SlideShare une entreprise Scribd logo

Spear Phishing Attacks

n|u - The Open Security Community
n|u - The Open Security Community

null Hyderabad Chapter - May 2014 Meet

FormationActualités & PolitiqueTechnologie
1  sur  12
Télécharger pour lire hors ligne
May 17, 2014 Spear Phishing Attack -Hari V
Phishing is a social engineering tactic where the attacker attempts to get a user to divulge sensitive information (like username/password, bank account number, personal information, etc.) or go to a malicious website where such information can be harvested. It uses "bait" such as telling the user that they are their bank asking for the information or posing as some other authority like the system administrator. Usually it is delivered by email or Instant Messenger. Spear phishing is a subset of phishing. Whereas general phishing targets a wide range of people trying to get some of them to divulge general information, spear phishing targets key individuals who are expected to have very special access or information that the attacker wants. It could be a company executive or a military officer. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Topics Covered 5/13/2014
 Spear Phishing is easiest and direct method to breach highly secured networks.  Phishing attacks are very common in nature and many of systems and networks has enabled defense mechanism.  Success rate is very high as user knows about the phishing attacks and unaware of spear phishing attacks.  Spear Phishing is part of social engineering.  No Cost at all, No tracking back. Increased usage of social networking made it very easy and reliable to hackers - Personal data, co- employees, locations, phone numbers , email ids. 5/13/2014
 Performing Reconnaissance  Scanning and enumeration  Gaining access  Escalation of privilege  Maintaining access  Covering tracks and placing backdoors 5/13/2014
 It by passes all the traditional attack methodology .  Gets direct front door entrance access. = There is no patch for human Mistakes. 5/17/2014
It just by Email /link/attachment same as Phishing, the only difference is , this attack is specific to targeted domains and targets victims. Targeted Email From some you trust (Patient attacker) About something your interest, like, trust. 5/13/2014
Attacker gains all the knowledge about victim (user/company) , this knowledge includes his/her likes, dislikes, Interests, Favorites, Hobbies ,Personal information, Address etc. Where does attacker gets all this info from ? Well, every one knows this answer. 1) Social networking sites 2) Blog 3) Job Portals 4) Matrimonial sites 5) Social engineering 5/13/2014
Now attacker creates email similar to victims team mate/supervisor/MD of company etc. email in different domains. Below are few examples. 1) victimfullname@email.com 2) Victimname.dob@email.com 3) Victimpetname.city@email.com 4) Vicitmname.company@email.com Real time example :- 5/13/2014
Attackers send the email to which phishing link using all the social engineering knowledge gained. Most of the common scenarios, victim thinks that email is from his friends/teammates/boss. This is how attacker gains the trust of victim. 5/13/2014
 Never use your personal email for work purpose.  Add Spear Phishing as part of your regular VAPT activity.  Establish Policy and best practices for email usage.  Block all the emails other than self domains ?? 5/13/2014
 http://wiki.answers.com/Q/What_is_the_difference_between_phishin g_and_spear_fishing
Thank you Impossible is later called as miracle, its all about how you look at it. – Hari

Recommandé

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacksJorge Luis Sierra
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 

Recommandé

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacksJorge Luis Sierra
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptxMohammedYaseen638128
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priyapriya_kp03
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Spoofing
SpoofingSpoofing
SpoofingGreater Noida Institute Of Technology
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Firmex
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsCybersecurity Education and Research Centre
 

Contenu connexe

Tendances

Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 

Tendances (20)

Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priya
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
 
Spoofing
SpoofingSpoofing
Spoofing
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 

En vedette

Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Firmex
 
Crouching Powerpoint, Hidden Trojan
Crouching Powerpoint, Hidden TrojanCrouching Powerpoint, Hidden Trojan
Crouching Powerpoint, Hidden Trojanguest17b7c7
 
Understanding APT1 malware techniques using malware analysis and reverse engi...
Understanding APT1 malware techniques using malware analysis and reverse engi...Understanding APT1 malware techniques using malware analysis and reverse engi...
Understanding APT1 malware techniques using malware analysis and reverse engi...Cysinfo Cyber Security Community
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 

En vedette (6)

Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
 
Crouching Powerpoint, Hidden Trojan
Crouching Powerpoint, Hidden TrojanCrouching Powerpoint, Hidden Trojan
Crouching Powerpoint, Hidden Trojan
 
Titan Rain
Titan RainTitan Rain
Titan Rain
 
Understanding APT1 malware techniques using malware analysis and reverse engi...
Understanding APT1 malware techniques using malware analysis and reverse engi...Understanding APT1 malware techniques using malware analysis and reverse engi...
Understanding APT1 malware techniques using malware analysis and reverse engi...
 
Cyber security
Cyber securityCyber security
Cyber security
 

Similaire à Spear Phishing Attacks

E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detectionijtsrd
 
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptxWPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptxWestern Pacific University
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Okan YILDIZ
 
Software Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptSoftware Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptPramodAlfred
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigationNimishaRawat
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing AttacksRapid7
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptxMouradAKenk
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingmentAswani34
 

Similaire à Spear Phishing Attacks (20)

E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptxWPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
 
Software Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptSoftware Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.ppt
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigation
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptx
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

Plus de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Plus de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Dernier

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 

Dernier (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 

Spear Phishing Attacks

  • 1. May 17, 2014 Spear Phishing Attack -Hari V
  • 2. Phishing is a social engineering tactic where the attacker attempts to get a user to divulge sensitive information (like username/password, bank account number, personal information, etc.) or go to a malicious website where such information can be harvested. It uses "bait" such as telling the user that they are their bank asking for the information or posing as some other authority like the system administrator. Usually it is delivered by email or Instant Messenger. Spear phishing is a subset of phishing. Whereas general phishing targets a wide range of people trying to get some of them to divulge general information, spear phishing targets key individuals who are expected to have very special access or information that the attacker wants. It could be a company executive or a military officer. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Topics Covered 5/13/2014
  • 3.  Spear Phishing is easiest and direct method to breach highly secured networks.  Phishing attacks are very common in nature and many of systems and networks has enabled defense mechanism.  Success rate is very high as user knows about the phishing attacks and unaware of spear phishing attacks.  Spear Phishing is part of social engineering.  No Cost at all, No tracking back. Increased usage of social networking made it very easy and reliable to hackers - Personal data, co- employees, locations, phone numbers , email ids. 5/13/2014
  • 4.  Performing Reconnaissance  Scanning and enumeration  Gaining access  Escalation of privilege  Maintaining access  Covering tracks and placing backdoors 5/13/2014
  • 5.  It by passes all the traditional attack methodology .  Gets direct front door entrance access. = There is no patch for human Mistakes. 5/17/2014
  • 6. It just by Email /link/attachment same as Phishing, the only difference is , this attack is specific to targeted domains and targets victims. Targeted Email From some you trust (Patient attacker) About something your interest, like, trust. 5/13/2014
  • 7. Attacker gains all the knowledge about victim (user/company) , this knowledge includes his/her likes, dislikes, Interests, Favorites, Hobbies ,Personal information, Address etc. Where does attacker gets all this info from ? Well, every one knows this answer. 1) Social networking sites 2) Blog 3) Job Portals 4) Matrimonial sites 5) Social engineering 5/13/2014
  • 8. Now attacker creates email similar to victims team mate/supervisor/MD of company etc. email in different domains. Below are few examples. 1) victimfullname@email.com 2) Victimname.dob@email.com 3) Victimpetname.city@email.com 4) Vicitmname.company@email.com Real time example :- 5/13/2014
  • 9. Attackers send the email to which phishing link using all the social engineering knowledge gained. Most of the common scenarios, victim thinks that email is from his friends/teammates/boss. This is how attacker gains the trust of victim. 5/13/2014
  • 10.  Never use your personal email for work purpose.  Add Spear Phishing as part of your regular VAPT activity.  Establish Policy and best practices for email usage.  Block all the emails other than self domains ?? 5/13/2014
  • 12. Thank you Impossible is later called as miracle, its all about how you look at it. – Hari