This document is a presentation on phishing aimed at educating university staff and faculty. It defines phishing, explains why it poses a threat to universities, and discusses common phishing techniques like socially engineered emails and exploiting human curiosity. The presentation includes examples of phishing emails and encourages the audience to spot signs of phishing like poor grammar, suspicious links, and threats or urgency. It emphasizes that critical thinking and avoiding clicking suspicious links are key to avoiding phishing attempts.
Information Systems 365 Lecture Six -- Access ControlNicholas Davis
This is a sample slide deck from the Information Security 365/765, Fall 2016 semester class, which I teach at the University of Wisconsin-Madison. The audience has no previous background in Information Security and this class is taught as a survey course.
Using Measured Security Awareness To Combat Phishing AttacksNicholas Davis
This presentation discusses how to detect phishing and provides some background on using a measured security awareness service as a continuing education tool. The presentation gives examples of how phishing can be used in a constructive manner, to give end users a real-life experience, dealing with phishing and spear phishing attacks.
A general education presentation, created to teach employees of an organization about Phishing, what it is, how to recognize it, avoid becoming a phishing victim, how to recognize common social engineering techniques, and what to do if you think you have been phished.
Presentation on data security for nonprofit organizations presented by Ken Robey, CISSP, of Security in Focus, Inc., as part of the Project Ignite forum series.
Information Systems 365 Lecture Six -- Access ControlNicholas Davis
This is a sample slide deck from the Information Security 365/765, Fall 2016 semester class, which I teach at the University of Wisconsin-Madison. The audience has no previous background in Information Security and this class is taught as a survey course.
Using Measured Security Awareness To Combat Phishing AttacksNicholas Davis
This presentation discusses how to detect phishing and provides some background on using a measured security awareness service as a continuing education tool. The presentation gives examples of how phishing can be used in a constructive manner, to give end users a real-life experience, dealing with phishing and spear phishing attacks.
A general education presentation, created to teach employees of an organization about Phishing, what it is, how to recognize it, avoid becoming a phishing victim, how to recognize common social engineering techniques, and what to do if you think you have been phished.
Presentation on data security for nonprofit organizations presented by Ken Robey, CISSP, of Security in Focus, Inc., as part of the Project Ignite forum series.
Access Lab 2020: Saying ‘no’ the publisher’s personal data gathering – our ex...OpenAthens
Access Lab 2020: Saying ‘no’ the publisher’s personal data gathering – our experiences
Sally Hoadley, Jerome Farrell, Hannah Wise, University of Surrey
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Beth Sallay
Why do certain users fall for phishing attacks? What's going on? Are they on auto-pilot, not fully engaged in their online activities? Are they lacking critical thinking abilities? The short answer is no, they are in fact fully aware of what they are doing and reading but lack the experience to know they are being scammed. There are also several personality traits that contribute to their increased likelihood of victimization.
3 aspects where the 'virtual world' interacts now and in the future with us in a very real way.
. Thought Works Introduction to Blockchain
. Cyber Security
. Cloud Accounting
Imagining the Impossible: Recruitment Communications in a World Without PaperBob Johnson, Ph.D.
In this time of tight finances, large admissions print budgets are logical areas for cost-cutting reviews. What would you do if you had no money for print materials to recruit students?
Review these pages and imagine a new recruitment communications plan using current and emerging technology and based on a strong recruitment-oriented website.
Imagine the impossible. In 5 to 10 years this future might be real.
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
In today's ever-evolving cybersecurity landscape, organizations face an increasing number of threats. Conducting a NIST Cybersecurity Framework (CSF) assessment can be a valuable tool to identify, manage, and mitigate these risks. Let's explore how it can benefit your organization.
A NIST CSF assessment is not just about compliance; it's about proactively managing your cybersecurity posture. By identifying and addressing your vulnerabilities, you can reduce the likelihood and impact of cyberattacks. Additionally, the framework can help you communicate your security efforts effectively to internal and external stakeholders.
Access Lab 2020: Saying ‘no’ the publisher’s personal data gathering – our ex...OpenAthens
Access Lab 2020: Saying ‘no’ the publisher’s personal data gathering – our experiences
Sally Hoadley, Jerome Farrell, Hannah Wise, University of Surrey
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Beth Sallay
Why do certain users fall for phishing attacks? What's going on? Are they on auto-pilot, not fully engaged in their online activities? Are they lacking critical thinking abilities? The short answer is no, they are in fact fully aware of what they are doing and reading but lack the experience to know they are being scammed. There are also several personality traits that contribute to their increased likelihood of victimization.
3 aspects where the 'virtual world' interacts now and in the future with us in a very real way.
. Thought Works Introduction to Blockchain
. Cyber Security
. Cloud Accounting
Imagining the Impossible: Recruitment Communications in a World Without PaperBob Johnson, Ph.D.
In this time of tight finances, large admissions print budgets are logical areas for cost-cutting reviews. What would you do if you had no money for print materials to recruit students?
Review these pages and imagine a new recruitment communications plan using current and emerging technology and based on a strong recruitment-oriented website.
Imagine the impossible. In 5 to 10 years this future might be real.
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
Similar to Something in the library smells phishy (20)
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
In today's ever-evolving cybersecurity landscape, organizations face an increasing number of threats. Conducting a NIST Cybersecurity Framework (CSF) assessment can be a valuable tool to identify, manage, and mitigate these risks. Let's explore how it can benefit your organization.
A NIST CSF assessment is not just about compliance; it's about proactively managing your cybersecurity posture. By identifying and addressing your vulnerabilities, you can reduce the likelihood and impact of cyberattacks. Additionally, the framework can help you communicate your security efforts effectively to internal and external stakeholders.
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
Today, is Information Systems 371, I am lecturing about Decision Support Systems. In addition to covering the basics at a conceptual level, I am trying to get the students to think about the impact of IoT, 5G, and Artificial Intelligence, in terms of how Decision Support Systems are changing and what the new demands placed upon them will be.
During the Spring semester, I teach a 3 credit survey course in software development, at UW-Madison (IS 371), which is the first in the series of courses in the Information Systems major track. As part of this course, I devote an entire lecture to discussing different types of software development (Agile, Waterfall, Extreme, Spiral, etc.) I hope it helps the students better understand the different types of software development styles, as well as the benefits and drawbacks of each. In my opinion, they need to learn early on that there is more than one way to go about a software development challenge, and they need to figure out which style works best for them.
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
Today, in class, I will be covering the topics of Cloud and BYOD Information Security. The intent of the lecture is to introduce students to the general issues surrounding information security in these two areas.
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
This is the security awareness presentation which I will be giving to Quartz Health Solutions, on October 24, 2018. If focuses in on three areas: information security best practices for work, at home, and also contains some tips for kids. Topics include: PHI, ePHI, HIPAA, Identity Theft, Social Engineering, phishing, password management, malware, insider threats, social networks, and mobile devices.
A presentation about cyberwar basics, the past, present and future directions of cyberwar and some needed changes in technology and long standing societal attitudes, to combat this escalating threat
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
Last day of lecture, a summary presentation of everything the students learned this semester, in the information security class I teach at the University of Wisconsin-Madison
Bringing the Entire Information Security Semester Together With a Team ProjectNicholas Davis
Absorbing information does no good, unless you are able to apply what you have learned. Each semester, I give my information security students a team project, in which they must use all the knowledge acquired during the semester, in combination with their ability to do Internet research, to deliver an overall information security assessment of a company of their choosing. To make it a challenge, I make them grade all the other teams in the class, but only give them enough points to distribute so that the average is 90. In grading their peers, they must make decisions about which presentations are excellent, and which are not.
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
Horrible things happen on the Deep Web. It is important for information security professionals to know about this topic, so that we can help to stop the problem. Silence is acquiescence----If you see something horribly wrong, you have got to speak up and be part of the solution to stop it. Contact the FBI or local law enforcement.
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
The final assignment in the Information Security 365/765 course I teach at UW-Madison, is for teams of students to put together company focused IT security presentations, in which they take the concepts learned in class throughout the entire semester, and apply them to a real company. Here is a sample from Team Netflix! I am proud of the students, and feel that they have gained a solid foundation in the field of information security. Another semester come and gone!
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
This presentation is a summary, for the students of the IS 365/765 course I teach, at the University of Wisconsin-Madison, providing a 104 slide reminder of the most important topics in Information Security, which we covered throughout the semester. Today is the last day of course material. We have 4 days of student team presentations, to follow.
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Nicholas Davis
Today's topic in the Information Security 365/765 class, which I teach at the University of Wisconsin-Madison.
Computer crimes and computer laws, Motives and profiles of attackers, Various types of evidence, Laws and acts to fight computer crime, Computer crime investigation process, Incident handling procedures, Ethics and best practices
As a guest speaker, I gave this presentation, last night, to the Association of Information Systems Professionals (AISP), an Information Systems student group at the University of Wisconsin-Madison. Demystifying Professional Certifications provides an overview of what professional certifications are, why they matter, how to choose which ones to pursue, how to get certified and how to keep the certifications is good standing.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Free Complete Python - A step towards Data Science
Something in the library smells phishy
1. Something In the Library Smells Phishy
Presented by Nicholas Davis, CISSP, CISA
2. OverviewOverview
Phishing Background
Threat to IT on campus
Phishing education
Tricks employed
Sample phishing emails unique to UW-
Madison
Spotting the phish, after the click
10 quick tests for the audience!
Q&A
03/18/14 UNIVERSITY OF WISCONSIN 2
3. Phishing DefinedPhishing Defined
Phishing is the act of attempting to
acquire information such as usernames,
passwords, and credit card details (and
sometimes, indirectly, money) by
masquerading as a trustworthy entity in
an electronic communication, usually
email.
03/18/14 UNIVERSITY OF WISCONSIN 3
4. Why Phishing Is Such a ThreatWhy Phishing Is Such a Threat
UW-Madison IT infrastructure is
designed to protect the campus
computing assets with many technical
controls
However, this persuades hackers to
pursue access via alternate means, often
choosing to exploit the human factor
03/18/14 UNIVERSITY OF WISCONSIN 4
5. Your Password Is the Key to theYour Password Is the Key to the
KingdomKingdom
If an attacker can
persuade you to give
them your
password, they can
evade all the
controls put in place
to protect sensitive
systems
03/18/14 UNIVERSITY OF WISCONSIN 5
7. I am Too Smart to Fall For aI am Too Smart to Fall For a
Trick Like PhishingTrick Like Phishing
Most large organizations have a
phishing participation rate of around
10%
This rises when the population become
the subjects of Spear Phishing, which is
phishing email designed specifically for
the recipient
03/18/14 UNIVERSITY OF WISCONSIN 7
8. Phishing Relies Upon SocialPhishing Relies Upon Social
EngineeringEngineering
The practice of deceiving someone,
either in person, over the phone, or
using a computer, with the express
intent of breaching some level of
security either personal or professional.
Social engineering techniques are
considered con games which are
performed by con artists. The targets of
social engineering may never realize
they have been victimized.
03/18/14 UNIVERSITY OF WISCONSIN 8
9. Tricks Used By Expert PhishersTricks Used By Expert Phishers
Socially Aware: Mining of information
about the target from publicly available
resources, such as Facebook, property
records, or even CCAP
Context Aware: Make reference to an
activity you are likely to engage in, such
as Amazon.com, or UPS package receipt
03/18/14 UNIVERSITY OF WISCONSIN 9
10. Specific Examples of ComplexSpecific Examples of Complex
Phishing AttemptsPhishing Attempts
Baiting: Placing a USB flash drive or CD,
with malware on it, in a public place
03/18/14 UNIVERSITY OF WISCONSIN 10
11. Specific Examples of ComplexSpecific Examples of Complex
Phishing AttemptsPhishing Attempts
QR Code Curiosity: Embedding
malicious code within a QR code, on a
printout posted to a community bulletin
board
03/18/14 UNIVERSITY OF WISCONSIN 11
12. Specific Examples of ComplexSpecific Examples of Complex
Phishing AttemptsPhishing Attempts
Out of Office, Out of Control: Taking
advantage of an autoresponder,
leveraging specific knowledge to exploit
co-workers
03/18/14 UNIVERSITY OF WISCONSIN 12
13. What Would Happen If YouWhat Would Happen If You
Received This Email?Received This Email?
03/18/14 UNIVERSITY OF WISCONSIN 13
14. What Would Happen If YouWhat Would Happen If You
Received This Email?Received This Email?
03/18/14 UNIVERSITY OF WISCONSIN 14
15. Tips To Spot Social EngeeringTips To Spot Social Engeering
Within a Phishing AttemptWithin a Phishing Attempt
Asks you to verify a sensitive piece of
information
A sense of urgency is implied in the message
An overt or implied threat may be present
Flattery is used to get you to drop your guard
Use, and sometimes overuse of organizational
knowledge in employed
A bribe or reward for your “help” may be
offered
03/18/14 UNIVERSITY OF WISCONSIN 15
16. Spotting the Phish After theSpotting the Phish After the
ClickClick
Website address looks odd or incorrect
IP address shows in address bar
Multiple pop-ups appear on top of
legitimate website window
Website contains spelling or grammar
errors
No SSL lock is present on what should
be a secure site
03/18/14 UNIVERSITY OF WISCONSIN 16
17. Can You Spot the Issue HereCan You Spot the Issue Here
03/18/14 UNIVERSITY OF WISCONSIN 17
18. Combat Phishing AttemptsCombat Phishing Attempts
Never give away personal information,
especially username and password
Don’t let curiosity get the best of you
Look for the tell-tail signs we have
discussed today
There are no situations which justify
exceptions
If something sounds too good to be
true…
03/18/14 UNIVERSITY OF WISCONSIN 18
20. DiscussionDiscussion
• Odd use of the English language
• Email references a service which you
may never have heard of, and do not use
• There is a sense of urgency in the email
• There is a direct threat of implications, if
you do not act immediately
03/18/14 UNIVERSITY OF WISCONSIN 20
21. What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Secure Account Notification
Date: February 20, 2014
Blackboard
Secure Account Notification
A suspicious activity has been detected. For your safety,
your account access has been suspended.
Please re-activate your account immediately by clicking
on the "Re-Activate My Account" link provided below:
<Re-Activate My Account>
We are sorry for any inconveniences caused as your
safety is important to us.
Thank you,
Blackboard System Notifications.
03/18/14 UNIVERSITY OF WISCONSIN 21
22. DiscussionDiscussion
• A punishment has been specified for
previous actions, making you feel
guilty
• A sense of urgency of action on your
part is asked for
• A context aware attack is used,
referencing Blackboard, a commonly
used software package, in higher
education
03/18/14 UNIVERSITY OF WISCONSIN 22
23. What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Web!User
Date: February 19, 2014
Dear Web!User,
We are under urgent upgrade service you are require to
upgrade account by via hxxp://servacc.0ad.info/
System Administrator
Web! Techs.
03/18/14 UNIVERSITY OF WISCONSIN 23
24. DiscussionDiscussion
• Poor English grammar usage
• Sense of urgency implied
• Refers to you by some odd generic
name “web user”
03/18/14 UNIVERSITY OF WISCONSIN 24
25. What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Apple Customer Alert!
Date: February 18, 2014
Dear Apple Customer,
Please confirm your identity today or your account will
be Disabled due to concerns we have for the safety and
integrity of the Apple Community.
To confirm your identity, we recommend Click here
Regards,
Apple Customer Service.
03/18/14 UNIVERSITY OF WISCONSIN 25
26. DiscussionDiscussion
• Sense of urgency contained in email
• You have been made to feel guilty
• Context aware reference for all Apple
users
• Threat of account disabling if you do
not act
03/18/14 UNIVERSITY OF WISCONSIN 26
27. What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: RE: Faculty Staff & Employee Mailbox Upgrade
Date: January 21, 2014
Dear Faculty Staff & Employee Email Subscribers
Welcome to 2014 Academic Season
Your Email Account have been put on-hold by our
server,you can no longer
send or receive emails,to avoid this kindly click on the
link UPGRADE to submit your
old account for New to enable you to send and receive
emails
Thank You
ITS Service Provider Team
03/18/14 UNIVERSITY OF WISCONSIN 27
28. DiscussionDiscussion
• Socially aware email appears to be
familiar with your association with
the university as a faculty or staff
member
• Odd use of English language
• Sense of moderate urgency implied
03/18/14 UNIVERSITY OF WISCONSIN 28
29. What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: ACH Notification
Date: October 9, 2013
Attached is a summary of Origination activity
for 10/09/2013
If you need assistance please contact us via e-
mail during regular business hours.
Thank you for your cooperation.
03/18/14 UNIVERSITY OF WISCONSIN 29
30. DiscussionDiscussion
• References commonly known “ACH”
term, which is familiar to people who
deal with accounts payable and
accounts receivable
• Plays on your sense of curiosity, to
learn more….(What account is this?
How much do I owe?)
• Email is intentionally vague
03/18/14 UNIVERSITY OF WISCONSIN 30
31. What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Court attendance notification #ID608
Date: January 9, 2014
From: Illegal software
Sent: Thursday, January 09, 2014 1:18 AM
Subject: Court attendance notification #ID608
Warrant to appear,
Please be informed that you are expected
in the Court of Georgia on February 2nd, 2014 at 9:30 a.m.
where the hearing of your case of illegal software use will take place.
You may obtain protection of a lawyer, if necessary.
Please bring your identity documents to the Court on the named day.
Attendance is compulsory.
The detailed plaint note is attached to this letter, please download and
read it thoroughly.
Court clerk,
LANE Pruitt
03/18/14 UNIVERSITY OF WISCONSIN 31
32. DiscussionDiscussion
• Context issues: You don’t live in
Goergia and have not been there
recently (warning sign)
• You are made to feel guilty for some
previous action which you supposedly
engaged in
• A sense of urgency is implied
• The email may appeal to your sense
of curiosity
03/18/14 UNIVERSITY OF WISCONSIN 32
33. What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Scanned Image from a HP Digital Device
Date: June 19, 2013
Please open the attached document. This document
was digitally sent to you using an HP Digital
Sending device.
To view this document you need to use the Adobe
Acrobat Reader.
03/18/14 UNIVERSITY OF WISCONSIN 33
34. DiscussionDiscussion
• Lots of context aware references in
this email….Almost all of us use HP
printers and Adobe Acrobat reader,
on our computer. Do not let your
guard down simply because of some
familiar references
• This email appeals to your curiosity
to see what is in the attachment…
Don’t fall for it!
03/18/14 UNIVERSITY OF WISCONSIN 34
36. DiscussionDiscussion
• Context aware attack, for those who
have a Chase credit card. An immediate
red flag for those who do not
• A punishment has been applied, which
will harm your ability to engage in credit
card transactions, instilling a sense of
fear
• The email is so vague, it makes you
curious to learn more by clicking on a
link
03/18/14 UNIVERSITY OF WISCONSIN 36
37. What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Microsoft Security Update
Date: August 10, 2012
Dear Window Users,
You have a urgent windows security alert. A deadly virus that
can replicate itself was detected yesterday on one of our
servers. You are to download the latest windows defender from
the below link to prevent your hard drive from getting
damanged. CLICK HERE to log in with your email and
download the updated version.
Windows Security Team
03/18/14 UNIVERSITY OF WISCONSIN 37
38. DiscussionDiscussion
• A sense of urgency is explicit in this
email
• A sense of guilt, for some action you did,
is present
• Context aware for Microsoft users…For
others, the Microsoft reference should
be a red flag
• Requires you to click on something to fix
the problem. Note, in reality, most such
maintenance is performed by your
network administrator and should not
require action on your part.
03/18/14 UNIVERSITY OF WISCONSIN 38
39. What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: Photos
Date: August 13, 2012
Hi, as promised your photos -
hxxp://127.0.0.1/badstuff.htm
03/18/14 UNIVERSITY OF WISCONSIN 39
40. DiscussionDiscussion
• Context aware. At some point, most
of us have received links to pictures,
sent by friends, through email, so are
fooled into thinking that this email
could apply to you
• The email is intentionally vague,
making you curious to learn more…
Don’t fall for the click!
03/18/14 UNIVERSITY OF WISCONSIN 40
41. What Do You Think?What Do You Think?
Can You Spot the Phish?Can You Spot the Phish?
Subject: NetTeller Watch Notice
Date: July 2, 2012
The following ACH batch has been initiated:
Confirmation number: 0829703846
Category: MONTHLY PAYROLL
Effective Date: 7/03/12
Debits: $.00 Credits: $40,866.29
Class Code: PPD
Offset Account: CHECKING
For details, please log in to your NetTeller account.
Click here to access NetTeller account
NOTE: Some web browsers do not open a new window when the above link is
clicked. If you find that a new window did not open, please check the
other open browsers on your computer.
03/18/14 UNIVERSITY OF WISCONSIN 41
42. DiscussionDiscussion
• Appeals to human nature of wanting
to believe we can get something for
nothing…In this case $40,866.29, to
be specific
• Since you were not expecting a
windfall of money, this email appeals
to your sense if curiosity, to click and
learn what it is all about
• You don’t have a Net Teller account,
so this should be a red flag.
03/18/14 UNIVERSITY OF WISCONSIN 42
43. Curiosity Killed the Cat!Curiosity Killed the Cat!
Lack of Curiosity Killed the Phish!Lack of Curiosity Killed the Phish!
Nicholas Davis
ndavis1@wisc.edu
03/18/14 UNIVERSITY OF WISCONSIN 43