How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
-
Upload
controlscan-inc -
Category
Internet
-
view
416 -
download
0
Transcript of How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack
Webinar
October 20th, 2015
Kevin Patel – Sr Director of Information Security, Compliance & IT Risk Mgmt
© ControlScan 2015 2
1) National Cyber Security Awareness Month (NCSAM)
overview
2) Phishing overview
3) By the numbers - phishing stats
4) Which phishing tactics are on the rise and old tactics
that are still working today
5) Anatomy of a phishing email
6) Sample phishing emails – can you spot the phish?
7) What to do if an email appears to be a phishing attempt
8) So why should I care about phishing?
9) Online phishing resources
10) Q&A
Agenda
© ControlScan 2015 3
National Cyber Security Awareness Month (NCSAM)
NCSAM is celebrated every October
2015 marks NCSAM 12th year
A collaborative initiative between the government and industry to promote
online safety awareness
Primary goal of NCSAM is to educate people about the risks of
cybersecurity and provide resources to stay safe and secure online.
ControlScan supports NCSAM and is a champion this year joining a
growing global effort of 400+ colleges and universities, businesses,
government agencies, associations and non-profit organizations
© ControlScan 2015 4
They Didn’t Avoid the Bait
Majority of all the major data breaches
over the past few years have what in
common?
PHISHING was the initial point of entry
The following companies fell for
sophisticated phishing attacks:Target - 110 million records compromised
Anthem – 78.8 million records
JPMC – 83 million records breached
Sony – 102 million records
South Carolina DOR – 8 million records
© ControlScan 2015 5
So What is Phishing?
Phishing is a fraudulent attempt (a type of spam) which is
usually made through email to steal your personal/sensitive
information. Phishing is a psychological attack used by cybercriminals to trick you
into giving up information or taking an action such as clicking on a link,
opening an attachment, or responding to a scam.
Phishing is a common form of social engineering and has
become the preferred method for cybercriminals.
The bad guys spoof legitimate companies and brands that
the email recipient may be familiar with.Image Source: SANS
© ControlScan 2015 6
So What is Phishing? (cont.)
Spear Phishing – Sophisticated highly targeted phishing scam aimed at specific
individuals or groups within an organization (i.e. C-Suite, Accounting, HR or IT)
with the sole purpose of obtaining unauthorized access to sensitive data.
Most popular form of phishing and on the rise.
High-profile individuals are targeted, which is why its referred to as “whaling”.
Spear Phishing makes use of information about a target to make attacks more
specific and targeted. Hackers do their research!
Intent remains the same - to steal intellectual property, financial data, trade or
military secrets and other confidential data.
Vishing – A form of social engineering similar to email phishing but occurs over the
phone primarily using automated voice systems. Instead of sending an e-mail, you receive
a call on your home phone or mobile device, claiming to be from your bank or another
institution you trust, and will request you share sensitive info.
SMiShing – Accomplished through text messages (SMS) via a cell phone or mobile
device by asking you to call a particular number to gain sensitive information or click on a
link that could contain malicious code.
© ControlScan 2015 7
Why is Phishing So Popular with Hackers?
Phishing is a top hacker technique since it is usually the path of least resistance
for the bad guys to get the sensitive data they want without being detected.
Phishing is the No. 1 method to gain unauthorized access and steal data since the
bad guys like to take advantage of human error.
© ControlScan 2015 10
By the Numbers - Phishing Stats
Data/Image Sources:
1. Lireo Designs - The State of Phishing
2. Kaspersky Labs - The Evolution of Phishing Attacks: 2011-2013
3. APWG - Global Phishing Survey: Trends and Domain Names Use in 1H2014
4. http://www.returnpath.com/wp-content/uploads/2015/07/The-Anatomy-of-a-Phishing-Email.pdf
5. http://blog.inspiredelearning.com/wp-content/uploads/2014/04/phishing-infographic-full.jpg
© ControlScan 2015 11
By the Numbers - Phishing Stats (cont.)
Data/Image Sources:
1. Kaspersky Labs - The Evolution of Phishing Attacks: 2011-2013
2. APWG - Global Phishing Survey: Trends and Domain Names Use in 1H2014
3. HP - State of Network Security, August 2014
© ControlScan 2015 12
Anatomy of a Phishing Email
• In order for you to
successfully identify and
combat phishing emails we
must first understand the
anatomy of the email.
• To deceive email recipients
into divulging sensitive
information, cybercriminals
will use a variety of tactics
such as:
Image Source: http://www.returnpath.com/wp-content/uploads/2015/07/The-Anatomy-of-a-Phishing-Email.pdf
© ControlScan 2015 16
Phishing Indicators – Can you spot the phish?
Sent from someone's personal email account
Generic greeting
Grammar and spelling mistakes
Requires immediate action and creates a
sense of urgency
Malicious Link – mouse over to verify link
Generic sender – lack of contact info
Suspicious attachment
Source: SANS – Don’t Get Hooked Poster
© ControlScan 2015 19
Phishing Email Checklist
Don’t believe everything you see – If it sounds to good to be true it usually is.
No, you didn’t just win a $1,000 gift card.
Beware of threatening language or invoking a sense of urgency
Analyze the greeting – generic salutation “Dear Customer” use is a tell-tale sign
Look but do NOT click – mouse over links, avoid URLs with “@” signs
Be suspicious of attachments – i.e. .exe, .com, .pif, .bat, .msi, .scr, .zip, .vbs
Requests personal information - Do NOT share personal/sensitive information
Check for mistakes in spelling and grammar – most organizations proofread
Review the signature – generic and lack of detail or contact info
Source: www.returnpath.com
© ControlScan 2015 20
What to do if you receive a Phishing Email?
Report It & Delete It
You should report suspected phishing emails to your local IT support staff or security team immediately
Notify the company, bank, or organization impersonated by the phishing email. Many large companies provide
directions on there websites on how to report phishing.
FTC: Forward phishing emails to [email protected]
APWG: https://apwg.org/report-phishing/
Forward the suspected phishing email to [email protected]
US-CERT: Report phishing emails and sites https://www.us-cert.gov/report-phishing
Forward phishing emails to US-CERT [email protected]
**Remember to include the full email header when reporting phishing emails
© ControlScan 2015 21
So Why Should I Care About Phishing?
We are the first line of defense in successfully detecting
and stopping phishing attacks
We are all phishing targets both at work and at home
Hackers take advantage of the human factor (potential
for human error) by enticing you to click or download.
The bad guys know that careless or untrained employees
are the quickest and easiest way to circumvent even the
best security controls.
Hackers want your personal and financial information,
access to your accounts and your devices. If it has value
on the black-market the hackers want it! Its that simple
© ControlScan 2015 22
Online Phishing Resources
CRI Cyber Security Awareness - Phishing Video: https://youtu.be/wZwxxdXmazs