Attack Chain

  • 1.
    BREAKING A COM PRE HE NS IVE STRATE GY TO RE S PO ND TO PHIS HING ATTACKS PHISHING CHAIN R AF E E Q U . R E HM AN CE N T R A L O H I O IS S A S U M M I T, M A R C H 3 0 2 0 1 6
  • 2.
    PHISHING TAILS THE RECRUITER,THE JOB SEAKER, AND CASE OF A CLONED DIGGER MACHINE
  • 3.
    CURRENT STATUS • CYBERESPIONAGE - MORE THAN TWO THIRD INVOLVED PHISHING • VICTIMS - 23% OPEN PHISHING EMAIL • HALF CLICK ON LINKS WITHIN FIRST HOUR • IT TAKES 82 SECONDS TO GET FIRST CLICK How Bad It Really Is? SOURCE: Verizon Data Breach Investigations Report 2015
  • 4.
    PHISHING CHAIN • RESEARCHAND CRAFT EMAIL • SEND PHISHING EMAIL • CREATE BACKDOOR AND/OR INSTALL MALWARE • DOWNLOAD ADDITIONAL MALWARE COMPONENTS • GATHER INFORMATION • EXFILTERATE DATA Typical Attack Patterns
  • 5.
    Sto p BleedingI nfo r matio n o n So cial Media Use SPAM Filter s Sandbo xing Techno lo g ies (expensiv e) H uman Fir ew all Desk to p H ar dening , White Listing , I nteg r ity C heck ing O utbo und Fir ew all Rules HOW TO MITIGATE RISK A SIX STEP APPROACH TO BREAK THE PHISHING CHAIN
  • 6.
    ZERO COST • RAISINGTHE AWARENESS • SOCIAL MEDIA USE • EMAIL SUBJECT, FOOTER REWRITING • FIREWALL RULES AND OUTBOUND DROPPED TRAFFIC MONITORING • TESTING FIREWALLS • OTHERS TOOLS S H O U L D I B U Y N E W TO O L S O R U S E W H A T I H A V E ?
  • 7.
    Verizon Data BreachDigest Attack-Defend Cards R A IS ING T HE A WA R ENES S SOURCE: http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest_xg_en.pdf
  • 8.
    SOCIAL MEDIA USE TheKiller Job Offer that Nobody can Resist HELLO RAFEEQ, I AM EX EC UTIVE REC RUITER AN D TRYIN G TO FILL SEN IOR DIREC TOR POSITION AT … Z E R O C O S T M E A S U R ES F O R B R E A K I N G P H I S H I N G C H A I N
  • 9.
    SOCIAL MEDIA USE EDUCATE,BUILD AWARENESS, TEST Z E R O C O S T M E A S U R ES F O R B R E A K I N G P H I S H I N G C H A I N WHAT IS APPROPRIATE TO INCLUDE IN ONLINE PROFILES? DO MY ACCOMPLISHMENTS SECTION REVEAL TOO MUCH INFO? WHAT ACRONYMS I USE ONLINE? TEST LEVEL OF AWARENESS (OPEN SOURCE TOOLS)
  • 10.
    EXTERNAL EMAIL REWRITE Subject:[EXTERNAL] … Footer: [Caution] This email … Z E R O C O S T M E A S U R ES F O R B R E A K I N G P H I S H I N G C H A I N MOST EMAIL SYSTEMS ALLOW REW RITIN G SUBJ EC T LIN ES AN D ADDIN G FOOTERS
  • 11.
    OUTBOUND FIREWALL RULES RESTRICTOUTBOUND TRAFFIC Z E R O C O S T M E A S U R ES F O R B R E A K I N G P H I S H I N G C H A I N RESTRICT OUTBOUND FIREWALL TRAFFIC MONITOR OUTBOUND DENIED TRAFFIC TEST USING TOOLS LIKE NC AND NMAP
  • 12.
    USE HUMAN FIREWALL REDUCEDETECTION TIME Z E R O C O S T M E A S U R ES F O R B R E A K I N G P H I S H I N G C H A I N GAMIFICATION OF DETECTION, REPORTING, RECOGNITION LIN K IN FOOTER TO REPORT PH ISH IN G ADD REPORT PH ISH IN G BUTTON
  • 13.
    SUMMARY • SOCIAL MEDIAPOLICIES • TRAINING AND AWARENESS • USE EXISTING TECHNOLOGIES • USE EMAIL SYSTEM: SUBJECT OR FOOTERS • HARDEN DESKTOPS, APPLY PATCHES • RESTRICT OUTBOUND TRAFFIC (FIREWALLS) • MONITOR DENIED TRAFFIC RECOMMENDED ACTION
  • 14.