SlideShare a Scribd company logo

Spear phishing attacks-by-hari_krishna

R
Raghunath G
TechnologyNews & Politics
1 of 12
Download to read offline
May 17, 2014 Spear Phishing Attack -Hari V
Phishing is a social engineering tactic where the attacker attempts to get a user to divulge sensitive information (like username/password, bank account number, personal information, etc.) or go to a malicious website where such information can be harvested. It uses "bait" such as telling the user that they are their bank asking for the information or posing as some other authority like the system administrator. Usually it is delivered by email or Instant Messenger. Spear phishing is a subset of phishing. Whereas general phishing targets a wide range of people trying to get some of them to divulge general information, spear phishing targets key individuals who are expected to have very special access or information that the attacker wants. It could be a company executive or a military officer. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Topics Covered 5/13/2014
 Spear Phishing is easiest and direct method to breach highly secured networks.  Phishing attacks are very common in nature and many of systems and networks has enabled defense mechanism.  Success rate is very high as user knows about the phishing attacks and unaware of spear phishing attacks.  Spear Phishing is part of social engineering.  No Cost at all, No tracking back. Increased usage of social networking made it very easy and reliable to hackers - Personal data, co- employees, locations, phone numbers , email ids. 5/13/2014
 Performing Reconnaissance  Scanning and enumeration  Gaining access  Escalation of privilege  Maintaining access  Covering tracks and placing backdoors 5/13/2014
 It by passes all the traditional attack methodology .  Gets direct front door entrance access. = There is no patch for human Mistakes. 5/17/2014
It just by Email /link/attachment same as Phishing, the only difference is , this attack is specific to targeted domains and targets victims. Targeted Email From some you trust (Patient attacker) About something your interest, like, trust. 5/13/2014
Attacker gains all the knowledge about victim (user/company) , this knowledge includes his/her likes, dislikes, Interests, Favorites, Hobbies ,Personal information, Address etc. Where does attacker gets all this info from ? Well, every one knows this answer. 1) Social networking sites 2) Blog 3) Job Portals 4) Matrimonial sites 5) Social engineering 5/13/2014
Now attacker creates email similar to victims team mate/supervisor/MD of company etc. email in different domains. Below are few examples. 1) victimfullname@email.com 2) Victimname.dob@email.com 3) Victimpetname.city@email.com 4) Vicitmname.company@email.com Real time example :- 5/13/2014
Attackers send the email to which phishing link using all the social engineering knowledge gained. Most of the common scenarios, victim thinks that email is from his friends/teammates/boss. This is how attacker gains the trust of victim. 5/13/2014
 Never use your personal email for work purpose.  Add Spear Phishing as part of your regular VAPT activity.  Establish Policy and best practices for email usage.  Block all the emails other than self domains ?? 5/13/2014
 http://wiki.answers.com/Q/What_is_the_difference_between_phishin g_and_spear_fishing
Thank you Impossible is later called as miracle, its all about how you look at it. – Hari

Recommended

Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing- Mark - Fullbright
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Social engineering
Social engineeringSocial engineering
Social engineeringn|u - The Open Security Community
 
1. spear phishing (cyber awareness series)
1. spear phishing (cyber awareness series)1. spear phishing (cyber awareness series)
1. spear phishing (cyber awareness series)Isaac Feliciano
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsCybersecurity Education and Research Centre
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 

Recommended

Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing- Mark - Fullbright
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Social engineering
Social engineeringSocial engineering
Social engineeringn|u - The Open Security Community
 
1. spear phishing (cyber awareness series)
1. spear phishing (cyber awareness series)1. spear phishing (cyber awareness series)
1. spear phishing (cyber awareness series)Isaac Feliciano
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsCybersecurity Education and Research Centre
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attackAariyaRathi
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twinsNilantha Piyasiri
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gtemi
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing
PhishingPhishing
PhishingNorth Carolina State University
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyharpinderkaur123
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Social Media Safety Tips
Social Media Safety TipsSocial Media Safety Tips
Social Media Safety TipsDepartment of Defense
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Er. Rahul Jain
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gchiewmingli
 
Katharina Urlbauer- SMM A4 Facelessness
Katharina Urlbauer- SMM A4 FacelessnessKatharina Urlbauer- SMM A4 Facelessness
Katharina Urlbauer- SMM A4 FacelessnessHHSome
 
Security Awareness 9-10-09 v5 Sensitive Information
Security Awareness 9-10-09 v5 Sensitive InformationSecurity Awareness 9-10-09 v5 Sensitive Information
Security Awareness 9-10-09 v5 Sensitive InformationCatherine MacAllister
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacksSreejith.D. Menon
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Whatsapp
WhatsappWhatsapp
WhatsappDeepak Kumar (D3)
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till nowelakkiya poongunran
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General CourseAaron Keating
 
Mysql
MysqlMysql
MysqlRathan Raj
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 

More Related Content

What's hot

What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attackAariyaRathi
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twinsNilantha Piyasiri
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gtemi
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Er. Rahul Jain
 
Katharina Urlbauer- SMM A4 Facelessness
Katharina Urlbauer- SMM A4 FacelessnessKatharina Urlbauer- SMM A4 Facelessness
Katharina Urlbauer- SMM A4 FacelessnessHHSome
 
Security Awareness 9-10-09 v5 Sensitive Information
Security Awareness 9-10-09 v5 Sensitive InformationSecurity Awareness 9-10-09 v5 Sensitive Information
Security Awareness 9-10-09 v5 Sensitive InformationCatherine MacAllister
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacksSreejith.D. Menon
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General CourseAaron Keating
 

What's hot (20)

What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attack
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twins
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing
PhishingPhishing
Phishing
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
Social Media Safety Tips
Social Media Safety TipsSocial Media Safety Tips
Social Media Safety Tips
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Katharina Urlbauer- SMM A4 Facelessness
Katharina Urlbauer- SMM A4 FacelessnessKatharina Urlbauer- SMM A4 Facelessness
Katharina Urlbauer- SMM A4 Facelessness
 
Security Awareness 9-10-09 v5 Sensitive Information
Security Awareness 9-10-09 v5 Sensitive InformationSecurity Awareness 9-10-09 v5 Sensitive Information
Security Awareness 9-10-09 v5 Sensitive Information
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Whatsapp
WhatsappWhatsapp
Whatsapp
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
 
Phishing 101 General Course
Phishing 101 General CoursePhishing 101 General Course
Phishing 101 General Course
 

Viewers also liked

Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
Learn PHP MySQL with Project
Learn PHP MySQL with ProjectLearn PHP MySQL with Project
Learn PHP MySQL with Projectayman diab
 
CYBER CRIME PRESENTATION PART 2 BY KRISHNAKNT ARUNKUMAR MISHRA
CYBER CRIME PRESENTATION PART 2 BY KRISHNAKNT ARUNKUMAR MISHRACYBER CRIME PRESENTATION PART 2 BY KRISHNAKNT ARUNKUMAR MISHRA
CYBER CRIME PRESENTATION PART 2 BY KRISHNAKNT ARUNKUMAR MISHRAKrishnakant Mishra
 
Maria db the new mysql (Colin Charles)
Maria db the new mysql (Colin Charles)Maria db the new mysql (Colin Charles)
Maria db the new mysql (Colin Charles)Ontico
 
CFMA Cyber Crime Presentation
CFMA Cyber Crime PresentationCFMA Cyber Crime Presentation
CFMA Cyber Crime PresentationSteve Machesney
 
Marvella city a complete township in haridwar
Marvella city a complete township in haridwarMarvella city a complete township in haridwar
Marvella city a complete township in haridwarMarvella city
 
Internet safety presentation
Internet safety presentationInternet safety presentation
Internet safety presentationmkajiwara1
 
88001174636 Marvella city in haridwar
88001174636 Marvella city in haridwar 88001174636 Marvella city in haridwar
88001174636 Marvella city in haridwar Marvella city
 
So you want to retire in florida 1997 far
So you want to retire in florida 1997 farSo you want to retire in florida 1997 far
So you want to retire in florida 1997 farJames Lavigne
 
Ted talk newest
Ted talk newestTed talk newest
Ted talk newestniki298
 
Buying a business in florida
Buying a business in floridaBuying a business in florida
Buying a business in floridaJames Lavigne
 
Nomadic Display Set Up HangTen
Nomadic Display Set Up HangTenNomadic Display Set Up HangTen
Nomadic Display Set Up HangTenNomadic Display
 
Heartbleed by-danish amber
Heartbleed by-danish amberHeartbleed by-danish amber
Heartbleed by-danish amberRaghunath G
 
Seh based exploitation
Seh based exploitationSeh based exploitation
Seh based exploitationRaghunath G
 
UGA Guest Lecture: Social Media 101
UGA Guest Lecture: Social Media 101UGA Guest Lecture: Social Media 101
UGA Guest Lecture: Social Media 101steffan
 
Pengenalan Pillow Lava di Berbah,Sleman,Yogyakarta
Pengenalan Pillow Lava di Berbah,Sleman,YogyakartaPengenalan Pillow Lava di Berbah,Sleman,Yogyakarta
Pengenalan Pillow Lava di Berbah,Sleman,YogyakartaNicholas Vincento
 

Viewers also liked (20)

Mysql
MysqlMysql
Mysql
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
 
Learn PHP MySQL with Project
Learn PHP MySQL with ProjectLearn PHP MySQL with Project
Learn PHP MySQL with Project
 
Apache
ApacheApache
Apache
 
CYBER CRIME PRESENTATION PART 2 BY KRISHNAKNT ARUNKUMAR MISHRA
CYBER CRIME PRESENTATION PART 2 BY KRISHNAKNT ARUNKUMAR MISHRACYBER CRIME PRESENTATION PART 2 BY KRISHNAKNT ARUNKUMAR MISHRA
CYBER CRIME PRESENTATION PART 2 BY KRISHNAKNT ARUNKUMAR MISHRA
 
Maria db the new mysql (Colin Charles)
Maria db the new mysql (Colin Charles)Maria db the new mysql (Colin Charles)
Maria db the new mysql (Colin Charles)
 
CFMA Cyber Crime Presentation
CFMA Cyber Crime PresentationCFMA Cyber Crime Presentation
CFMA Cyber Crime Presentation
 
Marvella city a complete township in haridwar
Marvella city a complete township in haridwarMarvella city a complete township in haridwar
Marvella city a complete township in haridwar
 
Internet safety presentation
Internet safety presentationInternet safety presentation
Internet safety presentation
 
SAmador CV
SAmador CVSAmador CV
SAmador CV
 
88001174636 Marvella city in haridwar
88001174636 Marvella city in haridwar 88001174636 Marvella city in haridwar
88001174636 Marvella city in haridwar
 
Función BUSCARV
Función BUSCARVFunción BUSCARV
Función BUSCARV
 
So you want to retire in florida 1997 far
So you want to retire in florida 1997 farSo you want to retire in florida 1997 far
So you want to retire in florida 1997 far
 
Ted talk newest
Ted talk newestTed talk newest
Ted talk newest
 
Buying a business in florida
Buying a business in floridaBuying a business in florida
Buying a business in florida
 
Nomadic Display Set Up HangTen
Nomadic Display Set Up HangTenNomadic Display Set Up HangTen
Nomadic Display Set Up HangTen
 
Heartbleed by-danish amber
Heartbleed by-danish amberHeartbleed by-danish amber
Heartbleed by-danish amber
 
Seh based exploitation
Seh based exploitationSeh based exploitation
Seh based exploitation
 
UGA Guest Lecture: Social Media 101
UGA Guest Lecture: Social Media 101UGA Guest Lecture: Social Media 101
UGA Guest Lecture: Social Media 101
 
Pengenalan Pillow Lava di Berbah,Sleman,Yogyakarta
Pengenalan Pillow Lava di Berbah,Sleman,YogyakartaPengenalan Pillow Lava di Berbah,Sleman,Yogyakarta
Pengenalan Pillow Lava di Berbah,Sleman,Yogyakarta
 

Similar to Spear phishing attacks-by-hari_krishna

E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detectionijtsrd
 
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptxWPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptxWestern Pacific University
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Okan YILDIZ
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Software Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptSoftware Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptPramodAlfred
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigationNimishaRawat
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing AttacksRapid7
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptxMouradAKenk
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingmentAswani34
 

Similar to Spear phishing attacks-by-hari_krishna (20)

E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptxWPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Software Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptSoftware Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.ppt
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigation
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptx
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

More from Raghunath G

Securitynewsbytes
SecuritynewsbytesSecuritynewsbytes
SecuritynewsbytesRaghunath G
 
Whats app forensic
Whats app forensicWhats app forensic
Whats app forensicRaghunath G
 
Securitynewsbytes april2015-150418153901-conversion-gate01
Securitynewsbytes april2015-150418153901-conversion-gate01Securitynewsbytes april2015-150418153901-conversion-gate01
Securitynewsbytes april2015-150418153901-conversion-gate01Raghunath G
 
Analysis of malicious pdf
Analysis of malicious pdfAnalysis of malicious pdf
Analysis of malicious pdfRaghunath G
 
Mobile application security 101
Mobile application security 101Mobile application security 101
Mobile application security 101Raghunath G
 
Security News Bytes
Security News BytesSecurity News Bytes
Security News BytesRaghunath G
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to securityRaghunath G
 
Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan nullRaghunath G
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
Null July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj MachirajuNull July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj MachirajuRaghunath G
 
Security News Bytes
Security News BytesSecurity News Bytes
Security News BytesRaghunath G
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaRaghunath G
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthanRaghunath G
 
The art of_firewalking-by-sujay
The art of_firewalking-by-sujayThe art of_firewalking-by-sujay
The art of_firewalking-by-sujayRaghunath G
 

More from Raghunath G (20)

Securitynewsbytes
SecuritynewsbytesSecuritynewsbytes
Securitynewsbytes
 
Whats app forensic
Whats app forensicWhats app forensic
Whats app forensic
 
Securitynewsbytes april2015-150418153901-conversion-gate01
Securitynewsbytes april2015-150418153901-conversion-gate01Securitynewsbytes april2015-150418153901-conversion-gate01
Securitynewsbytes april2015-150418153901-conversion-gate01
 
Raspberry pi 2
Raspberry pi 2Raspberry pi 2
Raspberry pi 2
 
Analysis of malicious pdf
Analysis of malicious pdfAnalysis of malicious pdf
Analysis of malicious pdf
 
Mobile application security 101
Mobile application security 101Mobile application security 101
Mobile application security 101
 
Security News Bytes
Security News BytesSecurity News Bytes
Security News Bytes
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to security
 
Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan null
 
Null HYD VRTDOS
Null HYD VRTDOSNull HYD VRTDOS
Null HYD VRTDOS
 
Metasploit
MetasploitMetasploit
Metasploit
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_Dec
 
Null dec 2014
Null dec 2014Null dec 2014
Null dec 2014
 
Null July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj MachirajuNull July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj Machiraju
 
Security News Bytes
Security News BytesSecurity News Bytes
Security News Bytes
 
Decoy documents
Decoy documentsDecoy documents
Decoy documents
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beema
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthan
 
The art of_firewalking-by-sujay
The art of_firewalking-by-sujayThe art of_firewalking-by-sujay
The art of_firewalking-by-sujay
 

Recently uploaded

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Spear phishing attacks-by-hari_krishna

  • 1. May 17, 2014 Spear Phishing Attack -Hari V
  • 2. Phishing is a social engineering tactic where the attacker attempts to get a user to divulge sensitive information (like username/password, bank account number, personal information, etc.) or go to a malicious website where such information can be harvested. It uses "bait" such as telling the user that they are their bank asking for the information or posing as some other authority like the system administrator. Usually it is delivered by email or Instant Messenger. Spear phishing is a subset of phishing. Whereas general phishing targets a wide range of people trying to get some of them to divulge general information, spear phishing targets key individuals who are expected to have very special access or information that the attacker wants. It could be a company executive or a military officer. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Topics Covered 5/13/2014
  • 3.  Spear Phishing is easiest and direct method to breach highly secured networks.  Phishing attacks are very common in nature and many of systems and networks has enabled defense mechanism.  Success rate is very high as user knows about the phishing attacks and unaware of spear phishing attacks.  Spear Phishing is part of social engineering.  No Cost at all, No tracking back. Increased usage of social networking made it very easy and reliable to hackers - Personal data, co- employees, locations, phone numbers , email ids. 5/13/2014
  • 4.  Performing Reconnaissance  Scanning and enumeration  Gaining access  Escalation of privilege  Maintaining access  Covering tracks and placing backdoors 5/13/2014
  • 5.  It by passes all the traditional attack methodology .  Gets direct front door entrance access. = There is no patch for human Mistakes. 5/17/2014
  • 6. It just by Email /link/attachment same as Phishing, the only difference is , this attack is specific to targeted domains and targets victims. Targeted Email From some you trust (Patient attacker) About something your interest, like, trust. 5/13/2014
  • 7. Attacker gains all the knowledge about victim (user/company) , this knowledge includes his/her likes, dislikes, Interests, Favorites, Hobbies ,Personal information, Address etc. Where does attacker gets all this info from ? Well, every one knows this answer. 1) Social networking sites 2) Blog 3) Job Portals 4) Matrimonial sites 5) Social engineering 5/13/2014
  • 8. Now attacker creates email similar to victims team mate/supervisor/MD of company etc. email in different domains. Below are few examples. 1) victimfullname@email.com 2) Victimname.dob@email.com 3) Victimpetname.city@email.com 4) Vicitmname.company@email.com Real time example :- 5/13/2014
  • 9. Attackers send the email to which phishing link using all the social engineering knowledge gained. Most of the common scenarios, victim thinks that email is from his friends/teammates/boss. This is how attacker gains the trust of victim. 5/13/2014
  • 10.  Never use your personal email for work purpose.  Add Spear Phishing as part of your regular VAPT activity.  Establish Policy and best practices for email usage.  Block all the emails other than self domains ?? 5/13/2014
  • 12. Thank you Impossible is later called as miracle, its all about how you look at it. – Hari