A very common crime in cyber world - Phishing. Its necessary to make people aware of the possible scam/cyber crime. Awareness regarding the same and educating people in times of digitization is a must nowadays.... Its also important too take proper steps regarding the same.
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
It is contain knowledge about Phishing and how it happen. It also contain knowledge about how we can prevent that. So this slide contain all the basic knowledge about phishing and anti-phishing.
A very common crime in cyber world - Phishing. Its necessary to make people aware of the possible scam/cyber crime. Awareness regarding the same and educating people in times of digitization is a must nowadays.... Its also important too take proper steps regarding the same.
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
It is contain knowledge about Phishing and how it happen. It also contain knowledge about how we can prevent that. So this slide contain all the basic knowledge about phishing and anti-phishing.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
Phishing--The Entire Story of a Dark WorldAvishek Datta
Phishing is a common problem in today's world. I have summarized some of the essential points needed for anyone to safeguard against all known Phishing attacks.
Content:
What is phishing, history, how it works, statistics, types of phishing, how to identify it, how to take countermeasures, phishing kit, example of phishing attack.
Phishing basics: include its history
Introduction: phishing in detail
Techniques: Techniques used like link manipulation,web forgery
New phish: spear phishing
reason behind phishing
latest case study
survey: on top hosting and victim countries
Examples: popular website and email examples
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
Phishing--The Entire Story of a Dark WorldAvishek Datta
Phishing is a common problem in today's world. I have summarized some of the essential points needed for anyone to safeguard against all known Phishing attacks.
Content:
What is phishing, history, how it works, statistics, types of phishing, how to identify it, how to take countermeasures, phishing kit, example of phishing attack.
Phishing basics: include its history
Introduction: phishing in detail
Techniques: Techniques used like link manipulation,web forgery
New phish: spear phishing
reason behind phishing
latest case study
survey: on top hosting and victim countries
Examples: popular website and email examples
Modern techniques and toolsets in spear-phishing by Emin Huseynov Research Analyst (PhD candidate) of Faculté des Sciences de la Société University of Geneva
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
Phishing is the process to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity by the use of an electronic communication. Phishing attack continues to pose a solemn risk for web users and annoying threat within the field of electronic commerce. The Phishing detection using fuzzy and binary matrix construction method focuses on discerning the significant features that discriminate between legitimate and phishing URLs. The significant features are extracting the number of dots, length of the host etc., from each URL. These features are then subjected to associative rule mining-apriori and predictive apriori. The rules obtained are interpreted to emphasize the features that are more prevalent in phishing URLs. The key factors for the phished URLs are number of slashes in the URL, dot in the host portion of the URL and length of the URL. The pitfall of binary matrix method is the time complexity. So it impacts the overall speed of the system. The fuzzy based logic association rule mining algorithm was proposed to classify the legitimate and phishing URLs based on the features. The extracted features are converted to fuzzy membership values as “Low”,’ Medium’ and “High”. By applying association rule mining algorithm the rules are generated to detect the phishing URLs. The fuzzy based methodology provides efficient and high rate of phishing detection of URLs
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
Phishing is an attack that deals with social engineering system to illegally get and utilize another person's information for the benefit of authentic site for possess advantage (e.g. Take of client's secret word and Visa precise elements during online correspondence). It is influencing all the significant areas of industry step by step with a considerable measure of abuse of client qualifications. To secure clients against phishing, different hostile to phishing procedures have been suggested that takes after various methodologies like customer side and server side insurance. In this paper we have considered phishing in detail (counting assault process and grouping of phishing assault) and investigated a portion of the current sites to phishing strategies alongside their points of interest and disadvantages.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
2. [- AGENDA -]
[x] Overview of Phishing.
[x] Types of Phishing.
[x] What Phishing is not?
[x] Techniques of Phishing.
[x] Phishing information flow.
[x] Phishing attack life cycle and taxonomy.
[x] Anti-phishing efforts (Community & Commercial).
[x] Detection, Prevention and Incident response.
[x] Educational videos.
[x] Bibliography.
3. [^] Phishing is an attempt to obtain sensitive information such as usernames, passwords,
and credit card details (and, indirectly, money), often for malicious reasons, by
disguising as a trustworthy entity in an electronic communication.
[- Overview of Phishing -]
[^] Phishing is typically carried out by email spoofing or instant messaging.
[^] It presents a fake website that has almost the same look-and-feel of the original. It directs the
user to enter sensitive information.
[^] Communications purporting to be from social web sites, auction sites, banks, online payment
processors or IT administrators are often used to lure victims.
[^] Phishing can also be achieved by tricking a victim into installing a malware with the intention of
gaining sensitive information. However one or more malware may also corrupt data.
[^] According to the 3rd Microsoft Computing Safer Index Report released in February 2014, the
annual worldwide impact of phishing could be as high as $5 billion.
4. [^] Spear phishing:-
Phishing attempts directed at specific individuals or companies have been
termed spear phishing. Attackers may gather personal information about their
target to increase their probability of success. This technique is, by far,
the most successful on the internet today, accounting for 91% of attacks.
[^] Clone phishing:-
Clone phishing is a type of phishing attack whereby a legitimate, and
previously delivered,email containing an attachment or link has had
its content and recipient address(es) taken and used to create an almost identical or cloned
email. The attachment or link within the email is
replaced with a malicious version and then sent from an email address
spoofed to appear to come from the original sender. It may claim to be a
re-send of the original or an updated version to the original. This technique
could be used to pivot (indirectly) from a previously infected machine and gain
foothold on another machine, by exploiting the social trust associated with
the inferred connection due to both parties receiving the original email.
Types of phishing
5. 5
[^] Whaling :-
- Several phishing attacks have been directed specifically at senior
executives and other high-profile targets within businesses,
and the term whaling has been coined for these kinds of attacks.
- In the case of whaling, the masquerading web page/email will take a more
serious executive-level form. The content will be crafted to target
an upper manager and the person's role in the company.
- The content of a whaling attack email is often written as a legal
subpoena,customer complaint, or executive issue. Whaling scam
emails are designed to masquerade as a critical business email,
sent from a legitimate business authority. The content is meant to be
tailored for upper management,and usually involves some kind of falsified
company-wide concern. Whaling “phishermen” have also forged
official-looking FBI subpoena emails, and claimed that the
manager needs to click a link and install special software to view the subpoena.
Types of phishing
6. Click What Phishing is not? add title
[^] Firstly Phishing is different from “Fraud” because it combines:
- Social Engineering - Phishing exploits individuals’ vulnerabilities to dupe victims into
acting against their own interests.
- Automation - Computers are used to carry out phishing attacks on a massive scale.
- Electronic Communication - Phishers use electronic communications networks (primarily
the Internet).
- Impersonation - A phishing attack requires perpetrators to impersonate a legitimate firm
or government agency.
[^] Non-Phishing examples:-
- Internet-based worms (attacks)
- Virus-email (attacks)
- Relatives stealing your wallet (identity theft)
- Spam
7. Techniques of Phishing
[^] Link manipulation:-
Link manipulation is done by at least four methods as understood currently
- Misspelled URLs – The hacker takes a domain that has a name quite similar to some
legitimate domain name. Example:- www.citihank.com
- Sub-domains – Many links on a portal/website redirect traffic to sub-domains Example:(legit)
support.microsoft.com. It is easy for the hacker to craft a URL to confuse the user Example:-
(Illicit) microsoft.secuvity.com. While it looks like “secuvity” is some sub-domain of Microsoft, it
is actually a trickery. The “Microsoft” word is resolved in the “secuvity” domain (not the other
way) which might be the hacker-owned domain.
- HTML anchor tag manipulation – The <A> is a tag that belongs to HTML. It is what helps us
to put links on web pages. However a hacker can show some legitimate text to the user as a
destination URL while internally it takes a malefic route.
Example: <a href=”www.badhacker.com”>www.indiatimes.com</a>
- IDN spoofing/Homograph attack – Since the internet (software) has to support different
languages even domain names and URLs can have characters of different languages. A
hacker can replace a similar-looking alphabet (Homoglyph but sometimes called Homograph)
belonging to a different language in the domain name and acquire a separate domain name
that looks similar to something existing. For example the Cyrillic “Ё” can be used in place of an
English “E”.
8. Techniques of Phishing
[^] Filter evasion:-
Since phishing filters rely mostly on characters in phishing emails, hackers have started
using images, clicking which the user is directed to the malefic site. Anti-phishing filters
are emerging that can now counter-attack these cases.
[^] Website forgery:-
- After a user enters a phishing site, the hacker, further, uses JavaScript commands to
fake the web address by super-imposing images.
- Hackers have used Cross-site scripting (XSS) attacks against well known payment sites
to force the user to enter his/her login credentials. XSS exploits the existing source script
and injects malefic code which the user's browser (script engine) executes unknowingly.
- Prevalence of “kits” like the notorious MITM phishing kit (2007) helps design fake
websites, that can capture login details, easily.
- PHLASHING - To counter-attack anti-phishing technology, hackers have started using
“FLASH” based objects in their website. This way all graphics including text and graphics
are “sand-boxed”.
9. Techniques of Phishing
[^] Open & Covert redirect :-
URL redirection is a productive functionality that helps a webpage to redirect a page request to
another page. However the same can be exploited if appropriate validation is not being done
by the webpage (code) when it redirects the user to a page as per user input. Such an option
is termed as open-redirect and the attack itself is called open-redirect attack.
Example:- http://example.com/example.php?url=http://malicious.example.com
A covert-redirect happens because of the overconfidence one party has on its partner when it
redirects to the partner. But this also exploits the fact that the partner website is vulnerable to
the open-redirect attack.
Example:-
Facebook logins are allowed in few “partner” websites. A hacker can misuse this and provide
partner's domain in the request which Facebook will respond with an “login and authorize”
fashion. Once this login is successful the hacker will use a open redirect attack vulnerability to
transfer the user to the malicious site. In the interim the attacker would probably even get full
control on the user account. Several well-known websites are prone to this attack.
[^] VISHINGVISHING or phone-phishing is where fake message claim to dial back onto specific
numbers. These callback-numbers have automated-request for account number and PIN.
Thereby the hacker gets the user credentials.
10. Phishing information flow
Three componentsThree components
Mail senderMail sender: sends large: sends large
volume of fraudulent emails.volume of fraudulent emails.
CollectorCollector: collect sensitive: collect sensitive
information from users.information from users.
CasherCasher: use the collected: use the collected
sensitive information to en-sensitive information to en-
cash.cash.
11. Phishing attack life-cycle
[^] Planning:-
Whom to attack, what/how to steal, what ruse to use.
[^] Setup:-
Creates attack materials and “machinery” .
[^] Attack:-
[^] Collection:- Harvest credentials.
[^] Fraud and abuse:- Trade, use or store credentials.
[^] Post-attack:-
a) Attacker clean-up and lessons learned.
b) Victim clean-up.
12.
13. Anti-Phishing communities
Among the various Anti-Phishing communities, below are two well known ones.
The Anti-Phishing Working Group (APWG) is an international consortium that brings
together businesses affected by phishing attacks, security products and services
companies, law enforcement agencies, government agencies, trade association,
regional international treaty organizations and communications companies. Founded in
2003 by David Jevans, the APWG has more than 3200+ members from more than
1700 companies and agencies worldwide. Member companies include leading security
companies such as BitDefender, Symantec, McAfee, VeriSign, IronKey and Internet
Identity. Financial Industry members include the ING Group, VISA, MasterCard and
the American Bankers Association.
PhishTank is an anti-phishing site.PhishTank was launched in October 2006
by entrepreneur David Ulevitch as an offshoot of OpenDNS. The company offers a
community-based phish verification system where users submit suspected phishes and
other users "vote" if it is a phish or not.PhishTank is used by Opera,
WOT, Yahoo! Mail, McAfee, APWG, CMU, ST Benard, Mozilla, Kaspersky, Firetrust,
Officer Blue, FINRA, Message Level, SURBL, Sanesecurity for ClamAV,Career Builder,
Site Truth, Avira, C-SIRT, and by PhishTank SiteChecker.
PhishTank data is provided gratis for download or for access via an API call, including
for commercial use, under a restrictive license.
17. Server-based solutions
(Used by service providers – ISP, financial institutions)
Brand monitoring - Crawling on-line to identify “clones” which are nothing but
the phishing pages. Suspected websites are added to a centralized “Black-list”.
Behavior detection - Study user behavior with some algorithms. Continue the
study for a certain epoch. Subsequent transnational-behavior is validated
against the recorded behavior.
Security event monitoring - Security event analyses by way of correlation of
security events generated as part of OS,network and device logging.
Strong authentication - More than one factor authentication. This ensure loss of
one factor doesn't completely result in an identify theft.
18. Client-based solutions
(Browser plugins and email clients)
E-mail analysis – Bayes spam filtering with Hidden-Markov model based
algorithms can be leveraged to detect even phishing.
Black-list – Collection of URLs that are identified as malicious.
Information flow – While a user could be tricked with obfuscated URLs the
code flow itself cannot be cheated easily. The code path (and data being
processed) can be analyzed to identify phishing.
Similarity of layouts – Advanced techniques that analyze visual similarity
between two web pages.
19. Client-based anti-phishing programs
Avast!
Avira Premium Security Suite
CryptoPhoto mutual authentication
Cyscon Security Shield - browser extension for Firefox
Earthlink ScamBlocker (discontinued)
eBay Toolbar
ESET Smart Security
GeoTrust TrustWatch
Google Safe Browsing (used in Mozilla Firefox, Google Chrome,
Opera, Safari, and Vivaldi)
SmartScreen Filter (used in Microsoft Edge and Internet
Explorer)
20. Client-based anti-phishing programs
Kaspersky Internet Security
McAfee SiteAdvisor
Mozilla Thunderbird
Netcraft Toolbar
NetProtector-web security
Netscape
Norton 360/ Internet Security
PhishDetector an extension for Google Chrome
PhishTank SiteChecker
PineApp Mail-SeCure
Quick Heal
Windows Mail, [with WOT extensions]
21. Service-based anti-phishing programs
Area 1 Security
Google Safe Browsing API
Mimecast Targeted Threat Protection
OpenDNS
PhishTank
Votiro
Webroot Real-time Anti-Phishing API
Anti-Phishing Working Group
22. Incident response (IR) for Individuals
(Local law of the nation/region applies- below information is applicable for India)
Each sort of loss has its own strategy to be worked-out for solution. Below discussion applies to “card/credentials/monetary loss” although some of it
can be applicable to other sort of “loss” too.
• Banking: It's banks' discretion to report. While one bank may provide data for all such cases, another might only report those that are only proven.
If a customer falls prey to a “fraud”, the onus is on him to prove it wasn't his mistake. Banks do not take responsibility.
Though RBI believes the primary responsibility of preventing fraud lies with banks; it has done little to shift the onus of investigation from customers to
banks.
• Immediately block the card and/or temporarily freeze the account if needed. Give details of amount debited. Get a reference number.
• For online fraud, approach cyber cell and file a complaint.
Ref: http://cybercrimecomplaints.com/
23. Incident response (IR) for Individuals
(Local law of the nation/region applies- below information is applicable for India)
• For other fraud, lodge a complaint with nearest police station.
• Send a legal notice to the bank, asking to preserve original records and camera
footages.
• It is currently an unfortunate situation that the customer has to preserve all
evidence of the phishing. This includes proof of the fabricated email/website etc.
Basic forensic evidence collected from disk like cookies and logs etc will help. Look
up to an expert for the same. Also refer next topic “IR for IT” on some techniques
that individuals too can follow.
• Maintain written communication with bank’s nodal officer.
• If bank dismisses your case, approach ombudsman in 30 days.
• If aggrieved by ombudsman’s decision, approach the appellate authority, an RBI
deputy governor.
In India, the Ombudsman is known as the Lokpal or Lokayukta. These are
functionally, state-wise setups.
• Follow up with police. Take the case to court if no progress for a month.
24. Incident response (IR) for IT professionals
(adopted from Wombat Security blog & Paladion networks)
[^] Activate IR procedures:- Fail-over/Back-up protocol, Identify origin of attack,
magnitude of impact – damage and costs, recovery of systems etc.
[^] Obtain full email headers to backtrack the path of attack.
[^] Mine the web for threat intelligence – Run the suspicious URLs in a sandbox
(Virustotal.com/IPVoid.com etc.).
[^] Talk to the victim(s).
[^] Set security perimeter's filters.
[^] Search system-internal logs – Firewall,DNS, DHCP logs etc., Use Splunk or
Elasticsearch/Logstash/Kibana(ELK).
[^] Review proxy or outbound logs – Proxies like BlueCoat, Websense etc to
mine IP addresses
25. Incident response (IR) for IT professionals
(adopted from Wombat Security blog & Paladion networks)
[^] Review mail server logs.
[^] Plan for log retaining.
[^] Reset account credentials and other settings.
[^] Review the systems for any persistent threats
[^] Train the users and set plan for awareness.
[^] Actively feed wrong data to phishing site for temporary obfuscation of critical
data acquired through phishing.
[^] Bring down the phishing site.
[^] Review authentication mechanism introduce multi-factor authentication
scheme (MFA)