SlideShare une entreprise Scribd logo

Spear Phishing Attacks

n|u - The Open Security Community
n|u - The Open Security Community

null Hyderabad Chapter - May 2014 Meet

FormationActualités & PolitiqueTechnologie
1  sur  12
Télécharger pour lire hors ligne
May 17, 2014 Spear Phishing Attack -Hari V
Phishing is a social engineering tactic where the attacker attempts to get a user to divulge sensitive information (like username/password, bank account number, personal information, etc.) or go to a malicious website where such information can be harvested. It uses "bait" such as telling the user that they are their bank asking for the information or posing as some other authority like the system administrator. Usually it is delivered by email or Instant Messenger. Spear phishing is a subset of phishing. Whereas general phishing targets a wide range of people trying to get some of them to divulge general information, spear phishing targets key individuals who are expected to have very special access or information that the attacker wants. It could be a company executive or a military officer. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Topics Covered 5/13/2014
 Spear Phishing is easiest and direct method to breach highly secured networks.  Phishing attacks are very common in nature and many of systems and networks has enabled defense mechanism.  Success rate is very high as user knows about the phishing attacks and unaware of spear phishing attacks.  Spear Phishing is part of social engineering.  No Cost at all, No tracking back. Increased usage of social networking made it very easy and reliable to hackers - Personal data, co- employees, locations, phone numbers , email ids. 5/13/2014
 Performing Reconnaissance  Scanning and enumeration  Gaining access  Escalation of privilege  Maintaining access  Covering tracks and placing backdoors 5/13/2014
 It by passes all the traditional attack methodology .  Gets direct front door entrance access. = There is no patch for human Mistakes. 5/17/2014
It just by Email /link/attachment same as Phishing, the only difference is , this attack is specific to targeted domains and targets victims. Targeted Email From some you trust (Patient attacker) About something your interest, like, trust. 5/13/2014
Attacker gains all the knowledge about victim (user/company) , this knowledge includes his/her likes, dislikes, Interests, Favorites, Hobbies ,Personal information, Address etc. Where does attacker gets all this info from ? Well, every one knows this answer. 1) Social networking sites 2) Blog 3) Job Portals 4) Matrimonial sites 5) Social engineering 5/13/2014
Now attacker creates email similar to victims team mate/supervisor/MD of company etc. email in different domains. Below are few examples. 1) victimfullname@email.com 2) Victimname.dob@email.com 3) Victimpetname.city@email.com 4) Vicitmname.company@email.com Real time example :- 5/13/2014
Attackers send the email to which phishing link using all the social engineering knowledge gained. Most of the common scenarios, victim thinks that email is from his friends/teammates/boss. This is how attacker gains the trust of victim. 5/13/2014
 Never use your personal email for work purpose.  Add Spear Phishing as part of your regular VAPT activity.  Establish Policy and best practices for email usage.  Block all the emails other than self domains ?? 5/13/2014
 http://wiki.answers.com/Q/What_is_the_difference_between_phishin g_and_spear_fishing
Thank you Impossible is later called as miracle, its all about how you look at it. – Hari

Recommandé

Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacks
Jorge Luis Sierra
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Phishing
PhishingPhishing
Phishing
Alka Falwaria
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
Preeti Papneja
 
Bug Bounty Secrets
Bug Bounty Secrets Bug Bounty Secrets
Bug Bounty Secrets
n|u - The Open Security Community
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 

Recommandé

Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacks
Jorge Luis Sierra
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Phishing
PhishingPhishing
Phishing
Alka Falwaria
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
Preeti Papneja
 
Bug Bounty Secrets
Bug Bounty Secrets Bug Bounty Secrets
Bug Bounty Secrets
n|u - The Open Security Community
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
MohammedYaseen638128
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Bug bounty
Bug bountyBug bounty
Bug bounty
n|u - The Open Security Community
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
Kandarp Shah
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
William Gregorian
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Teaching Your Staff About Phishing
Teaching Your Staff About PhishingTeaching Your Staff About Phishing
Teaching Your Staff About Phishing
Legal Services National Technology Assistance Project (LSNTAP)
 
Cyber security threats and trends
Cyber security threats and trendsCyber security threats and trends
Cyber security threats and trends
Hadeel Sadiq Obaid
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?
Firmex
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Cybersecurity Education and Research Centre
 

Contenu connexe

Tendances

Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 

Tendances (20)

Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
Phishing
PhishingPhishing
Phishing
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Teaching Your Staff About Phishing
Teaching Your Staff About PhishingTeaching Your Staff About Phishing
Teaching Your Staff About Phishing
 
Cyber security threats and trends
Cyber security threats and trendsCyber security threats and trends
Cyber security threats and trends
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 

En vedette

Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Cybersecurity Education and Research Centre
 

En vedette (6)

Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
 
Crouching Powerpoint, Hidden Trojan
Crouching Powerpoint, Hidden TrojanCrouching Powerpoint, Hidden Trojan
Crouching Powerpoint, Hidden Trojan
 
Titan Rain
Titan RainTitan Rain
Titan Rain
 
Understanding APT1 malware techniques using malware analysis and reverse engi...
Understanding APT1 malware techniques using malware analysis and reverse engi...Understanding APT1 malware techniques using malware analysis and reverse engi...
Understanding APT1 malware techniques using malware analysis and reverse engi...
 
Cyber security
Cyber securityCyber security
Cyber security
 

Similaire à Spear Phishing Attacks

E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
ijtsrd
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
Zeno Idzerda
 

Similaire à Spear Phishing Attacks (20)

E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptxWPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Software Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptSoftware Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.ppt
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigation
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptx
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 

Plus de n|u - The Open Security Community

Plus de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Dernier

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
SanaAli374401
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 

Dernier (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 

Spear Phishing Attacks

  • 1. May 17, 2014 Spear Phishing Attack -Hari V
  • 2. Phishing is a social engineering tactic where the attacker attempts to get a user to divulge sensitive information (like username/password, bank account number, personal information, etc.) or go to a malicious website where such information can be harvested. It uses "bait" such as telling the user that they are their bank asking for the information or posing as some other authority like the system administrator. Usually it is delivered by email or Instant Messenger. Spear phishing is a subset of phishing. Whereas general phishing targets a wide range of people trying to get some of them to divulge general information, spear phishing targets key individuals who are expected to have very special access or information that the attacker wants. It could be a company executive or a military officer. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Topics Covered 5/13/2014
  • 3.  Spear Phishing is easiest and direct method to breach highly secured networks.  Phishing attacks are very common in nature and many of systems and networks has enabled defense mechanism.  Success rate is very high as user knows about the phishing attacks and unaware of spear phishing attacks.  Spear Phishing is part of social engineering.  No Cost at all, No tracking back. Increased usage of social networking made it very easy and reliable to hackers - Personal data, co- employees, locations, phone numbers , email ids. 5/13/2014
  • 4.  Performing Reconnaissance  Scanning and enumeration  Gaining access  Escalation of privilege  Maintaining access  Covering tracks and placing backdoors 5/13/2014
  • 5.  It by passes all the traditional attack methodology .  Gets direct front door entrance access. = There is no patch for human Mistakes. 5/17/2014
  • 6. It just by Email /link/attachment same as Phishing, the only difference is , this attack is specific to targeted domains and targets victims. Targeted Email From some you trust (Patient attacker) About something your interest, like, trust. 5/13/2014
  • 7. Attacker gains all the knowledge about victim (user/company) , this knowledge includes his/her likes, dislikes, Interests, Favorites, Hobbies ,Personal information, Address etc. Where does attacker gets all this info from ? Well, every one knows this answer. 1) Social networking sites 2) Blog 3) Job Portals 4) Matrimonial sites 5) Social engineering 5/13/2014
  • 8. Now attacker creates email similar to victims team mate/supervisor/MD of company etc. email in different domains. Below are few examples. 1) victimfullname@email.com 2) Victimname.dob@email.com 3) Victimpetname.city@email.com 4) Vicitmname.company@email.com Real time example :- 5/13/2014
  • 9. Attackers send the email to which phishing link using all the social engineering knowledge gained. Most of the common scenarios, victim thinks that email is from his friends/teammates/boss. This is how attacker gains the trust of victim. 5/13/2014
  • 10.  Never use your personal email for work purpose.  Add Spear Phishing as part of your regular VAPT activity.  Establish Policy and best practices for email usage.  Block all the emails other than self domains ?? 5/13/2014
  • 12. Thank you Impossible is later called as miracle, its all about how you look at it. – Hari