Presentation is loading. Please wait.

Presentation is loading. Please wait.

Direct Deposit Phishing Attack

Published byBernard Walters Modified over 6 years ago

Similar presentations

Presentation on theme: "Direct Deposit Phishing Attack"— Presentation transcript:

1 Direct Deposit Phishing Attack
Brian Allen Network Security Analyst Washington University in Saint Louis May 2014 ----- Meeting Notes (5/7/14 10:17) -----

2 Topics for Today Brief overview of the Washington University network
Brief look at first incident in Sept/Oct 2013 Brief look at second incident in Jan/Feb 2014 Potential phishing defenses Some examples of real phishing s Who attacked us? Final thoughts

3 Washington University in St. Louis
Business School NSS Internet Law School NSO Arts & Sciences Medical School Decentralized Campus Network NSS = Network Services and Support NSO = Network Security Office Library We have a decentralized campus network. The Internet comes into the department called NSS which acts as the ISP for the University. NSS handles, among other things, the core routers, many of the switches, the main DNS servers, the main mail gateway, and all of the campus wireless. The Network Security Office sits inside NSS and my team of one, namely me, works closely with NSS. Every department on campus runs their own IT show. Each one has their own staff, and each runs their own mail servers, web servers, computer labs, etc. This means I don’t have access to any of their devices. Social Work Art & Architecture Engineering School Washington University in St. Louis

4 Numbers from Sept/Oct 2013 Attack:
13 total victims 11 Medical School faculty 2 Business School faculty 11 had direct deposit info changed 1 account caught by the new HRMS blacklist and immediately blocked

5 Round 1a Phishing Attack

6 Round 1b Phishing

7

8 Numbers From Jan/Feb 2014 Attack
17 Users were victims 15 Medical Faculty or Staff 1 Engineering School Faculty 1 Law Student 4 Victims had their Direct Deposit info changed 7 Users were protected by the Blacklist 10 Victims were logged into from new IP addresses which were quickly added to the Blacklist

9 Round 2 Phish Three Months Later

10

11

12 Criminals seemingly have a huge advantage
They send hundreds of phishing s and only need ONE user to fall for it to succeed

13 We can turn the tables on them
Force the criminal to run through a gauntlet of defenses to succeed

14 Reconnaissance Phase

15 Phishing Phase

16 Criminal Login Phase

17 HR/SSO Application Suggestions

18 Payroll Alerting Suggestions

19 Communication Suggestions

20 Phishing Examples

21 WUSTL Site or Phish Site?

22

23 WUSTL Site or Phish Site?

24

25 WUSTL Site or Phish Site?

26 Real Email or Phish Email?

27

28 Spammers log in and use account to send spam

29 Sept/Oct Attack 1

30 Jan/Feb Attack

31 Numbers from September/October:
13 total victims 11 Medical School faculty 2 Business School faculty 11 had direct deposit info changed 1 account caught by the new HRMS blacklist and immediately blocked

32 How Much $ Did the Criminals Get in October?
$97, Total was Transferred Out $91, Was Recovered by Payroll $5, Was Lost

33 Numbers From Jan/Feb Attack
17 Users were victims 15 Medical Faculty or Staff 1 Engineering School Faculty 1 Law Student 4 Victims had their Direct Deposit info changed 7 Users were protected by the Blacklist 10 Victims were logged into from new IP addresses which were quickly added to the Blacklist

34 How Much $ Did the Criminals Get in January?
$0 Total was Transferred Out $0 Was Recovered by Payroll $0 Was Lost Thanks! Questions?

Download ppt "Direct Deposit Phishing Attack"

Similar presentations

So Your Computer is Infected, Now What? STC/STS Tech Training 3:00-4:00, Tuesday, August 18, 2009 Brian Allen Network Security Analyst,

So Your Computer is Infected, Now What? STC/STS Tech Training 3:00-4:00, Tuesday, August 18, 2009 Brian Allen Network Security Analyst,
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Topics in Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP Network Security Analyst, Washington University.

Topics in Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP Network Security Analyst, Washington University.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
Johnson Logistics Solutions Office of Systems and Information Technology.

Johnson Logistics Solutions Office of Systems and Information Technology.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Technology Update TSAG Meeting 11/14/02. Announcements: Spam Open Forum  Monday November 18, 2pm-3pm  OV Presentation Room Campus Operations Center:

Technology Update TSAG Meeting 11/14/02. Announcements: Spam Open Forum  Monday November 18, 2pm-3pm  OV Presentation Room Campus Operations Center:
IP Blacklisting Causes & Solution Marcus Low, R&D Director InternetNow International Sdn Bhd.

IP Blacklisting Causes & Solution Marcus Low, R&D Director InternetNow International Sdn Bhd.
Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.

Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.
Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP Network Security Analyst, Washington.

Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP Network Security Analyst, Washington.
1 ECE 156 Computer Network Architecture Professor Krish Chakrabarty Department of Electrical and Computer Engineering Fall 2006.

1 ECE 156 Computer Network Architecture Professor Krish Chakrabarty Department of Electrical and Computer Engineering Fall 2006.
Introduction1-1 Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 1 Omar Meqdadi Department of Computer Science and Software Engineering.

Introduction1-1 Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 1 Omar Meqdadi Department of Computer Science and Software Engineering.
Note1 (Admi1) Overview of administering security.

Note1 (Admi1) Overview of administering security.
Lecture Number One History of the internet and a bit about how it works.

Lecture Number One History of the internet and a bit about how it works.
Terri Lahey Control System Cyber-Security Workshop October 14, 2007 1 SLAC Controls Security Overview Introduction SLAC has multiple.

Terri Lahey Control System Cyber-Security Workshop October 14, SLAC Controls Security Overview Introduction SLAC has multiple.
1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.

1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.
7.7 DDoS Attack Timeline 1 st Attack Date : ’09.7.5 02:00 ~ ’09. 7.5 14:00, ’09.7.5 22:00 ~ ’09. 7.6 18:00 Target : (US) White House + 4 web sites (US)

7.7 DDoS Attack Timeline 1 st Attack Date : ’ :00 ~ ’ :00, ’ :00 ~ ’ :00 Target : (US) White House + 4 web sites (US)
Minding your business on the internet Kelly Trevino Regional Director October 6,2015.

Minding your business on the internet Kelly Trevino Regional Director October 6,2015.

Similar presentations

Ads by Google