Spear Phishing Awareness

Slides:

Advertisements

Similar presentations

Phishing Scams use spoofed s and websites as lures to prompt people to voluntarily hand over sensitive information Phishing s may contain.

Advertisements

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Internet Phishing Not the kind of Fishing you are used to.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Information Security Phishing Update CTC

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.

PHISHING FINANCIAL THREATS ON THE INTERNET -Alisha Esshaki 8a.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

What is Phishing?.  Phishing attempts are attempts to get valuable personal information from people via the internet.  Attempts usually come in the.

Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.

CCT355H5 F Presentation: Phishing November Jennifer Li.

About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.

Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details.

Phishing: Trends and Countermeasures Blaine Wilson.

How Phishing Works Prof. Vipul Chudasama.

What is Spam? d min.

Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015.

October is National CyberSecurity Awareness Month OIT and IT providers across campus are launching an awareness campaign to provide tips and resources.

5 different ways to get tricked on the internet. 1. Viruses A virus is a computer malware program that copies it’s files to the computer. This may allow.

PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.

FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Safe Computing Practices. What is behind a cyber attack? 1.

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

Internet Security TEAMS March 18 th, ISP:Internet Service Provider.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

Take the Quiz and find out more!

Important Information Provided by Information Technology Center

Objectives Define phishing and identify various types of phishing scams Recognize common baiting tactics used in phishing scams Examine real phishing messages.

Exchange Online Advanced Threat Protection

Done by… Hanoof Al-Khaldi Information Assurance

PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.

how to prevent them from being successful

Phishing Don’t take the bait! Dave Beauvais Andrew Sloan

Unit 4 IT Security.

Lesson 3 Safe Computing.

Secure Software Confidentiality Integrity Data Security Authentication

National Cyber Security Month

I S P S loss Prevention.

Microsoft Ignite /20/2018 8:09 AM BRK3023

Phishing, what you should know

Information Security 101 Richard Davis, Rob Laltrello.

Phishing is a form of social engineering that attempts to steal sensitive information.

Exchange Online Advanced Threat Protection

Demo Advanced Threat Protection

Social Engineering Brock’s Cyber Security Awareness Committee

Cybersecurity Awareness

IT Security awareness Training.

Robert Leonard Information Security Manager Hamilton

Information Security Session October 24, 2005

Real World Advanced Threat Protection

1/16/2019 4:44 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Security Hardening through Awareness August 2018

Lorenzo Biasiolo 3°AI INFORMATION SECURITY.

What is Phishing? Pronounced “Fishing”

Security in mobile technologies

ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.

Cybersecurity Simplified: Phishing

Presentation transcript:

Spear Phishing Awareness DCSS Spring 2019 Marc DeBonis V1.0

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site. Phishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators. Attempts to deal with phishing incidents include legislation, user training, public awareness, and technical security measures — because phishing attacks also often exploit weaknesses in current web security. Phishing attempts directed at specific individuals or companies have been termed spear phishing. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success. The term whaling has been coined for spear phishing attacks directed specifically at senior executives and other high-profile targets. In these cases, the content will be crafted to target an upper manager and the person's role in the company. The content of a whaling attack email may be an executive issue such as a subpoena or customer complaint. Obligatory Wikipedia Presentation time limit is 10 minutes.

Public awareness/ User Training Tech support posting 2/8 Microsoft Users Group 2/14 Phishing Mitigation Poster plans User Training Spot the phish training (Google specific-ish) https://phishingquiz.withgoogle.com/ ITSO sponsored "Securing the Human" Securing the Human Signup/Seat Request http://tinyurl.com/y4sel9nu Updated KB article KB0011109 "How to protect yourself from phishing attacks" Presentation time limit is 10 minutes.

Technical security measures (1 of 3) Report Message Add-In The Report Message add-in for Outlook and Outlook on the web enables people to easily report misclassified email, whether safe or malicious, to Microsoft and our email administrators. Microsoft uses these submissions to improve the effectiveness of email protection technologies. This is already enabled in OWA! You can enable individually in Outlook 2016! We will be enabling it for all customers in the VT O365 tenant (Q1 2019) Presentation time limit is 10 minutes. OWA Gmail Outlook 2016

Technical security measures (2 of 3) Microsoft Advanced Threat Protection (ATP) Microsoft provides a service to help protect organizations from malicious attacks. scans email attachments for malware (remote detonation) scans URLs in emails and Office docs (URL re-write) checks email messages for spoofing (domain) detects when someone attempts to impersonate your users and your organization’s custom domains (VIP targeting) Events and Planned Action Items Critical Needs Request (CNR) for university wide ATP (faculty, staff, and students) Microsoft Campus Update on 3/20 – ATP Demo Presentation time limit is 10 minutes.

Technical security measures (3 of 3) Google Enhanced Spam and Malware Protection Already enabled Attachment scanning Links and External Image scanning Enhanced Pre-Delivery Message scanning Spoofing and authentication scanning Planning to enable Protect against email address not in directory This require we re-enable general Google directory visibility. Current HB1 legislation seems to be complicating this for students. Protect against message pretending to be from your domain We have many 3rd party senders of email as @vt.edu that are not in our official SPF\DKIM records. We need to get them onboard and in a sub- domain or else they will be flagged. Caveat: Most of these warnings are web UI based and require that you use the Gmail web interface! Presentation time limit is 10 minutes.

Q&A (if time allows) Questions, concerns, comments, criticisms, kudos? Presentation time limit is 10 minutes.

Spear Phishing Awareness DCSS Spring 2019 Marc DeBonis V1.0