Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.
Email phishing: techniques, tools, defense
Transcript of Email phishing: techniques, tools, defense
Same emailing techniques used for SPAM
What is phishing?
Mass phishing and targeted phishing are two different things!!
The attacker induces an
by masquerading as a reputable source
How to fight phishing
Targeted ransomware (hospitals)
"Nigerian" scam schemes
Personal information gathered from social networks or
other sources. Accurate and credible messages.
A message that grabs your attention
CALL TO ACTION!!
Your account has been canceled
Money has been widthrawn from your account
Mailbox quota exceeded
Apple ID disabled
Incredible offer / win
Social interaction / sex
Click on this link
Perform a bank transaction
Provide personal information
Many phishing tools are available
Valuable to train users
Our test with the open source framework
2016 Libra Esva Partner event:
We created and launched an email phishing campaign
Target: induce the victim to click on the link
How: a fake LinkedIN contact request
Just a click on the link? Really???
As an example, here are the Remote Code Execution
fixes released just the previous week:
● MS16-064: flash - win 8 and 10
● MS16-067: windows shell – win 8 and 10
● MS16-055: graphics compontent – from Vista to 10
● MS16-053: JScript and VBscript – from Vista to 2008
● MS16-052: Edge – Win 10
● MS16-051: Explorer – from Vista to 10
All of these vulnerabilities just require a click.
Our phishing email
44 emails sent
24 opened 54% OR
18 clicks 75% CTR
40% of the targets clicked on the link
An it was a security-literate audience!!
How can we fight phishing?
Phishing is a real danger
It is affordable
Standard spam fighting techniques are not enough
AV engines, filename and filetype policies, nested archive scanning, are important but ...
Updates released within 1 hour
Automatic live upate
Protection even after email delivery
Very effective for new phishing campaigns
Provides valuable feedback to ESVA appliance
Rodolfo Saccani email@example.com
currently blocking 3% of clicked urls
Real-Time landing page analysis
Follows all the redirects
Analysis of intermediate pages
Check black&white lists
Check for know malware
Check for suspect behavior
Hundreds of millions of €
Ransomware As A Service
Over 100 new families discovered last year
Mostly delivered via email
Bank account credentials
In particular: email credentials