Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Email phishing: techniques, tools, defense

by

Rodolfo Saccani

on 15 March 2017

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Email phishing: techniques, tools, defense

Tools
Email Phishing
Mass
.
Phishing techniques
Phishing
Ransomware
Same emailing techniques used for SPAM
What is phishing?
Mass phishing and targeted phishing are two different things!!
A
fraud
perpetrated through
deception
The attacker induces an
action
by masquerading as a reputable source
Profitable
Because e-mailing
is basically
FREE
How to fight phishing
Spearphishing
Industrial espionage
Targeted ransomware (hospitals)
Identity fraud
Techniques
Defense
Financial frauds
"Nigerian" scam schemes
Infections
Money stealing
Personal information gathered from social networks or
other sources. Accurate and credible messages.
A message that grabs your attention
Urgency
CALL TO ACTION!!
Your account has been canceled
Money has been widthrawn from your account
Mailbox quota exceeded
Apple ID disabled
Incredible offer / win
Social interaction / sex
Click on this link
Perform a bank transaction
Provide personal information
Download/run malware
Phishing tools
Many phishing tools are available
Valuable to train users
Our test with the open source framework
gophish
2016 Libra Esva Partner event:
We created and launched an email phishing campaign
Target: induce the victim to click on the link
How: a fake LinkedIN contact request
Just a click on the link? Really???
As an example, here are the Remote Code Execution
fixes released just the previous week:

● MS16-064: flash - win 8 and 10
● MS16-067: windows shell – win 8 and 10
● MS16-055: graphics compontent – from Vista to 10
● MS16-053: JScript and VBscript – from Vista to 2008
● MS16-052: Edge – Win 10
● MS16-051: Explorer – from Vista to 10

All of these vulnerabilities just require a click.
Our phishing email
Landing page
Targets
Results
44 emails sent
24 opened 54% OR
18 clicks 75% CTR
40% of the targets clicked on the link
An it was a security-literate audience!!
How can we fight phishing?
Phishing is a real danger
It is affordable
and effective
Standard spam fighting techniques are not enough
AV engines, filename and filetype policies, nested archive scanning, are important but ...
Quick
detection
and
reaction
is crucial
Collaborative detection
ESVA Labs
Expert analysis
Updates released within 1 hour
Automatic live upate
URI Sandbox
Protection even after email delivery
Very effective for new phishing campaigns
Provides valuable feedback to ESVA appliance
Rodolfo Saccani rodolfo.saccani@libraesva.com
currently blocking 3% of clicked urls
HOW?

Real-Time landing page analysis
Follows all the redirects
Analysis of intermediate pages
Check black&white lists
Check for know malware
Check for suspect behavior
Cloud based
Hundreds of millions of €
Ransomware As A Service
Over 100 new families discovered last year
Mostly delivered via email
Identity fraud
Bank account credentials
Virus
Botnets
Trojans
In particular: email credentials
Full transcript