Gone Phishing

Gone Phishing A LOOK INTO PHISHING CAMPAIGNS Presented by Grant
Boudreau (SRSB)

OffSec

Audience Question Period BECAUSE WE MAY HAVE JUST MET… HI
=)

Audience Question Period • Phishing Campaigns • Black/White Hat •
Kali Linux • Remote Command Execution • Privilege Escalation • DEP/ASLR

Security Priorities LET’S MAKE A LIST… AND BY MAKE, I
MEAN GOOGLE IT…

Security Priorities (From Google’s Security Blog) SECURITY NON-EXPERTS • 1)
Use Antivirus • 2) Use Strong Passwords • 3) Change Passwords Frequently • 4) Only Visit Websites They Know • 5) Don’t Share Personal Information SECURITY EXPERTS • 1) Install Software Updates • 2) Use Unique Passwords • 3) Use Two-Factor Authentication • 4) Use Strong Passwords • 5) Use a Password Manager https://security.googleblog.com/2015/07/new-research-comparing-how-security.html

Phishing I THOUGHT YOU SAID THIS PRESENTATION WAS ABOUT PHISHING…

Phishing DEFINITION • A scam by which an e-mail user
is duped into revealing personal or confidential information which the scammer can use illicitly source: https://www.merriam-webster.com/dictionary/phishing

Phishing DEFINITION • A scam by which an e-mail user
is duped into revealing personal or confidential information which the scammer can use illicitly source: https://www.merriam-webster.com/dictionary/phishing • A scam by which an e-mail, SMS, phone user is duped into revealing personal or confidential information which the scammer can use illicitly

Victim Story 1 BRENDA AND FERNANDO AFONSO OF NS LOST
$3,000

Victim Story 1 source: http://www.cbc.ca/news/canada/nova-scotia/criminals-phishing-banks-fraud-scotiabank-infoalerts-scene-1.4017269 SCAM • Fraudsters replicated a
SMS message mimicking Scotiabank's InfoAlerts • Brenda and Fernando responded to the SMS message and lost $3000 • Bank insurance won’t cover it because they willingly gave their information away

Victim Story 2 SRSB’S RUN IN WITH PHISHING SCAMS

Victim Story 2

How to Fight Phishing PUT ‘EM UP

How to Fight Phishing • Phishing Awareness Training • Hardware
(Firewalls, Mail Gateways, etc.) • Software (AntiVirus, AntiMalware, etc.) There is no 100% foolproof option

Hack Demo – Bypassing AV

Open Discussion Period

Thank you!

Gone Phishing

Gone Phishing

drifter666

More Decks by drifter666

Other Decks in Technology

Featured

Transcript

Gone Phishing A LOOK INTO PHISHING CAMPAIGNS Presented by Grant

OffSec

Audience Question Period BECAUSE WE MAY HAVE JUST MET… HI

Audience Question Period • Phishing Campaigns • Black/White Hat •

Security Priorities LET’S MAKE A LIST… AND BY MAKE, I

Security Priorities (From Google’s Security Blog) SECURITY NON-EXPERTS • 1)

Phishing I THOUGHT YOU SAID THIS PRESENTATION WAS ABOUT PHISHING…

Phishing DEFINITION • A scam by which an e-mail user

Phishing DEFINITION • A scam by which an e-mail user

Victim Story 1 BRENDA AND FERNANDO AFONSO OF NS LOST

Victim Story 1 source: http://www.cbc.ca/news/canada/nova-scotia/criminals-phishing-banks-fraud-scotiabank-infoalerts-scene-1.4017269 SCAM • Fraudsters replicated a

Victim Story 2 SRSB’S RUN IN WITH PHISHING SCAMS

Victim Story 2

Victim Story 2

Victim Story 2

How to Fight Phishing PUT ‘EM UP

How to Fight Phishing • Phishing Awareness Training • Hardware

Hack Demo – Bypassing AV

Open Discussion Period

Thank you!