Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing, Spear Phishing, and what to do about it.

Published byEllen Pope Modified over 6 years ago

Similar presentations

Presentation on theme: "Phishing, Spear Phishing, and what to do about it."— Presentation transcript:

1 Phishing, Spear Phishing, and what to do about it.
Mark Berman | Angelo Santabarbara March 13, 2013 Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution.

2 Abstract There has been a dramatic increase in phishing and other hacker attacks this year. Many in our communities have fallen prey to identity theft attacks, have had their accounts compromised, or have been tricked into downloading malware onto their machines, which has spurred a great deal of discussion among security professionals trying to figure out how to handle the problem. Siena College has taken a multipronged strategy, educational as well as technical. This session will present Siena's approach, detail how successful we have been, and survey approaches used by other institutions.

3 Traditional Phishing Response/Prevention
Not proactive Collected phishing samples, analyzed, blocked at firewall by blocking domain/site (such as Google form) Monitored queues for suspicious activities to identify compromised accounts to disable Notify user and informally educate user on prevention RESULT: Number of compromised accounts continued to grow and hit all time high in September Sophisticated spear phishing attacks were harder for users to identify as malicious content and increasing in number.

4 Evolving Phishing Response/Prevention
Main Objectives Formal notifications and preliminary education Proactive technical prevention Participation in phishing identification systems to bring known phishing attacks to light in the security community Education during detected/intercepted activity Formal education requirement for re-enabling compromised accounts

5 Formal Notifications & Preliminary Education
High level notifications from CIO sent to community to remind about phishing attacks, how to spot them, and current vulnerabilities. Implement formal training of staff and faculty starting at new hire orientation to stress importance the individual has in ultimate security and responsibility.

6 Proactive Technical Prevention
Update DNS forwarders on Active Directory DNS servers to OpenDNS Benefits Blocks known phishing hosts, botnets, and typosquatters at no cost based on constantly updated security community definitions as well as community driven PhishTank service. Faster DNS response than most ISP DNS servers Customizable intercept pages Reporting on DNS requests, phishing requests, and botnet requests

7 Participation in Phishing Identification
Process in place for help desk and system admins to report phishing/spear phishing attacks to PhishTank and Google’s Report Phishing PhishTank is community driven and used by many of the biggest security providers as well as OpenDNS Having multiple reports and verification of phishing sites aids in getting phishing sites blocked and taken offline Reporting to Google will increase timely marking of delivered phishing s to be labeled as such in Gmail.

8 Education During Phishing Activity
In the event the user falls for a phishing scam and that phishing site is blocked by OpenDNS: Utilize custom page to also educate about what was blocked Provide ITS help desk contact information for concerned user assistance/clarification Provide some type of self test such as the OpenDNS Phishing Quiz or SonicWALL Phishing IQ Test

9 Compromised Account Education
In order to have a compromised account re-enabled, require formal completion of phishing training Acquired SANS Securing the Human training that provides quick security training modules that are tracked by our training management system On site completion of training module required to re-enable account

10 New Phishing Prevention/Education Model Results
Notes: 9/12 from CIO educating community 10/12 Continued CIO Started New Hire Orientation Malware/Phishing training 11/12 Implemented OpenDNS 12/12 Began using PhishTank submissions All Users required to change passwords for Google Apps migration (Population expecting change more apt to fall for phishing attacks) Started intercepting BotNet pages w/internal warning and education page 1/13 Migrated students to Google

11 It Doesn’t End Here… Unfortunately this is a cat and mouse game
Users forget, make mistakes, and continue to get tricked by very realistic looking spear phishing attempts customized to include actual Siena elements so continuous education is required Participate in anti-phishing efforts and information sharing to foster a community that helps security vendors block and take down these criminal operations

12 Thank you for attending
Thank you for attending! Please remember to fill out this session’s evaluation by going to the daily agenda on the conference website. Your feedback directly affects future events.

Download ppt "Phishing, Spear Phishing, and what to do about it."

Similar presentations

K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services Harvard Townsend Chief Information Security Officer

K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services Harvard Townsend Chief Information Security Officer
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.

Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Digital Self Defense How well do YOU know Information Security? How well do YOU know Information Security?

Digital Self Defense How well do YOU know Information Security? How well do YOU know Information Security?
Network security policy: best practices

Network security policy: best practices
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Portal User Group Meeting March 9, 2011. Agenda  Introduction  Guest Presentation – Website Accessibility Michelle Laramie, David Bergmann, Jolene Nemeth.

Portal User Group Meeting March 9, Agenda  Introduction  Guest Presentation – Website Accessibility Michelle Laramie, David Bergmann, Jolene Nemeth.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
MyFloridaMarketPlace MyFloridaMarketPlace Change Request Board August 30, 2007.

MyFloridaMarketPlace MyFloridaMarketPlace Change Request Board August 30, 2007.
© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Dmitry Kagansky, CTO - Public Sector (Federal) March 14, 2011 Quest Software – APT and the Insider Threat.

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Dmitry Kagansky, CTO - Public Sector (Federal) March 14, 2011 Quest Software – APT and the Insider Threat.
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
Google Apps (Education Edition) A step guide to a successful deployment January 10 th, 2008 California Technology Assistance Project www.ctap1.org.

Google Apps (Education Edition) A step guide to a successful deployment January 10 th, 2008 California Technology Assistance Project

Similar presentations

Ads by Google