How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan

How to Spot and Combat a Phishing Attack

Webinar

October 20th, 2015

[email protected]

Kevin Patel – Sr Director of Information Security, Compliance & IT Risk Mgmt

© ControlScan 2015 2

1) National Cyber Security Awareness Month (NCSAM)

overview

2) Phishing overview

3) By the numbers - phishing stats

4) Which phishing tactics are on the rise and old tactics

that are still working today

5) Anatomy of a phishing email

6) Sample phishing emails – can you spot the phish?

7) What to do if an email appears to be a phishing attempt

8) So why should I care about phishing?

9) Online phishing resources

10) Q&A

Agenda


National Cyber Security Awareness Month (NCSAM)

NCSAM is celebrated every October

2015 marks NCSAM 12th year

A collaborative initiative between the government and industry to promote

online safety awareness

Primary goal of NCSAM is to educate people about the risks of

cybersecurity and provide resources to stay safe and secure online.

ControlScan supports NCSAM and is a champion this year joining a

growing global effort of 400+ colleges and universities, businesses,

government agencies, associations and non-profit organizations


They Didn’t Avoid the Bait

Majority of all the major data breaches

over the past few years have what in

common?

PHISHING was the initial point of entry

The following companies fell for

sophisticated phishing attacks:Target - 110 million records compromised

Anthem – 78.8 million records

JPMC – 83 million records breached

Sony – 102 million records

South Carolina DOR – 8 million records


So What is Phishing?

Phishing is a fraudulent attempt (a type of spam) which is

usually made through email to steal your personal/sensitive

information. Phishing is a psychological attack used by cybercriminals to trick you

into giving up information or taking an action such as clicking on a link,

opening an attachment, or responding to a scam.

Phishing is a common form of social engineering and has

become the preferred method for cybercriminals.

The bad guys spoof legitimate companies and brands that

the email recipient may be familiar with.Image Source: SANS


So What is Phishing? (cont.)

Spear Phishing – Sophisticated highly targeted phishing scam aimed at specific

individuals or groups within an organization (i.e. C-Suite, Accounting, HR or IT)

with the sole purpose of obtaining unauthorized access to sensitive data.

Most popular form of phishing and on the rise.

High-profile individuals are targeted, which is why its referred to as “whaling”.

Spear Phishing makes use of information about a target to make attacks more

specific and targeted. Hackers do their research!

Intent remains the same - to steal intellectual property, financial data, trade or

military secrets and other confidential data.

Vishing – A form of social engineering similar to email phishing but occurs over the

phone primarily using automated voice systems. Instead of sending an e-mail, you receive

a call on your home phone or mobile device, claiming to be from your bank or another

institution you trust, and will request you share sensitive info.

SMiShing – Accomplished through text messages (SMS) via a cell phone or mobile

device by asking you to call a particular number to gain sensitive information or click on a

link that could contain malicious code.


Why is Phishing So Popular with Hackers?

Phishing is a top hacker technique since it is usually the path of least resistance

for the bad guys to get the sensitive data they want without being detected.

Phishing is the No. 1 method to gain unauthorized access and steal data since the

bad guys like to take advantage of human error.


What do the Cybercriminals want?

Protected Health

Information (PHI)


Top 3 Ways to get Phished


By the Numbers - Phishing Stats

Data/Image Sources:

1. Lireo Designs - The State of Phishing

2. Kaspersky Labs - The Evolution of Phishing Attacks: 2011-2013

3. APWG - Global Phishing Survey: Trends and Domain Names Use in 1H2014

4. http://www.returnpath.com/wp-content/uploads/2015/07/The-Anatomy-of-a-Phishing-Email.pdf

5. http://blog.inspiredelearning.com/wp-content/uploads/2014/04/phishing-infographic-full.jpg


By the Numbers - Phishing Stats (cont.)

Data/Image Sources:

1. Kaspersky Labs - The Evolution of Phishing Attacks: 2011-2013

2. APWG - Global Phishing Survey: Trends and Domain Names Use in 1H2014

3. HP - State of Network Security, August 2014


Anatomy of a Phishing Email

• In order for you to

successfully identify and

combat phishing emails we

must first understand the

anatomy of the email.

• To deceive email recipients

into divulging sensitive

information, cybercriminals

will use a variety of tactics

such as:

Image Source: http://www.returnpath.com/wp-content/uploads/2015/07/The-Anatomy-of-a-Phishing-Email.pdf


Sample Phishing Email – Can you spot the phish?

Source: www.phishtank.com


Phishing Indicators – Can you spot the phish?

Sent from someone's personal email account

Generic greeting

Grammar and spelling mistakes

Requires immediate action and creates a

sense of urgency

Malicious Link – mouse over to verify link

Generic sender – lack of contact info

Suspicious attachment

Source: SANS – Don’t Get Hooked Poster


Sample Phishing Website – Can you spot the phish?



Phishing Email Checklist

Don’t believe everything you see – If it sounds to good to be true it usually is.

No, you didn’t just win a $1,000 gift card.

Beware of threatening language or invoking a sense of urgency

Analyze the greeting – generic salutation “Dear Customer” use is a tell-tale sign

Look but do NOT click – mouse over links, avoid URLs with “@” signs

Be suspicious of attachments – i.e. .exe, .com, .pif, .bat, .msi, .scr, .zip, .vbs

Requests personal information - Do NOT share personal/sensitive information

Check for mistakes in spelling and grammar – most organizations proofread

Review the signature – generic and lack of detail or contact info

Source: www.returnpath.com


What to do if you receive a Phishing Email?

Report It & Delete It

You should report suspected phishing emails to your local IT support staff or security team immediately

Notify the company, bank, or organization impersonated by the phishing email. Many large companies provide

directions on there websites on how to report phishing.

FTC: Forward phishing emails to [email protected]

APWG: https://apwg.org/report-phishing/

Forward the suspected phishing email to [email protected]

US-CERT: Report phishing emails and sites https://www.us-cert.gov/report-phishing

Forward phishing emails to US-CERT [email protected]

**Remember to include the full email header when reporting phishing emails


So Why Should I Care About Phishing?

We are the first line of defense in successfully detecting

and stopping phishing attacks

We are all phishing targets both at work and at home

Hackers take advantage of the human factor (potential

for human error) by enticing you to click or download.

The bad guys know that careless or untrained employees

are the quickest and easiest way to circumvent even the

best security controls.

Hackers want your personal and financial information,

access to your accounts and your devices. If it has value

on the black-market the hackers want it! Its that simple


Online Phishing Resources

CRI Cyber Security Awareness - Phishing Video: https://youtu.be/wZwxxdXmazs

https://www.staysafeonline.org/

https://www.us-cert.gov/report-phishing

https://apwg.org/

http://www.consumer.ftc.gov/articles/0003-phishing

https://www.phishtank.com/


Q&A

Remember all it takes is ONE click to become a victim of phishing

When in doubt DELETE

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan

Internet

Transcript of How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan