Presentation is loading. Please wait.

Presentation is loading. Please wait.

2014 From Phish to Phraud Kat Seymour October 10, 2014 #GHC14 2014.

Published byBranden Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "2014 From Phish to Phraud Kat Seymour October 10, 2014 #GHC14 2014."— Presentation transcript:

1 2014 From Phish to Phraud Kat Seymour October 10, 2014 #GHC14 2014

2 2 * http://www.sec.gov/investor/pubs/phishing.htm http://www.sec.gov/investor/pubs/phishing.htm ** http://www.emc.com/collateral/fraud-report/rsa-online-fraud-report-012014.pdf http://www.emc.com/collateral/fraud-report/rsa-online-fraud-report-012014.pdf 2013 phishing statistics: Approximately 450,000 incidents recorded** Over $5.9 billion in losses** The United States government describes phishing as the use of fraudulent e-mails and copy-cat websites to try and convince you to reveal valuable personal information, such as account numbers, login credentials or your Social Security number, to be used to try and take your money, your identity or both.* What is Phishing

3 2014 Social engineering tactics & risks 3 Use publicly available information to deploy social engineering tools Vishing Phishing Account take over Initiates malicious action (Trojan, Key Logger) What are the risks? Personal and/or enterprise risk Fraud and identity theft Business disruption Home burglary Reputational damage Theft of confidential documents and/or equipment Financial losses

4 2014 4 Weak Phishing e-mail Unrecognizable senders Generic salutations Misspellings Check the URL

5 2014 5 Use of company brands Use of company words to make the phish look more authentic Generic salutations Check the URL Urgency Unrecognizable senders Strong Phishing e-mail

6 2014 Referers 6

7 2014 Find IP and check sites using URLQuery 7

8 2014 Suspicious IP indicators 8 Click Delta Velocity Score

9 2014 Device Fingerprinting 9 The New Endpoint Desktop Computers Laptops Tablets Mobile phones Internet TV Refrigerators Environment Control Systems Portal Devices

10 2014 Challenges and opportunities 10 Working with ISPs to remove phishing websites Active monitoring of logs, traffic, websites and registered domain names Work with email providers to help authenticate senders and prevent phishing e-mails from ever reaching customer in-boxes What is the industry doing to protect you? Spread out across many countries and ISPs Phishing has been around a long time and new types of attempts are constantly evolving Happens on the client/customer side Systems are outside of our space Challenges of defense

11 2014 Got Feedback? Rate and Review the session using the GHC Mobile App To download visit www.gracehopper.org

Download ppt "2014 From Phish to Phraud Kat Seymour October 10, 2014 #GHC14 2014."

Similar presentations

Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.

TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Protecting Against Online Fraud F5 SIT Forum

Protecting Against Online Fraud F5 SIT Forum
The OWASP Foundation OWASP Chennai 2007 Phishing.

The OWASP Foundation OWASP Chennai Phishing.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Similar presentations

Ads by Google