SlideShare a Scribd company logo

Why our mail system is exposed to spoof and phishing mail attacks part 5#9 | Eyal Doron | o365info.com

‱
‱
Eyal Doron
Eyal Doron

The document discusses why organizations are vulnerable to spoof and phishing email attacks. It notes that most organizations do not have effective defenses against these attacks and will likely experience them at some point. It also examines common misconceptions that cause the threats to be ignored, such as thinking an attack won't happen, being too busy with other issues, and believing defenses are already adequate. The document explores weaknesses that attackers exploit, such as flaws in the SMTP protocol and human factors. It outlines additional obstacles to addressing these threats, such as fears of impacting email flow or business activities. The document concludes there are no simple solutions due to the sophistication of phishing attacks and complexity of email infrastructure defenses.

Internet
1 of 23
Download to read offline
Page 1 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Let’s start with a declaration about a strange phenomenon: Spoof mail attacks and Phishing mail attacks, are well-known attacks, and consider as a popular attack among the “hostile elements.” Most of the existing organizations, do not have effective defense mechanisms against the above attacks, and there is a high chance, at some point, that your organization will experience the bitter taste of Spoofing or Phishing attacks! In other words – most of the organizations are exposed to Spoof and Phishing mail attacks, and it’s only a matter of “when”. Dealing with Spoof and Phishing mail attacks | Article Series -Table of content So the most obvious questions could be:
Page 2 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 1. Is this statement correct? 2. And if this Is this statement is correct is correct, how could it be that no one pays attention to this problem, and doing something accordance? In the current article, I would like to give you some “food for thought” regarding this strange phenomenon, which we prefer to ignore the danger of Spoof mail attack and Phishing mail attacks, close our eyes, and continue to declare that “we are doing our best for protecting our mail infrastructure!” The Common Misconception That Causes Us To Ignore The Threat Of Spoof Mail Attack And Phishing Mail Attacks 1. It will not happen to me. From time to time, we read some story about a company that was attacked by a Phishing mail and a sad story such as – a story about the CEO who was lured to transfer a large amount of money to the attacker’s bank account, but we don’t really believe that it will happen to us. My answer is that it’s not a matter of “if” but only a matter of “when.” Most of the chances are that your organization will experience Spoof E-mail attacks and Phishing mail attacks at some point.
Page 3 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 2. Too much on my mind Every average IT member or IT manager is experiencing the feeling of – “too much on my mind.” Every day “invites” new challenges and new crises. “I know that the subject of Spoof mail attack and Phishing mail attacks is important, but I have more critical issues that I need to take care of them at the moment” The little secret is that probably; you will never have the required time! If you do not find the required time, the next Spoof mail attacks and Phishing mail attacks will find you unprepared, and the result can become very critical! Only when you are able to acknowledge the importance of this risk, you will “make the time.” 3. My organization is well protected from Spoof mail and Phishing mail attacks. All of us, have the strong need to believe that someone watches us and will protect us when it’s needed.
Page 4 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 This is a very basic human need. When relating to the risk of – Spoof E-mail attacks and Phishing mail attacks, most of the time, we prefer not to be realistic. Instead, we prefer to cling to the general thought that “they” (my IT, my mail provider and so on), are doing what they know to do, and that “they,” are doing whatever it takes for protecting our organization from Spoof E-mail attacks and Phishing mail attacks. The reality is much more complicated! Most of the time, the “IT” doesn’t include a professional authority who is specialized in the subject of “mail security” or doesn’t know what are the unique threats that relate to a modern mail infrastructure, what are the specific characters of Spoof mail attack and Phishing mail attacks, what is the available solution? and so on. Hosted mail infrastructure such as Office 365 (Exchange Online) | My mail infrastructure is automatically protected! In a scenario in which your mail infrastructure is hosted at “external mail provider” such as Office 365 and Exchange Online, this Incorrect assumption is manifested most strongly. Most of the mail provider such as Office 365, have all the required tools and infrastructures for dealing and preventing Spoof E-mail attacks and Phishing mail attacks. The “little thing” that we are not aware of the simple fact that these “defense mechanisms,” are not activated by default. Instead, they are just sitting there waiting for us to use them!
Page 5 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The main reason that this defense mechanism is not activated automatically is – because this defense mechanism can intercept accidentally legitimate E-mail. The important thing that most of us are not aware of being – that the responsibility to use the existing defense mechanism is our responsibility! For example, when relating to the subject of Spoof mail attack, Exchange Online support three mail standards, that implements sender verification + support the option of creating an Exchange rule that will identify events of the Spoof mail attack. The responsibility of knowing the specific characters of each of the sender verification mail standards, the required configuration settings for each of this standard, how to configure the required adjustment that will suit our specific organization needs is our responsibility! What Is The Weakness That The Hostile Element Exploits When Using Spoof Mail Attack And Phishing Mail Attacks? The base for Spoof mail attack and Phishing mail attacks, relies on two major weaknesses: 1. The SMTP protocol weakness 2. The Human factor weakness
Page 6 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Spoof E-mail attack and SMTP as Innocent protocol When we hear or experience a Spoof E-mail attack, the first question that can appear in our mind could be: Q1: Why mail servers don’t know how to protect themselves from Spoof E-mail attacks and Phishing mail attacks? A1: The simple answer is that the “creator” of the SMTP protocol, didn’t relate to the issue of “mail security” and instead, concentrated on creating mail protocol, that will deliver an email message from point A to point B effectively and reliably. The issue of “mail security” was neglected because at that time, the popularity of the SMTP protocol was not so great, and the use of the SMTP protocol was not so common. In a standard mail communication that involves two parties, the SMTP protocol is based on the concept in which the destination mail servers (side B) “believe” in the identity (E-mail address) that the sender (side A) provides. The sender (side A), doesn’t need to prove his identity! Phishing mail attack and we as a human being
Page 7 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Regarding Phishing mail attack, the base for this attack is – the ability to exploit the “thing” that makes us “human”. Q1: Why is it so hard to deal with Phishing mail attacks? Or, why there are so many people that fall prey to Phishing mail attack? A1: The standard Phishing mail attack is based on two “parts” that exploit the human character: The Phishing mail attack starts with the “trust part”, in which the hostile element uses an E-mail address of someone we trust or E-mail address that looks like an E-mail message that was sent from respectable and trusted source. The “sender trusts part,” relies on the “innocence” of the SMTP protocol, that doesn’t include a built-in mechanism for verifying the identity of the “other side.” The second part of the Phishing mail attack is based on the “content” that appears in the E-mail message. As the famous song of Michael Jackson – the “human nature” – the hostile element that executes the Phishing mail attack, is aware of different “human button” that can be pushed and manipulated. The Phishing mail content is designed to address a common human character such as pity, fear, greed, curiosity and so on. The attacker address one of this “human failing” for manipulating the victim to “do something” such as – open a specific file (malware) or click on a specific link in the Phishing mail that will lead the victim to a Phishing website.
Page 8 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The Awakening Of Our Awareness Of The Problem Of Spoof Mail Attack And Phishing Mail Attacks | Additional Obstacles Let’s assume that you decide that you agree that Spoof mail attack and Phishing mail attacks constitute a great risk to your organization and that you are willing to make the effort and take this threat seriously. In this section, I would like to review additional obstacles that may appear on the way. To be able to start handling the Spoof mail attack and Phishing mail attack threat, you will need to overcome these obstacles.
Page 9 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 1. The fair from doing something that will harm the organization mail flow. Let’s talk about the most prominent obstacle: the fear of a scenario, in which the solution that will be implemented will damage the normal mail flow. A scenario of false positive, in which a legitimate E-mail that sent to our users will be mistakenly identified as Spoof E-mail or Phishing mail and for this reason, will be “blocked” or deleted by the specific Spoof E-mail protection mechanism that we use.
Page 10 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 When implementing a security mechanism that deals with Spoof E-mail, we are facing two problematic scenarios: Incoming mail In a standard mail flow, we welcome every E-mail message that sent to one of our users, as long as the destination recipient exists. In other words, we don’t care about the element that originates the E-mail message (the sender) but instead, the mail server that represents our organization is only responsible for verifying the information about the destination recipient (that he hosts the mailbox of the destination recipient). When we implement a defense mechanism that is should protect us from Spoof mail attack, we can compare it to a scenario in which we place a “guard” at the entrance to our base (our mail infrastructure). Versus a scenario in which every guest is welcomed to enter our perimeter when we force the use of sender verification, we implemented a process in which we try to verify the identity of each entity that wants to “enter our base.” When we use this additional layer of security, there is a reasonable chance that we will experience a scenario of false positive.
Page 11 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 In this scenario, some of our “legitimate guests,” will not be allowed to enter our base and will be rejected because they do not have the required proof of their identity or from any technical problem that relates to the proof of their identity (their E-mail message will be rejected). Outgoing mail The other aspect of implementing sender verification mechanism is the ability to “stamp” a legitimate E-mail message that sent by our legitimate users, so, the “other side” will be able to verify our identity, and will be able to differentiate our legitimate sender from E-mail messages that send by hostile elements that spoof our organizational identity. The problem of “false positive” can be realized also when relating to the scenario of outgoing mail flow, meaning, an E-mail message that is sent by our user to external destination recipients. In a complex mail infrastructure, the ability to “stamp” all of the E-mail messages that is sent from our mail infrastructure fully and in a “proper,” way is a quite a challenging task!
Page 12 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 In case that we didn’t manage to correctly “stamp” each E-mail message that uses our organizational identity (E-mail message in which the sender uses our domain name), this could lead to a scenario, and which a legitimate E-mail message that is sent from our users, will be rejected by the “other” mail infrastructure. 2. Fear of hurting business activity Every implementation of any security solution mechanism will probably cause some disruption to the business activity, at least in the first phase of the adoption and assimilation. The fear of this anticipated disruption leads us to the attitude of – don’t rock the boat! Alternatively, if no one complained, until now, I guess everything is OK! The false sense that if, until now, everything was fine, in the future everything will be fine will eventually explode in our face. In other words – If you can’t stand the heat, get out of the kitchen. 3. The resources issue To be able to clearly understand the “enemy” we will need to ask (and answer) many questions such as:  How the enemy thinks and functions?  What is the vulnerability of your mail infrastructure?  What are the possible solutions for the existing mail infrastructure vulnerability?  What is the difference between the different solution such as SPF, DKIM, DMARC?
Page 13 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 You will need to have a patience and the willingness to devote the time required to read and internalize information. 4. The vanity syndrome The fact that you are veteran IT professional doesn’t mean that you are a security professional and doesn’t mean that you are familiar with the existing risk that threatens your mail environment, and the possible solution to this risk. 5. The fear of the unknown syndrome Like any “un-know territory”, the mail security standard territory, is an un-know territory” for most of us. In the process of implementing a specific solution to the problem of Spoof E-mail attacks and Phishing mail attacks, you will certainly encounter many questions and problems. It’s OK; this is expected as part of the process. 6. The need for simplicity syndrome Most of the time, we are looking for a simple solution and try to avoid the need to understand and implement complex solutions. The simple answer is – there is no simple solution for the task of dealing with Spoof E-mail attacks and Phishing mail attacks.
Page 14 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 7. The military approach syndrome This is one of the noticeable features of many managers. The subtext of this approach is – I don’t care how, just make it work! Well, we can make it work but, only of the “management” is obligated to the process, and is willing to allocate the require resource for the implementation of the possible solutions. Why Is There No Simple Solution For The Problem Of Spoof E-Mail Attacks And Phishing Mail Attacks? The simple answer is that Phishing mail attack is not simple! The phishing mail attack is a sophisticated attack that combines a couple of attacks, which we will have to deal with each of them separately. In addition, the ability to deal with the infrastructure for the Phishing mail attack – spoof mail attack is not so simple!
Page 15 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The common confusion between Spoof mail attack versus Phishing mail attacks A very important observation that I like to mention regarding the task of – “dealing with a scenario of Spoof E-mail attacks and Phishing mail attacks” is – that we should distinguish Spoof mail attack from Phishing mail attacks. Each type of attack has different characters, and for this reason, need a different type of solutions. Most of the Phishing mail attacks, use the Spoof mail attack in the initial phase of the attack. For this reason, it’s reasonable to assume that in case that we identify and block Spoof E-mail; the derivative will be blocking the Phishing mail attack.
Page 16 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 However, the important thing is, that we cannot build our defense infrastructure based on this assumption for a couple of reasons:  Not all the Phishing mail attack uses the option of spoofing the sender identity. There is a reasonable option, in which the Phishing mail attacks will use just a standard E-mail address from well-known mail providers such as Gmail, Hotmail or Yahoo.  It’s very reasonable to assume that even when we use some protection mechanism that will use to identify Spoof mail attack, we will not be able to identify and block 100% of the Spoof mail attacks. Note – another aspect of Phishing attacks is that not all the Phishing attacks are “Phishing mail attacks”. It’s true that most of the Phishing attacks are executed via the “mail channel” but some of the Phishing attacks can be executed by using a phone call or a phone SMS, via a message that sent to instant messaging users, via a message that sent to social-network users and so on. What are the challenges that we need to face when we want to fight Spoof E -mail attacks? Regarding our ability to protect our mail infrastructure from Spoof mail attack, there are a couple of well-known mail standards, that was created by completing the SMTP protocol “missing part” meaning, the ability to verify sender identity. Along the current article series, we will review in details the different sender verification mail standard such as – SPF, DKIM and DMARC, and other optional solutions such as – solutions that we can implement in Exchange based environment.
Page 17 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 If you think, you can sit back, relax and drink a refreshing cocktail because you found the perfect solution to all the Spoof E-mail problems, you are wrong! It’s true that there are standards and solutions that were created for dealing with the phenomena of Spoof E-mail but this solution is very far from providing a perfect solution. 1. The implementation of the sender identification mechanism is not so simple. Each of the different standards has advantages, disadvantages and “blind spots.” spots”. The implementation of this standard is not so simple and required preliminary assessment, planning and constant accompaniment. For example – at the current time, we can mention three mail standard that was created for dealing with the need to verify the sender identity. Each one of this standard uses a different method for verifying the sender identity and each one of this standard, required to implement different preparations and configuration settings. The implementation of this standard (sender verification standard) becomes quite complicated and challenging, in a complex mail environment that includes many mail servers many sites, etc.
Page 18 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 A standard such as SPF, considered as an easy to adapt standard, but have built-in “blind spot,” spot”, that can be exploited by a hostile element that will bypass the existing “SPF wall.” The DKIM standard can provide a good protection, but because the solution is based on Public- Key infrastructure (certificate, digital signature and so on), it’s not so easy to implement this standard in a compound mail environment that includes many different entities that send mail on behalf of the organization. 2. Not all the organizations use sender identification mechanism. Another major issue is that we should not forget is – that the implementation of a complete solution for the problem of “Spoof E-mail,” is depended on a “logical circuit” that will include two sides: the sending mail infrastructure and the receiving (the destination) mail infrastructure.
Page 19 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 In case that “our side” is implementing all the required solutions for dealing with Spoof E-mail phenomenon, but the “other side” doesn’t implement any Spoof E-mail protection solution, the outcome is that every hostile element can use our identity and attack the “other side” using our organizational identity.
Page 20 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 What Are The Challenges That We Need To Face When We Want To Fight Phishing E-Mail Attacks? Regarding the subject of existing solutions for the problem of Phishing mail attacks, the situation is much poorer compared to the status of Spoof E-mail solutions. The Phishing mail attack considers as sophisticated attacks. The ability to identify and block Phishing mail attacks is much more complicated than dealing with the Spoof mail attack.
Page 21 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The “interesting news” is that at the current time, there is no formal standard or a well know protection mechanism, that can directly deal and prevent all the types of Phishing mail attacks. If you perform a simple search using a question such as – “solution for Phishing email attacks,” most of the results that appear are dealing with tips and tricks, guideline and best practices that instruct users how to avoid or to recognize a scenario of Phishing mail. The “missing part” is that the answers and the solution are related to the “end point” meaning, the users and not to the “server side” meaning our mail infrastructure. The information is not related to a specific technology or a standard, that can be implemented on the “server side”. Some links, will lead you to a company that provides services for testing your mail infrastructure (by simulating a Phishing mail attack), and the reaction of your users to Phishing mail attack, but
Page 22 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 the painful truth is – that there is no “tangible” standard, that promises to protect your mail infrastructure from all the Phishing mail attacks. My answer to the question of – “Why is there no formal solution to the threat of Phishing mail attack?” is, that the Phishing mail attack made of “different parts.” We cannot relate to Phishing mail attack as “one problem” but instead, as a “collection of problems.” For example-  One of the building blocks of Phishing mail attack is a Spoof mail attack. To be able to successfully deal with a Phishing mail attack, we will need to find a good solution for the problem of Spoof mail attack such as – implementation of sender verification standard – SPF, DKIM, DMARC and so on.  One of the building blocks of Phishing mail attack is infecting the user desktop with a malware (most of the time, “smart malware” that are injected into legitimate files). To be able to successfully deal with a Phishing mail attack, we will need to find a good solution for the problem of malware such as – “send box” solutions.  One of the building blocks of Phishing mail attack is social engineering. To be able to successfully deal with a Phishing mail attack, we will need to find a good solution for the problem of social engineering such as – guide and instruct our users about the characters of Phishing mail attack. Q1: Should I feel despaired from the fact that there is no formal solution to the threat of Phishing mail attack? A1: No! although there is no “magic button”, that we can use for dealing with a Phishing mail attack, there are a couple of solutions that we can use, and the combination of these “solutions” can provide good and effective protection for most of the Phishing mail attack scenarios. In the article – Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 , we will review the list of the solutions that we can use.
Page 23 of 23 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The next article in the current article series is Dealing with the threat of Spoof and Phishing mail attacks |Part 6#9

Recommended

What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comEyal Doron
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Eyal Doron
 
Understanding SaaS Concepts
Understanding SaaS ConceptsUnderstanding SaaS Concepts
Understanding SaaS Conceptsguest0e7119
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself OnlineGary Wagnon
 
[Albanyinfragard] infra gard albany members alliance april security tips news...
[Albanyinfragard] infra gard albany members alliance april security tips news...[Albanyinfragard] infra gard albany members alliance april security tips news...
[Albanyinfragard] infra gard albany members alliance april security tips news...Liberteks
 
Guide to pc_security
Guide to pc_securityGuide to pc_security
Guide to pc_securityFlora Runyenje
 
How to Protect Your PC from Malware, Ransomware, Virus
How to Protect Your PC from Malware, Ransomware, VirusHow to Protect Your PC from Malware, Ransomware, Virus
How to Protect Your PC from Malware, Ransomware, VirusHabFg
 

Recommended

What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comEyal Doron
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Eyal Doron
 
Understanding SaaS Concepts
Understanding SaaS ConceptsUnderstanding SaaS Concepts
Understanding SaaS Conceptsguest0e7119
 
Protecting Yourself Online
Protecting Yourself OnlineProtecting Yourself Online
Protecting Yourself OnlineGary Wagnon
 
[Albanyinfragard] infra gard albany members alliance april security tips news...
[Albanyinfragard] infra gard albany members alliance april security tips news...[Albanyinfragard] infra gard albany members alliance april security tips news...
[Albanyinfragard] infra gard albany members alliance april security tips news...Liberteks
 
Guide to pc_security
Guide to pc_securityGuide to pc_security
Guide to pc_securityFlora Runyenje
 
How to Protect Your PC from Malware, Ransomware, Virus
How to Protect Your PC from Malware, Ransomware, VirusHow to Protect Your PC from Malware, Ransomware, Virus
How to Protect Your PC from Malware, Ransomware, VirusHabFg
 
Computer Security Guide to Pc Security
Computer Security Guide to Pc SecurityComputer Security Guide to Pc Security
Computer Security Guide to Pc SecurityMallTake
 
Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival GuideE.S.G. JR. Consulting, Inc.
 
Tha security awareness training
Tha security awareness trainingTha security awareness training
Tha security awareness trainingRob Valdez
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? The TNS Group
 
Seminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackSeminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackrohit2495
 
Security awareness
Security awarenessSecurity awareness
Security awarenessSanoop Nair
 
Common Email Security Mistakes
Common Email Security MistakesCommon Email Security Mistakes
Common Email Security MistakesEmerge Management Training Center
 
The COVID-19 Phishing Threats to Watch Out For
The COVID-19 Phishing Threats to Watch Out ForThe COVID-19 Phishing Threats to Watch Out For
The COVID-19 Phishing Threats to Watch Out ForBeth Rigby
 
Phishing Awareness
Phishing Awareness Phishing Awareness
Phishing Awareness mphadden
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attackClaranet UK
 
Email threats
Email threatsEmail threats
Email threatsShivam Tomar
 
DoD Social Media Guide
DoD Social Media GuideDoD Social Media Guide
DoD Social Media GuideNorfolk Naval Shipyard
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
Phishing technique tanish khilani
Phishing technique tanish khilani Phishing technique tanish khilani
Phishing technique tanish khilani Tanish Khilani
 
PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017Ryan Hardesty
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkGFI Software
 
IND-2012-299 Alok Bharati Public School -Golden Hour
IND-2012-299 Alok Bharati Public School -Golden HourIND-2012-299 Alok Bharati Public School -Golden Hour
IND-2012-299 Alok Bharati Public School -Golden Hourdesignforchangechallenge
 
TAM-2012-11 PUMS Pandiapuram
TAM-2012-11 PUMS Pandiapuram TAM-2012-11 PUMS Pandiapuram
TAM-2012-11 PUMS Pandiapuram designforchangechallenge
 

More Related Content

What's hot

Computer Security Guide to Pc Security
Computer Security Guide to Pc SecurityComputer Security Guide to Pc Security
Computer Security Guide to Pc SecurityMallTake
 
Tha security awareness training
Tha security awareness trainingTha security awareness training
Tha security awareness trainingRob Valdez
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? The TNS Group
 
Seminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackSeminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackrohit2495
 
Security awareness
Security awarenessSecurity awareness
Security awarenessSanoop Nair
 
The COVID-19 Phishing Threats to Watch Out For
The COVID-19 Phishing Threats to Watch Out ForThe COVID-19 Phishing Threats to Watch Out For
The COVID-19 Phishing Threats to Watch Out ForBeth Rigby
 
Phishing Awareness
Phishing Awareness Phishing Awareness
Phishing Awareness mphadden
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attackClaranet UK
 
Email threats
Email threatsEmail threats
Email threatsShivam Tomar
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
Phishing technique tanish khilani
Phishing technique tanish khilani Phishing technique tanish khilani
Phishing technique tanish khilani Tanish Khilani
 
PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017Ryan Hardesty
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkGFI Software
 

What's hot (20)

Computer Security Guide to Pc Security
Computer Security Guide to Pc SecurityComputer Security Guide to Pc Security
Computer Security Guide to Pc Security
 
Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival Guide
 
Tha security awareness training
Tha security awareness trainingTha security awareness training
Tha security awareness training
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
 
Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You?
 
Seminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackSeminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attack
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Common Email Security Mistakes
Common Email Security MistakesCommon Email Security Mistakes
Common Email Security Mistakes
 
The COVID-19 Phishing Threats to Watch Out For
The COVID-19 Phishing Threats to Watch Out ForThe COVID-19 Phishing Threats to Watch Out For
The COVID-19 Phishing Threats to Watch Out For
 
Phishing Awareness
Phishing Awareness Phishing Awareness
Phishing Awareness
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attack
 
Email threats
Email threatsEmail threats
Email threats
 
DoD Social Media Guide
DoD Social Media GuideDoD Social Media Guide
DoD Social Media Guide
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer Jungle
 
Phishing technique tanish khilani
Phishing technique tanish khilani Phishing technique tanish khilani
Phishing technique tanish khilani
 
PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your Network
 

Viewers also liked

IND-2012-299 Alok Bharati Public School -Golden Hour
IND-2012-299 Alok Bharati Public School -Golden HourIND-2012-299 Alok Bharati Public School -Golden Hour
IND-2012-299 Alok Bharati Public School -Golden Hourdesignforchangechallenge
 
PATHS at Royal Melbourne Institute of Technology
PATHS at Royal Melbourne Institute of TechnologyPATHS at Royal Melbourne Institute of Technology
PATHS at Royal Melbourne Institute of Technologypathsproject
 
Tgs implementing tfu story of change (dfc 2012-13)
Tgs implementing tfu story of change (dfc 2012-13)Tgs implementing tfu story of change (dfc 2012-13)
Tgs implementing tfu story of change (dfc 2012-13)designforchangechallenge
 
ĐĄĐ°ĐœĐșт-ĐŸĐ”Ń‚Đ”Ń€Đ±ŃƒŃ€ĐłŃĐșĐžĐč ĐșĐŸĐœŃĐ”ĐœŃŃƒŃ. ĐĐŸĐČая эĐșĐŸĐœĐŸĐŒĐžŃ‡Đ”ŃĐșая ĐżĐŸĐ»ĐžŃ‚ĐžĐșĐ° ĐŽĐ»Ń ĐŒĐžŃ€Đ°
ĐĄĐ°ĐœĐșт-ĐŸĐ”Ń‚Đ”Ń€Đ±ŃƒŃ€ĐłŃĐșĐžĐč ĐșĐŸĐœŃĐ”ĐœŃŃƒŃ. ĐĐŸĐČая эĐșĐŸĐœĐŸĐŒĐžŃ‡Đ”ŃĐșая ĐżĐŸĐ»ĐžŃ‚ĐžĐșĐ° ĐŽĐ»Ń ĐŒĐžŃ€Đ°ĐĄĐ°ĐœĐșт-ĐŸĐ”Ń‚Đ”Ń€Đ±ŃƒŃ€ĐłŃĐșĐžĐč ĐșĐŸĐœŃĐ”ĐœŃŃƒŃ. ĐĐŸĐČая эĐșĐŸĐœĐŸĐŒĐžŃ‡Đ”ŃĐșая ĐżĐŸĐ»ĐžŃ‚ĐžĐșĐ° ĐŽĐ»Ń ĐŒĐžŃ€Đ°
ĐĄĐ°ĐœĐșт-ĐŸĐ”Ń‚Đ”Ń€Đ±ŃƒŃ€ĐłŃĐșĐžĐč ĐșĐŸĐœŃĐ”ĐœŃŃƒŃ. ĐĐŸĐČая эĐșĐŸĐœĐŸĐŒĐžŃ‡Đ”ŃĐșая ĐżĐŸĐ»ĐžŃ‚ĐžĐșĐ° ĐŽĐ»Ń ĐŒĐžŃ€Đ°mediamera
 
Arema connect partnership introduction
Arema connect partnership introductionArema connect partnership introduction
Arema connect partnership introductionArema Connect
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Eyal Doron
 
Exchange 2013 coexistence environment and the Exchange legacy infrastructure ...
Exchange 2013 coexistence environment and the Exchange legacy infrastructure ...Exchange 2013 coexistence environment and the Exchange legacy infrastructure ...
Exchange 2013 coexistence environment and the Exchange legacy infrastructure ...Eyal Doron
 
Exchange infrastructure implementing single domain namespace scheme part 2#...
Exchange infrastructure implementing single domain namespace scheme part 2#...Exchange infrastructure implementing single domain namespace scheme part 2#...
Exchange infrastructure implementing single domain namespace scheme part 2#...Eyal Doron
 
TAM-2012-08 Govt Higher sec School Mathicode
TAM-2012-08 Govt Higher sec School Mathicode TAM-2012-08 Govt Higher sec School Mathicode
TAM-2012-08 Govt Higher sec School Mathicode designforchangechallenge
 
Boletim informativo novembro/dezembro 2015
Boletim informativo novembro/dezembro 2015Boletim informativo novembro/dezembro 2015
Boletim informativo novembro/dezembro 2015bibliotecasjuliomartins
 
Past perfect tense Nurlaela 201212500067
Past perfect tense Nurlaela 201212500067Past perfect tense Nurlaela 201212500067
Past perfect tense Nurlaela 201212500067nurlaelanur
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Eyal Doron
 

Viewers also liked (15)

IND-2012-299 Alok Bharati Public School -Golden Hour
IND-2012-299 Alok Bharati Public School -Golden HourIND-2012-299 Alok Bharati Public School -Golden Hour
IND-2012-299 Alok Bharati Public School -Golden Hour
 
TAM-2012-11 PUMS Pandiapuram
TAM-2012-11 PUMS Pandiapuram TAM-2012-11 PUMS Pandiapuram
TAM-2012-11 PUMS Pandiapuram
 
PATHS at Royal Melbourne Institute of Technology
PATHS at Royal Melbourne Institute of TechnologyPATHS at Royal Melbourne Institute of Technology
PATHS at Royal Melbourne Institute of Technology
 
Tgs implementing tfu story of change (dfc 2012-13)
Tgs implementing tfu story of change (dfc 2012-13)Tgs implementing tfu story of change (dfc 2012-13)
Tgs implementing tfu story of change (dfc 2012-13)
 
ĐĄĐ°ĐœĐșт-ĐŸĐ”Ń‚Đ”Ń€Đ±ŃƒŃ€ĐłŃĐșĐžĐč ĐșĐŸĐœŃĐ”ĐœŃŃƒŃ. ĐĐŸĐČая эĐșĐŸĐœĐŸĐŒĐžŃ‡Đ”ŃĐșая ĐżĐŸĐ»ĐžŃ‚ĐžĐșĐ° ĐŽĐ»Ń ĐŒĐžŃ€Đ°
ĐĄĐ°ĐœĐșт-ĐŸĐ”Ń‚Đ”Ń€Đ±ŃƒŃ€ĐłŃĐșĐžĐč ĐșĐŸĐœŃĐ”ĐœŃŃƒŃ. ĐĐŸĐČая эĐșĐŸĐœĐŸĐŒĐžŃ‡Đ”ŃĐșая ĐżĐŸĐ»ĐžŃ‚ĐžĐșĐ° ĐŽĐ»Ń ĐŒĐžŃ€Đ°ĐĄĐ°ĐœĐșт-ĐŸĐ”Ń‚Đ”Ń€Đ±ŃƒŃ€ĐłŃĐșĐžĐč ĐșĐŸĐœŃĐ”ĐœŃŃƒŃ. ĐĐŸĐČая эĐșĐŸĐœĐŸĐŒĐžŃ‡Đ”ŃĐșая ĐżĐŸĐ»ĐžŃ‚ĐžĐșĐ° ĐŽĐ»Ń ĐŒĐžŃ€Đ°
ĐĄĐ°ĐœĐșт-ĐŸĐ”Ń‚Đ”Ń€Đ±ŃƒŃ€ĐłŃĐșĐžĐč ĐșĐŸĐœŃĐ”ĐœŃŃƒŃ. ĐĐŸĐČая эĐșĐŸĐœĐŸĐŒĐžŃ‡Đ”ŃĐșая ĐżĐŸĐ»ĐžŃ‚ĐžĐșĐ° ĐŽĐ»Ń ĐŒĐžŃ€Đ°
 
Arema connect partnership introduction
Arema connect partnership introductionArema connect partnership introduction
Arema connect partnership introduction
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
 
Exchange 2013 coexistence environment and the Exchange legacy infrastructure ...
Exchange 2013 coexistence environment and the Exchange legacy infrastructure ...Exchange 2013 coexistence environment and the Exchange legacy infrastructure ...
Exchange 2013 coexistence environment and the Exchange legacy infrastructure ...
 
Exchange infrastructure implementing single domain namespace scheme part 2#...
Exchange infrastructure implementing single domain namespace scheme part 2#...Exchange infrastructure implementing single domain namespace scheme part 2#...
Exchange infrastructure implementing single domain namespace scheme part 2#...
 
Canciones del colegio
Canciones del colegioCanciones del colegio
Canciones del colegio
 
TAM-2012-08 Govt Higher sec School Mathicode
TAM-2012-08 Govt Higher sec School Mathicode TAM-2012-08 Govt Higher sec School Mathicode
TAM-2012-08 Govt Higher sec School Mathicode
 
TAM-2012-13 PUPS Narayanapuram
TAM-2012-13 PUPS NarayanapuramTAM-2012-13 PUPS Narayanapuram
TAM-2012-13 PUPS Narayanapuram
 
Boletim informativo novembro/dezembro 2015
Boletim informativo novembro/dezembro 2015Boletim informativo novembro/dezembro 2015
Boletim informativo novembro/dezembro 2015
 
Past perfect tense Nurlaela 201212500067
Past perfect tense Nurlaela 201212500067Past perfect tense Nurlaela 201212500067
Past perfect tense Nurlaela 201212500067
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...
 

Similar to Why our mail system is exposed to spoof and phishing mail attacks part 5#9 | Eyal Doron | o365info.com

What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...Eyal Doron
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...Eyal Doron
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of ITMahdiRahmani15
 
Did you get my email?
Did you get my email?Did you get my email?
Did you get my email?Tayfun TEK
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitssuser64f8f8
 
Presentation on Email phishing.pptx
Presentation on Email phishing.pptxPresentation on Email phishing.pptx
Presentation on Email phishing.pptxAbdulHaseebKhan34
 
2016 Social Engineering Training
2016 Social Engineering Training2016 Social Engineering Training
2016 Social Engineering TrainingRob Valdez
 
Data breaches - How well is your organization protected against them?
Data breaches - How well is your organization protected against them?Data breaches - How well is your organization protected against them?
Data breaches - How well is your organization protected against them?Cristina Collado
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
The Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe TNS Group
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptxTanvir Amin
 
CYBER_SECURITY_BASICS_FINAL.pptx
CYBER_SECURITY_BASICS_FINAL.pptxCYBER_SECURITY_BASICS_FINAL.pptx
CYBER_SECURITY_BASICS_FINAL.pptxQuiMo3
 
What is SPF record good for? | Part 7#17
What is SPF record good for? | Part 7#17What is SPF record good for? | Part 7#17
What is SPF record good for? | Part 7#17Eyal Doron
 
Bradley Family E.docx
Bradley Family E.docxBradley Family E.docx
Bradley Family E.docxjasoninnes20
 

Similar to Why our mail system is exposed to spoof and phishing mail attacks part 5#9 | Eyal Doron | o365info.com (20)

What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of IT
 
Did you get my email?
Did you get my email?Did you get my email?
Did you get my email?
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the bait
 
Presentation on Email phishing.pptx
Presentation on Email phishing.pptxPresentation on Email phishing.pptx
Presentation on Email phishing.pptx
 
2016 Social Engineering Training
2016 Social Engineering Training2016 Social Engineering Training
2016 Social Engineering Training
 
Data breaches - How well is your organization protected against them?
Data breaches - How well is your organization protected against them?Data breaches - How well is your organization protected against them?
Data breaches - How well is your organization protected against them?
 
internet security
internet securityinternet security
internet security
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
The Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe Emotional Lure of Social Engineering
The Emotional Lure of Social Engineering
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
 
CYBER_SECURITY_BASICS_FINAL.pptx
CYBER_SECURITY_BASICS_FINAL.pptxCYBER_SECURITY_BASICS_FINAL.pptx
CYBER_SECURITY_BASICS_FINAL.pptx
 
What is SPF record good for? | Part 7#17
What is SPF record good for? | Part 7#17What is SPF record good for? | Part 7#17
What is SPF record good for? | Part 7#17
 
Bradley Family E.docx
Bradley Family E.docxBradley Family E.docx
Bradley Family E.docx
 

More from Eyal Doron

How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2Eyal Doron
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...Eyal Doron
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Eyal Doron
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Eyal Doron
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Eyal Doron
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Eyal Doron
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Eyal Doron
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Eyal Doron
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Eyal Doron
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Eyal Doron
 
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...Eyal Doron
 
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...Eyal Doron
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Eyal Doron
 
Microsoft remote connectivity analyzer (ex rca) autodiscover troubleshooting...
Microsoft remote connectivity analyzer (ex rca) autodiscover troubleshooting...Microsoft remote connectivity analyzer (ex rca) autodiscover troubleshooting...
Microsoft remote connectivity analyzer (ex rca) autodiscover troubleshooting...Eyal Doron
 
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...Eyal Doron
 
Should i use a single namespace for exchange infrastructure part 1#2 part ...
Should i use a single namespace for exchange infrastructure part 1#2 part ...Should i use a single namespace for exchange infrastructure part 1#2 part ...
Should i use a single namespace for exchange infrastructure part 1#2 part ...Eyal Doron
 

More from Eyal Doron (20)

How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
 
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
 
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
 
Microsoft remote connectivity analyzer (ex rca) autodiscover troubleshooting...
Microsoft remote connectivity analyzer (ex rca) autodiscover troubleshooting...Microsoft remote connectivity analyzer (ex rca) autodiscover troubleshooting...
Microsoft remote connectivity analyzer (ex rca) autodiscover troubleshooting...
 
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
 
Should i use a single namespace for exchange infrastructure part 1#2 part ...
Should i use a single namespace for exchange infrastructure part 1#2 part ...Should i use a single namespace for exchange infrastructure part 1#2 part ...
Should i use a single namespace for exchange infrastructure part 1#2 part ...
 

Recently uploaded

How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneCall girls in Ahmedabad High profile
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 

Why our mail system is exposed to spoof and phishing mail attacks part 5#9 | Eyal Doron | o365info.com

  • 1. Page 1 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Let’s start with a declaration about a strange phenomenon: Spoof mail attacks and Phishing mail attacks, are well-known attacks, and consider as a popular attack among the “hostile elements.” Most of the existing organizations, do not have effective defense mechanisms against the above attacks, and there is a high chance, at some point, that your organization will experience the bitter taste of Spoofing or Phishing attacks! In other words – most of the organizations are exposed to Spoof and Phishing mail attacks, and it’s only a matter of “when”. Dealing with Spoof and Phishing mail attacks | Article Series -Table of content So the most obvious questions could be:
  • 2. Page 2 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 1. Is this statement correct? 2. And if this Is this statement is correct is correct, how could it be that no one pays attention to this problem, and doing something accordance? In the current article, I would like to give you some “food for thought” regarding this strange phenomenon, which we prefer to ignore the danger of Spoof mail attack and Phishing mail attacks, close our eyes, and continue to declare that “we are doing our best for protecting our mail infrastructure!” The Common Misconception That Causes Us To Ignore The Threat Of Spoof Mail Attack And Phishing Mail Attacks 1. It will not happen to me. From time to time, we read some story about a company that was attacked by a Phishing mail and a sad story such as – a story about the CEO who was lured to transfer a large amount of money to the attacker’s bank account, but we don’t really believe that it will happen to us. My answer is that it’s not a matter of “if” but only a matter of “when.” Most of the chances are that your organization will experience Spoof E-mail attacks and Phishing mail attacks at some point.
  • 3. Page 3 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 2. Too much on my mind Every average IT member or IT manager is experiencing the feeling of – “too much on my mind.” Every day “invites” new challenges and new crises. “I know that the subject of Spoof mail attack and Phishing mail attacks is important, but I have more critical issues that I need to take care of them at the moment” The little secret is that probably; you will never have the required time! If you do not find the required time, the next Spoof mail attacks and Phishing mail attacks will find you unprepared, and the result can become very critical! Only when you are able to acknowledge the importance of this risk, you will “make the time.” 3. My organization is well protected from Spoof mail and Phishing mail attacks. All of us, have the strong need to believe that someone watches us and will protect us when it’s needed.
  • 4. Page 4 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 This is a very basic human need. When relating to the risk of – Spoof E-mail attacks and Phishing mail attacks, most of the time, we prefer not to be realistic. Instead, we prefer to cling to the general thought that “they” (my IT, my mail provider and so on), are doing what they know to do, and that “they,” are doing whatever it takes for protecting our organization from Spoof E-mail attacks and Phishing mail attacks. The reality is much more complicated! Most of the time, the “IT” doesn’t include a professional authority who is specialized in the subject of “mail security” or doesn’t know what are the unique threats that relate to a modern mail infrastructure, what are the specific characters of Spoof mail attack and Phishing mail attacks, what is the available solution? and so on. Hosted mail infrastructure such as Office 365 (Exchange Online) | My mail infrastructure is automatically protected! In a scenario in which your mail infrastructure is hosted at “external mail provider” such as Office 365 and Exchange Online, this Incorrect assumption is manifested most strongly. Most of the mail provider such as Office 365, have all the required tools and infrastructures for dealing and preventing Spoof E-mail attacks and Phishing mail attacks. The “little thing” that we are not aware of the simple fact that these “defense mechanisms,” are not activated by default. Instead, they are just sitting there waiting for us to use them!
  • 5. Page 5 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The main reason that this defense mechanism is not activated automatically is – because this defense mechanism can intercept accidentally legitimate E-mail. The important thing that most of us are not aware of being – that the responsibility to use the existing defense mechanism is our responsibility! For example, when relating to the subject of Spoof mail attack, Exchange Online support three mail standards, that implements sender verification + support the option of creating an Exchange rule that will identify events of the Spoof mail attack. The responsibility of knowing the specific characters of each of the sender verification mail standards, the required configuration settings for each of this standard, how to configure the required adjustment that will suit our specific organization needs is our responsibility! What Is The Weakness That The Hostile Element Exploits When Using Spoof Mail Attack And Phishing Mail Attacks? The base for Spoof mail attack and Phishing mail attacks, relies on two major weaknesses: 1. The SMTP protocol weakness 2. The Human factor weakness
  • 6. Page 6 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Spoof E-mail attack and SMTP as Innocent protocol When we hear or experience a Spoof E-mail attack, the first question that can appear in our mind could be: Q1: Why mail servers don’t know how to protect themselves from Spoof E-mail attacks and Phishing mail attacks? A1: The simple answer is that the “creator” of the SMTP protocol, didn’t relate to the issue of “mail security” and instead, concentrated on creating mail protocol, that will deliver an email message from point A to point B effectively and reliably. The issue of “mail security” was neglected because at that time, the popularity of the SMTP protocol was not so great, and the use of the SMTP protocol was not so common. In a standard mail communication that involves two parties, the SMTP protocol is based on the concept in which the destination mail servers (side B) “believe” in the identity (E-mail address) that the sender (side A) provides. The sender (side A), doesn’t need to prove his identity! Phishing mail attack and we as a human being
  • 7. Page 7 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Regarding Phishing mail attack, the base for this attack is – the ability to exploit the “thing” that makes us “human”. Q1: Why is it so hard to deal with Phishing mail attacks? Or, why there are so many people that fall prey to Phishing mail attack? A1: The standard Phishing mail attack is based on two “parts” that exploit the human character: The Phishing mail attack starts with the “trust part”, in which the hostile element uses an E-mail address of someone we trust or E-mail address that looks like an E-mail message that was sent from respectable and trusted source. The “sender trusts part,” relies on the “innocence” of the SMTP protocol, that doesn’t include a built-in mechanism for verifying the identity of the “other side.” The second part of the Phishing mail attack is based on the “content” that appears in the E-mail message. As the famous song of Michael Jackson – the “human nature” – the hostile element that executes the Phishing mail attack, is aware of different “human button” that can be pushed and manipulated. The Phishing mail content is designed to address a common human character such as pity, fear, greed, curiosity and so on. The attacker address one of this “human failing” for manipulating the victim to “do something” such as – open a specific file (malware) or click on a specific link in the Phishing mail that will lead the victim to a Phishing website.
  • 8. Page 8 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The Awakening Of Our Awareness Of The Problem Of Spoof Mail Attack And Phishing Mail Attacks | Additional Obstacles Let’s assume that you decide that you agree that Spoof mail attack and Phishing mail attacks constitute a great risk to your organization and that you are willing to make the effort and take this threat seriously. In this section, I would like to review additional obstacles that may appear on the way. To be able to start handling the Spoof mail attack and Phishing mail attack threat, you will need to overcome these obstacles.
  • 9. Page 9 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 1. The fair from doing something that will harm the organization mail flow. Let’s talk about the most prominent obstacle: the fear of a scenario, in which the solution that will be implemented will damage the normal mail flow. A scenario of false positive, in which a legitimate E-mail that sent to our users will be mistakenly identified as Spoof E-mail or Phishing mail and for this reason, will be “blocked” or deleted by the specific Spoof E-mail protection mechanism that we use.
  • 10. Page 10 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 When implementing a security mechanism that deals with Spoof E-mail, we are facing two problematic scenarios: Incoming mail In a standard mail flow, we welcome every E-mail message that sent to one of our users, as long as the destination recipient exists. In other words, we don’t care about the element that originates the E-mail message (the sender) but instead, the mail server that represents our organization is only responsible for verifying the information about the destination recipient (that he hosts the mailbox of the destination recipient). When we implement a defense mechanism that is should protect us from Spoof mail attack, we can compare it to a scenario in which we place a “guard” at the entrance to our base (our mail infrastructure). Versus a scenario in which every guest is welcomed to enter our perimeter when we force the use of sender verification, we implemented a process in which we try to verify the identity of each entity that wants to “enter our base.” When we use this additional layer of security, there is a reasonable chance that we will experience a scenario of false positive.
  • 11. Page 11 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 In this scenario, some of our “legitimate guests,” will not be allowed to enter our base and will be rejected because they do not have the required proof of their identity or from any technical problem that relates to the proof of their identity (their E-mail message will be rejected). Outgoing mail The other aspect of implementing sender verification mechanism is the ability to “stamp” a legitimate E-mail message that sent by our legitimate users, so, the “other side” will be able to verify our identity, and will be able to differentiate our legitimate sender from E-mail messages that send by hostile elements that spoof our organizational identity. The problem of “false positive” can be realized also when relating to the scenario of outgoing mail flow, meaning, an E-mail message that is sent by our user to external destination recipients. In a complex mail infrastructure, the ability to “stamp” all of the E-mail messages that is sent from our mail infrastructure fully and in a “proper,” way is a quite a challenging task!
  • 12. Page 12 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 In case that we didn’t manage to correctly “stamp” each E-mail message that uses our organizational identity (E-mail message in which the sender uses our domain name), this could lead to a scenario, and which a legitimate E-mail message that is sent from our users, will be rejected by the “other” mail infrastructure. 2. Fear of hurting business activity Every implementation of any security solution mechanism will probably cause some disruption to the business activity, at least in the first phase of the adoption and assimilation. The fear of this anticipated disruption leads us to the attitude of – don’t rock the boat! Alternatively, if no one complained, until now, I guess everything is OK! The false sense that if, until now, everything was fine, in the future everything will be fine will eventually explode in our face. In other words – If you can’t stand the heat, get out of the kitchen. 3. The resources issue To be able to clearly understand the “enemy” we will need to ask (and answer) many questions such as:  How the enemy thinks and functions?  What is the vulnerability of your mail infrastructure?  What are the possible solutions for the existing mail infrastructure vulnerability?  What is the difference between the different solution such as SPF, DKIM, DMARC?
  • 13. Page 13 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 You will need to have a patience and the willingness to devote the time required to read and internalize information. 4. The vanity syndrome The fact that you are veteran IT professional doesn’t mean that you are a security professional and doesn’t mean that you are familiar with the existing risk that threatens your mail environment, and the possible solution to this risk. 5. The fear of the unknown syndrome Like any “un-know territory”, the mail security standard territory, is an un-know territory” for most of us. In the process of implementing a specific solution to the problem of Spoof E-mail attacks and Phishing mail attacks, you will certainly encounter many questions and problems. It’s OK; this is expected as part of the process. 6. The need for simplicity syndrome Most of the time, we are looking for a simple solution and try to avoid the need to understand and implement complex solutions. The simple answer is – there is no simple solution for the task of dealing with Spoof E-mail attacks and Phishing mail attacks.
  • 14. Page 14 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 7. The military approach syndrome This is one of the noticeable features of many managers. The subtext of this approach is – I don’t care how, just make it work! Well, we can make it work but, only of the “management” is obligated to the process, and is willing to allocate the require resource for the implementation of the possible solutions. Why Is There No Simple Solution For The Problem Of Spoof E-Mail Attacks And Phishing Mail Attacks? The simple answer is that Phishing mail attack is not simple! The phishing mail attack is a sophisticated attack that combines a couple of attacks, which we will have to deal with each of them separately. In addition, the ability to deal with the infrastructure for the Phishing mail attack – spoof mail attack is not so simple!
  • 15. Page 15 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The common confusion between Spoof mail attack versus Phishing mail attacks A very important observation that I like to mention regarding the task of – “dealing with a scenario of Spoof E-mail attacks and Phishing mail attacks” is – that we should distinguish Spoof mail attack from Phishing mail attacks. Each type of attack has different characters, and for this reason, need a different type of solutions. Most of the Phishing mail attacks, use the Spoof mail attack in the initial phase of the attack. For this reason, it’s reasonable to assume that in case that we identify and block Spoof E-mail; the derivative will be blocking the Phishing mail attack.
  • 16. Page 16 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 However, the important thing is, that we cannot build our defense infrastructure based on this assumption for a couple of reasons:  Not all the Phishing mail attack uses the option of spoofing the sender identity. There is a reasonable option, in which the Phishing mail attacks will use just a standard E-mail address from well-known mail providers such as Gmail, Hotmail or Yahoo.  It’s very reasonable to assume that even when we use some protection mechanism that will use to identify Spoof mail attack, we will not be able to identify and block 100% of the Spoof mail attacks. Note – another aspect of Phishing attacks is that not all the Phishing attacks are “Phishing mail attacks”. It’s true that most of the Phishing attacks are executed via the “mail channel” but some of the Phishing attacks can be executed by using a phone call or a phone SMS, via a message that sent to instant messaging users, via a message that sent to social-network users and so on. What are the challenges that we need to face when we want to fight Spoof E -mail attacks? Regarding our ability to protect our mail infrastructure from Spoof mail attack, there are a couple of well-known mail standards, that was created by completing the SMTP protocol “missing part” meaning, the ability to verify sender identity. Along the current article series, we will review in details the different sender verification mail standard such as – SPF, DKIM and DMARC, and other optional solutions such as – solutions that we can implement in Exchange based environment.
  • 17. Page 17 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 If you think, you can sit back, relax and drink a refreshing cocktail because you found the perfect solution to all the Spoof E-mail problems, you are wrong! It’s true that there are standards and solutions that were created for dealing with the phenomena of Spoof E-mail but this solution is very far from providing a perfect solution. 1. The implementation of the sender identification mechanism is not so simple. Each of the different standards has advantages, disadvantages and “blind spots.” spots”. The implementation of this standard is not so simple and required preliminary assessment, planning and constant accompaniment. For example – at the current time, we can mention three mail standard that was created for dealing with the need to verify the sender identity. Each one of this standard uses a different method for verifying the sender identity and each one of this standard, required to implement different preparations and configuration settings. The implementation of this standard (sender verification standard) becomes quite complicated and challenging, in a complex mail environment that includes many mail servers many sites, etc.
  • 18. Page 18 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 A standard such as SPF, considered as an easy to adapt standard, but have built-in “blind spot,” spot”, that can be exploited by a hostile element that will bypass the existing “SPF wall.” The DKIM standard can provide a good protection, but because the solution is based on Public- Key infrastructure (certificate, digital signature and so on), it’s not so easy to implement this standard in a compound mail environment that includes many different entities that send mail on behalf of the organization. 2. Not all the organizations use sender identification mechanism. Another major issue is that we should not forget is – that the implementation of a complete solution for the problem of “Spoof E-mail,” is depended on a “logical circuit” that will include two sides: the sending mail infrastructure and the receiving (the destination) mail infrastructure.
  • 19. Page 19 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 In case that “our side” is implementing all the required solutions for dealing with Spoof E-mail phenomenon, but the “other side” doesn’t implement any Spoof E-mail protection solution, the outcome is that every hostile element can use our identity and attack the “other side” using our organizational identity.
  • 20. Page 20 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 What Are The Challenges That We Need To Face When We Want To Fight Phishing E-Mail Attacks? Regarding the subject of existing solutions for the problem of Phishing mail attacks, the situation is much poorer compared to the status of Spoof E-mail solutions. The Phishing mail attack considers as sophisticated attacks. The ability to identify and block Phishing mail attacks is much more complicated than dealing with the Spoof mail attack.
  • 21. Page 21 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The “interesting news” is that at the current time, there is no formal standard or a well know protection mechanism, that can directly deal and prevent all the types of Phishing mail attacks. If you perform a simple search using a question such as – “solution for Phishing email attacks,” most of the results that appear are dealing with tips and tricks, guideline and best practices that instruct users how to avoid or to recognize a scenario of Phishing mail. The “missing part” is that the answers and the solution are related to the “end point” meaning, the users and not to the “server side” meaning our mail infrastructure. The information is not related to a specific technology or a standard, that can be implemented on the “server side”. Some links, will lead you to a company that provides services for testing your mail infrastructure (by simulating a Phishing mail attack), and the reaction of your users to Phishing mail attack, but
  • 22. Page 22 of 22 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 the painful truth is – that there is no “tangible” standard, that promises to protect your mail infrastructure from all the Phishing mail attacks. My answer to the question of – “Why is there no formal solution to the threat of Phishing mail attack?” is, that the Phishing mail attack made of “different parts.” We cannot relate to Phishing mail attack as “one problem” but instead, as a “collection of problems.” For example-  One of the building blocks of Phishing mail attack is a Spoof mail attack. To be able to successfully deal with a Phishing mail attack, we will need to find a good solution for the problem of Spoof mail attack such as – implementation of sender verification standard – SPF, DKIM, DMARC and so on.  One of the building blocks of Phishing mail attack is infecting the user desktop with a malware (most of the time, “smart malware” that are injected into legitimate files). To be able to successfully deal with a Phishing mail attack, we will need to find a good solution for the problem of malware such as – “send box” solutions.  One of the building blocks of Phishing mail attack is social engineering. To be able to successfully deal with a Phishing mail attack, we will need to find a good solution for the problem of social engineering such as – guide and instruct our users about the characters of Phishing mail attack. Q1: Should I feel despaired from the fact that there is no formal solution to the threat of Phishing mail attack? A1: No! although there is no “magic button”, that we can use for dealing with a Phishing mail attack, there are a couple of solutions that we can use, and the combination of these “solutions” can provide good and effective protection for most of the Phishing mail attack scenarios. In the article – Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 , we will review the list of the solutions that we can use.
  • 23. Page 23 of 23 | Why our mail system is exposed to Spoof and Phishing mail attacks |Part 5#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The next article in the current article series is Dealing with the threat of Spoof and Phishing mail attacks |Part 6#9