SlideShare ist ein Scribd-Unternehmen logo

Spear Phishing Attacks

‱
‱
n|u - The Open Security Community
n|u - The Open Security Community

null Hyderabad Chapter - May 2014 Meet

BildungNews & PolitikTechnologie
1 von 12
Downloaden Sie, um offline zu lesen
May 17, 2014 Spear Phishing Attack -Hari V
Phishing is a social engineering tactic where the attacker attempts to get a user to divulge sensitive information (like username/password, bank account number, personal information, etc.) or go to a malicious website where such information can be harvested. It uses "bait" such as telling the user that they are their bank asking for the information or posing as some other authority like the system administrator. Usually it is delivered by email or Instant Messenger. Spear phishing is a subset of phishing. Whereas general phishing targets a wide range of people trying to get some of them to divulge general information, spear phishing targets key individuals who are expected to have very special access or information that the attacker wants. It could be a company executive or a military officer. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Topics Covered 5/13/2014
 Spear Phishing is easiest and direct method to breach highly secured networks.  Phishing attacks are very common in nature and many of systems and networks has enabled defense mechanism.  Success rate is very high as user knows about the phishing attacks and unaware of spear phishing attacks.  Spear Phishing is part of social engineering.  No Cost at all, No tracking back. Increased usage of social networking made it very easy and reliable to hackers - Personal data, co- employees, locations, phone numbers , email ids. 5/13/2014
 Performing Reconnaissance  Scanning and enumeration  Gaining access  Escalation of privilege  Maintaining access  Covering tracks and placing backdoors 5/13/2014
 It by passes all the traditional attack methodology .  Gets direct front door entrance access. = There is no patch for human Mistakes. 5/17/2014
It just by Email /link/attachment same as Phishing, the only difference is , this attack is specific to targeted domains and targets victims. Targeted Email From some you trust (Patient attacker) About something your interest, like, trust. 5/13/2014
Attacker gains all the knowledge about victim (user/company) , this knowledge includes his/her likes, dislikes, Interests, Favorites, Hobbies ,Personal information, Address etc. Where does attacker gets all this info from ? Well, every one knows this answer. 1) Social networking sites 2) Blog 3) Job Portals 4) Matrimonial sites 5) Social engineering 5/13/2014
Now attacker creates email similar to victims team mate/supervisor/MD of company etc. email in different domains. Below are few examples. 1) victimfullname@email.com 2) Victimname.dob@email.com 3) Victimpetname.city@email.com 4) Vicitmname.company@email.com Real time example :- 5/13/2014
Attackers send the email to which phishing link using all the social engineering knowledge gained. Most of the common scenarios, victim thinks that email is from his friends/teammates/boss. This is how attacker gains the trust of victim. 5/13/2014
 Never use your personal email for work purpose.  Add Spear Phishing as part of your regular VAPT activity.  Establish Policy and best practices for email usage.  Block all the emails other than self domains ?? 5/13/2014
 http://wiki.answers.com/Q/What_is_the_difference_between_phishin g_and_spear_fishing
Thank you Impossible is later called as miracle, its all about how you look at it. – Hari

Empfohlen

Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacksJorge Luis Sierra
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 

Empfohlen

Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacksJorge Luis Sierra
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security pptCH Asim Zubair
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Firmex
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsCybersecurity Education and Research Centre
 

Weitere Àhnliche Inhalte

Was ist angesagt?

PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security pptCH Asim Zubair
 

Was ist angesagt? (20)

PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing
PhishingPhishing
Phishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Phishing
PhishingPhishing
Phishing
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Phishing
PhishingPhishing
Phishing
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Phishing
PhishingPhishing
Phishing
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Phishing
PhishingPhishing
Phishing
 

Andere mochten auch

Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Firmex
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsCybersecurity Education and Research Centre
 
Crouching Powerpoint, Hidden Trojan
Crouching Powerpoint, Hidden TrojanCrouching Powerpoint, Hidden Trojan
Crouching Powerpoint, Hidden Trojanguest17b7c7
 
Understanding APT1 malware techniques using malware analysis and reverse engi...
Understanding APT1 malware techniques using malware analysis and reverse engi...Understanding APT1 malware techniques using malware analysis and reverse engi...
Understanding APT1 malware techniques using malware analysis and reverse engi...Cysinfo Cyber Security Community
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 

Andere mochten auch (6)

Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?Spear Phishing: Who’s Getting Caught?
Spear Phishing: Who’s Getting Caught?
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
 
Crouching Powerpoint, Hidden Trojan
Crouching Powerpoint, Hidden TrojanCrouching Powerpoint, Hidden Trojan
Crouching Powerpoint, Hidden Trojan
 
Titan Rain
Titan RainTitan Rain
Titan Rain
 
Understanding APT1 malware techniques using malware analysis and reverse engi...
Understanding APT1 malware techniques using malware analysis and reverse engi...Understanding APT1 malware techniques using malware analysis and reverse engi...
Understanding APT1 malware techniques using malware analysis and reverse engi...
 
Cyber security
Cyber securityCyber security
Cyber security
 

Ähnlich wie Spear Phishing Attacks

E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detectionijtsrd
 
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptxWPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptxWestern Pacific University
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Okan YILDIZ
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Software Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptSoftware Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptPramodAlfred
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigationNimishaRawat
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptxMohammedYaseen638128
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing AttacksRapid7
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptxMouradAKenk
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 

Ähnlich wie Spear Phishing Attacks (20)

E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptxWPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
WPU ICC Template-2 ... Topic. 2.1.4 Methods Infiltration.pptx
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
Phishing, Smishing and vishing_ How these cyber attacks work and how to preve...
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Software Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptSoftware Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.ppt
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigation
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptx
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

KĂŒrzlich hochgeladen

Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Visit to a blind student's school🧑‍🩯🧑‍🩯(community medicine)
Visit to a blind student's school🧑‍🩯🧑‍🩯(community medicine)Visit to a blind student's school🧑‍🩯🧑‍🩯(community medicine)
Visit to a blind student's school🧑‍🩯🧑‍🩯(community medicine)lakshayb543
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
HỌC TỐT TIáșŸNG ANH 11 THEO CHÆŻÆ NG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIáșŸT - Cáșą NĂ...
HỌC TỐT TIáșŸNG ANH 11 THEO CHÆŻÆ NG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIáșŸT - Cáșą NĂ...HỌC TỐT TIáșŸNG ANH 11 THEO CHÆŻÆ NG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIáșŸT - Cáșą NĂ...
HỌC TỐT TIáșŸNG ANH 11 THEO CHÆŻÆ NG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIáșŸT - Cáșą NĂ...Nguyen Thanh Tu Collection
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 

KĂŒrzlich hochgeladen (20)

Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Visit to a blind student's school🧑‍🩯🧑‍🩯(community medicine)
Visit to a blind student's school🧑‍🩯🧑‍🩯(community medicine)Visit to a blind student's school🧑‍🩯🧑‍🩯(community medicine)
Visit to a blind student's school🧑‍🩯🧑‍🩯(community medicine)
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
HỌC TỐT TIáșŸNG ANH 11 THEO CHÆŻÆ NG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIáșŸT - Cáșą NĂ...
HỌC TỐT TIáșŸNG ANH 11 THEO CHÆŻÆ NG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIáșŸT - Cáșą NĂ...HỌC TỐT TIáșŸNG ANH 11 THEO CHÆŻÆ NG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIáșŸT - Cáșą NĂ...
HỌC TỐT TIáșŸNG ANH 11 THEO CHÆŻÆ NG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIáșŸT - Cáșą NĂ...
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 

Spear Phishing Attacks

  • 1. May 17, 2014 Spear Phishing Attack -Hari V
  • 2. Phishing is a social engineering tactic where the attacker attempts to get a user to divulge sensitive information (like username/password, bank account number, personal information, etc.) or go to a malicious website where such information can be harvested. It uses "bait" such as telling the user that they are their bank asking for the information or posing as some other authority like the system administrator. Usually it is delivered by email or Instant Messenger. Spear phishing is a subset of phishing. Whereas general phishing targets a wide range of people trying to get some of them to divulge general information, spear phishing targets key individuals who are expected to have very special access or information that the attacker wants. It could be a company executive or a military officer. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Topics Covered 5/13/2014
  • 3.  Spear Phishing is easiest and direct method to breach highly secured networks.  Phishing attacks are very common in nature and many of systems and networks has enabled defense mechanism.  Success rate is very high as user knows about the phishing attacks and unaware of spear phishing attacks.  Spear Phishing is part of social engineering.  No Cost at all, No tracking back. Increased usage of social networking made it very easy and reliable to hackers - Personal data, co- employees, locations, phone numbers , email ids. 5/13/2014
  • 4.  Performing Reconnaissance  Scanning and enumeration  Gaining access  Escalation of privilege  Maintaining access  Covering tracks and placing backdoors 5/13/2014
  • 5.  It by passes all the traditional attack methodology .  Gets direct front door entrance access. = There is no patch for human Mistakes. 5/17/2014
  • 6. It just by Email /link/attachment same as Phishing, the only difference is , this attack is specific to targeted domains and targets victims. Targeted Email From some you trust (Patient attacker) About something your interest, like, trust. 5/13/2014
  • 7. Attacker gains all the knowledge about victim (user/company) , this knowledge includes his/her likes, dislikes, Interests, Favorites, Hobbies ,Personal information, Address etc. Where does attacker gets all this info from ? Well, every one knows this answer. 1) Social networking sites 2) Blog 3) Job Portals 4) Matrimonial sites 5) Social engineering 5/13/2014
  • 8. Now attacker creates email similar to victims team mate/supervisor/MD of company etc. email in different domains. Below are few examples. 1) victimfullname@email.com 2) Victimname.dob@email.com 3) Victimpetname.city@email.com 4) Vicitmname.company@email.com Real time example :- 5/13/2014
  • 9. Attackers send the email to which phishing link using all the social engineering knowledge gained. Most of the common scenarios, victim thinks that email is from his friends/teammates/boss. This is how attacker gains the trust of victim. 5/13/2014
  • 10.  Never use your personal email for work purpose.  Add Spear Phishing as part of your regular VAPT activity.  Establish Policy and best practices for email usage.  Block all the emails other than self domains ?? 5/13/2014
  • 12. Thank you Impossible is later called as miracle, its all about how you look at it. – Hari