SlideShare ist ein Scribd-Unternehmen logo

UW School of Medicine Social Engineering and Phishing Awareness

Als PPT, PDF herunterladen
Nicholas Davis
Nicholas Davis

An IT Security presentation I created for faculty and staff of the UW-Madison, School of Medicine, about how to recognize and defend against the threats of complex Phishing and Social Engineering, to protect sensitive digital information.

TechnologieKunst & Fotos
1 von 40
Free Powerpoint Templates Page 1 Free Powerpoint Templates Phishing and Social Engineering Awareness - Nicholas Davis CISA, CISSP Security Architect UW-Madison, Division of Information Technology - 9 – 26 - 2013
Free Powerpoint Templates Page 2 Introduction • Background • Phishing and Social Engineering • History • Types • Examples • Detecting Fraudulent Email • Defending Against Phishing Attacks • Measured Phishing Awareness at DoIT • Samples and Participation Rates • Question and Answer Session
Free Powerpoint Templates Page 3 Social Engineering The art of manipulating people into performing actions or divulging confidential information It is typically trickery or deception for the purpose of information gathering, fraud, or computer system access
Free Powerpoint Templates Page 4 Phishing • Deception • Email • Websites • Facebook status updates • Tweets • Phishing, in the context of the healthcare working environment is extremely dangerous
Free Powerpoint Templates Page 5 Phishing 1995 • Target AOL users • Account passwords=free online time • Threat level: low • Techniques: similar names, such as www.ao1.com for www.aol.com
Free Powerpoint Templates Page 6 Phishling 2001 Target: Ebay and major banks Credit card numbers and account numbers = money Threat level: medium Techniques: Same in 1995
Free Powerpoint Templates Page 7 Phishing 2007 Targets are Paypal, banks, ebay Purpose to steal bank accounts Threat level is high Techniques: browser vulnerabilities, link obfuscation
Free Powerpoint Templates Page 8 Phishing in 2013 • Identity Information • Personal Harm • Blackmail
Free Powerpoint Templates Page 9 Looking In the Mirror • Which types of sensitive information do you have access to? • What about others who share the computer network with you? • Think about the implications associated that data being stolen and exploited!
Free Powerpoint Templates Page 10 What Phishing Looks Like • As scam artists become more sophisticated, so do their phishing e- mail messages and pop-up windows. • They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.
Free Powerpoint Templates Page 11 Techniques For Phishing • Employ visual elements from target site • DNS Tricks: • www.ebay.com.kr • www.ebay.com@192.168.0.5 • www.gooogle.com • Unicode attacks • JavaScript Attacks • Spoofed SSL lock Certificates • Phishers can acquire certificates for domains they own • Certificate authorities make mistakes
Free Powerpoint Templates Page 12 Social Engineering Techniques • Socially aware attacks • Mine social relationships from public data • Phishing email appears to arrive from someone known to the victim • Use spoofed identity of trusted organization to gain trust • Urge victims to update or validate their account • Threaten to terminate the account if the victims not reply • Use gift or bonus as a bait • Security promises
Free Powerpoint Templates Page 13 Remember These Social Engineering Techniques Often employed in Phishing seem more real, urgent or to lower your guard of trust Threats – Do this or else! Authority – I have the authority to ask this Promises – If you do this, you will get $$$ Praise – You deserve this
Free Powerpoint Templates Page 14 Other Phishing Techniques Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to the victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises
Free Powerpoint Templates Page 15 Let’s Talk About Facebook • So important, it gets its own slide! • Essentially unauthenticated – discussion • Three friends and you’re out! - discussion • Privacy settings mean nothing – discussion • Treasure Trove of identity information • Games as information harvesters
Free Powerpoint Templates Page 16 Socially Aware
Free Powerpoint Templates Page 17 Context Aware “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!”
Free Powerpoint Templates Page 18 Seems Suspicious
Free Powerpoint Templates Page 19 Social Engineering Methods 419 Scam Nigerian Email Spanish Prisoner
Free Powerpoint Templates Page 20 Too Good to be True
Free Powerpoint Templates Page 21 Detecting Fraudulent Email Information requested is inappropriate for the channel of communication: "Verify your account."nobody should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. Urgency and potential penalty or loss are implied: "If you don't respond within 48 hours, your account will be closed.”
Free Powerpoint Templates Page 22 Detecting Fraudulent Email "Dear Valued Customer."Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
Free Powerpoint Templates Page 23 Dectecting Fraudulent Email "Click the link below to gain access to your account.“ This is an example or URL Masking (hiding the web address) URL alteration www.micosoft.com www.mircosoft.com www.verify-microsoft.com
Free Powerpoint Templates Page 24 How to Defend Against Phishing Attacks •Never respond to an email asking for personal information • Always check the site to see if it is secure (SSL lock) • Look for misspellings or errors in grammar • Never click on the link on the email. Enter the web address manually • Keep your browser updated • Keep antivirus definitions updated • Use a firewall • When in doubt, ask your Network Administrator for their opinion
Free Powerpoint Templates Page 25 A Note on Spear Phishing • Designed especially for you • Includes your name • May reference an environment or issue you are aware of and familiar with • Asks for special treatment, with justification for the request
Free Powerpoint Templates Page 26 Don’t Touch That QR Code Curiousity Is Dangerous
Free Powerpoint Templates Page 27 Other Techniques An ocean of Phishing techniques •Clone Phishing - Discussion •Whaling - Discussion •Filter Evasion - Discussion •Phone Phishing - Discussion •Tabnabbing - Discussion •Evil Twins - Discussion
Free Powerpoint Templates Page 28 Social Engineering Trojans
Free Powerpoint Templates Page 29 Baiting Hey, look! A free USB drive! I wonder what is on this confidential CD which I found in the bathroom? These are vectors for malware! Play on your curiousity or desire to get something for nothing Don’t be a piggy!
Free Powerpoint Templates Page 30 Out of Office Out of Control Using the Out of Office responder in a responsible manner
Free Powerpoint Templates Page 31 Phishing Awareness at DoIT DoIT staff undergo formal Security Awareness training every year Reading is one thing, experiencing is another We wanted some real measurements Purchased a product which enabled us to run measured phishing campaigns Eight campaigns over the past year, from simple to complex
Free Powerpoint Templates Page 32 Fidlety - Simple
Free Powerpoint Templates Page 33 Liked-In – A Little Harder
Free Powerpoint Templates Page 34 Faceblock Friends - Tricky
Free Powerpoint Templates Page 35 A Coupon From The Home Despot
Free Powerpoint Templates Page 36 A New Kitchen At Work
Free Powerpoint Templates Page 37 Dr. Jekyll – Or Mr. Hyde? The Crown Jewel!
Free Powerpoint Templates Page 38 Results Average industry end user “participation rate” is 14% Can you guess what our participation rate was? The more familiar the subject matter, the more likely people are to let their guard down
Free Powerpoint Templates Page 39 Summary Technology does not provide all the answers Think of Phishing every time you open an email Remember, Social Engineering happens everywhere, not just at St. Elsewhere
Free Powerpoint Templates Page 40 Questions and Discussion Nicholas Davis ndavis1@wisc.edu facebook.com/nicholas.a.davis

Empfohlen

Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 

Empfohlen

Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacksmasoud khademi
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringSpencerBurton8
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0Murray Security Services
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishingthecorrosiveone
 

Weitere ähnliche Inhalte

Was ist angesagt?

Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacksmasoud khademi
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 

Was ist angesagt? (20)

Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacks
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
social engineering
social engineering social engineering
social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 

Andere mochten auch

Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishingthecorrosiveone
 
Geovon TECH621 Presentation
Geovon TECH621 PresentationGeovon TECH621 Presentation
Geovon TECH621 PresentationGeovon
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber SecurityAyoma Wijethunga
 
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...Aurum Radiance
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseStephan Chenette
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking peopleTudor Damian
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Andere mochten auch (16)

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishing
 
Geovon TECH621 Presentation
Geovon TECH621 PresentationGeovon TECH621 Presentation
Geovon TECH621 Presentation
 
Cyber war
Cyber warCyber war
Cyber war
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
 
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Information Warfare
Information WarfareInformation Warfare
Information Warfare
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Ähnlich wie UW School of Medicine Social Engineering and Phishing Awareness

IT Security for Healthcare Professionals
IT Security for Healthcare ProfessionalsIT Security for Healthcare Professionals
IT Security for Healthcare ProfessionalsNicholas Davis
 
It Security For Healthcare
It Security For HealthcareIt Security For Healthcare
It Security For HealthcareNicholas Davis
 
It Security For Healthcare
It Security For HealthcareIt Security For Healthcare
It Security For HealthcareNicholas Davis
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentNicholas Davis
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentNicholas Davis
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxLaurieAnnFrazier
 
Webinar: How to avoid the 12 Scams of Christmas
Webinar: How to avoid the 12 Scams of ChristmasWebinar: How to avoid the 12 Scams of Christmas
Webinar: How to avoid the 12 Scams of ChristmasAbilityNet
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
2015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_0920152015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_092015Pete Pouridis
 
10 online privacy module samedit1
10 online privacy module samedit110 online privacy module samedit1
10 online privacy module samedit1Rozell Sneede
 
Breakfast Briefings - February 2018
Breakfast Briefings - February 2018Breakfast Briefings - February 2018
Breakfast Briefings - February 2018PKF Francis Clark
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Justin Denton
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane Hazimeh
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane Hazimeh
 
Building Trust in the Digital Age
Building Trust in the Digital AgeBuilding Trust in the Digital Age
Building Trust in the Digital AgeMarian Merritt
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayanehaz
 
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social MediaAsset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social MediaHelen Levinson
 

Ähnlich wie UW School of Medicine Social Engineering and Phishing Awareness (20)

IT Security for Healthcare Professionals
IT Security for Healthcare ProfessionalsIT Security for Healthcare Professionals
IT Security for Healthcare Professionals
 
It Security For Healthcare
It Security For HealthcareIt Security For Healthcare
It Security For Healthcare
 
It Security For Healthcare
It Security For HealthcareIt Security For Healthcare
It Security For Healthcare
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptx
 
Webinar: How to avoid the 12 Scams of Christmas
Webinar: How to avoid the 12 Scams of ChristmasWebinar: How to avoid the 12 Scams of Christmas
Webinar: How to avoid the 12 Scams of Christmas
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
2015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_0920152015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_092015
 
10 online privacy module samedit1
10 online privacy module samedit110 online privacy module samedit1
10 online privacy module samedit1
 
10 online privacy module samedit1
10 online privacy module samedit110 online privacy module samedit1
10 online privacy module samedit1
 
Breakfast Briefings - February 2018
Breakfast Briefings - February 2018Breakfast Briefings - February 2018
Breakfast Briefings - February 2018
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
 
Building Trust in the Digital Age
Building Trust in the Digital AgeBuilding Trust in the Digital Age
Building Trust in the Digital Age
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
 
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social MediaAsset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
 

Mehr von Nicholas Davis

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development MethodologiesNicholas Davis
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Nicholas Davis
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewNicholas Davis
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets PersonalNicholas Davis
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectNicholas Davis
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing EducationNicholas Davis
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An OverviewNicholas Davis
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNicholas Davis
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Nicholas Davis
 

Mehr von Nicholas Davis (20)

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support Systems
 
Lecture blockchain
Lecture blockchainLecture blockchain
Lecture blockchain
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development Methodologies
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things Overview
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team Project
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing Education
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An Overview
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security Implications
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
 

Kürzlich hochgeladen

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Kürzlich hochgeladen (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

UW School of Medicine Social Engineering and Phishing Awareness

  • 1. Free Powerpoint Templates Page 1 Free Powerpoint Templates Phishing and Social Engineering Awareness - Nicholas Davis CISA, CISSP Security Architect UW-Madison, Division of Information Technology - 9 – 26 - 2013
  • 2. Free Powerpoint Templates Page 2 Introduction • Background • Phishing and Social Engineering • History • Types • Examples • Detecting Fraudulent Email • Defending Against Phishing Attacks • Measured Phishing Awareness at DoIT • Samples and Participation Rates • Question and Answer Session
  • 3. Free Powerpoint Templates Page 3 Social Engineering The art of manipulating people into performing actions or divulging confidential information It is typically trickery or deception for the purpose of information gathering, fraud, or computer system access
  • 4. Free Powerpoint Templates Page 4 Phishing • Deception • Email • Websites • Facebook status updates • Tweets • Phishing, in the context of the healthcare working environment is extremely dangerous
  • 5. Free Powerpoint Templates Page 5 Phishing 1995 • Target AOL users • Account passwords=free online time • Threat level: low • Techniques: similar names, such as www.ao1.com for www.aol.com
  • 6. Free Powerpoint Templates Page 6 Phishling 2001 Target: Ebay and major banks Credit card numbers and account numbers = money Threat level: medium Techniques: Same in 1995
  • 7. Free Powerpoint Templates Page 7 Phishing 2007 Targets are Paypal, banks, ebay Purpose to steal bank accounts Threat level is high Techniques: browser vulnerabilities, link obfuscation
  • 8. Free Powerpoint Templates Page 8 Phishing in 2013 • Identity Information • Personal Harm • Blackmail
  • 9. Free Powerpoint Templates Page 9 Looking In the Mirror • Which types of sensitive information do you have access to? • What about others who share the computer network with you? • Think about the implications associated that data being stolen and exploited!
  • 10. Free Powerpoint Templates Page 10 What Phishing Looks Like • As scam artists become more sophisticated, so do their phishing e- mail messages and pop-up windows. • They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.
  • 11. Free Powerpoint Templates Page 11 Techniques For Phishing • Employ visual elements from target site • DNS Tricks: • www.ebay.com.kr • www.ebay.com@192.168.0.5 • www.gooogle.com • Unicode attacks • JavaScript Attacks • Spoofed SSL lock Certificates • Phishers can acquire certificates for domains they own • Certificate authorities make mistakes
  • 12. Free Powerpoint Templates Page 12 Social Engineering Techniques • Socially aware attacks • Mine social relationships from public data • Phishing email appears to arrive from someone known to the victim • Use spoofed identity of trusted organization to gain trust • Urge victims to update or validate their account • Threaten to terminate the account if the victims not reply • Use gift or bonus as a bait • Security promises
  • 13. Free Powerpoint Templates Page 13 Remember These Social Engineering Techniques Often employed in Phishing seem more real, urgent or to lower your guard of trust Threats – Do this or else! Authority – I have the authority to ask this Promises – If you do this, you will get $$$ Praise – You deserve this
  • 14. Free Powerpoint Templates Page 14 Other Phishing Techniques Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to the victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises
  • 15. Free Powerpoint Templates Page 15 Let’s Talk About Facebook • So important, it gets its own slide! • Essentially unauthenticated – discussion • Three friends and you’re out! - discussion • Privacy settings mean nothing – discussion • Treasure Trove of identity information • Games as information harvesters
  • 16. Free Powerpoint Templates Page 16 Socially Aware
  • 17. Free Powerpoint Templates Page 17 Context Aware “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!”
  • 18. Free Powerpoint Templates Page 18 Seems Suspicious
  • 19. Free Powerpoint Templates Page 19 Social Engineering Methods 419 Scam Nigerian Email Spanish Prisoner
  • 20. Free Powerpoint Templates Page 20 Too Good to be True
  • 21. Free Powerpoint Templates Page 21 Detecting Fraudulent Email Information requested is inappropriate for the channel of communication: "Verify your account."nobody should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. Urgency and potential penalty or loss are implied: "If you don't respond within 48 hours, your account will be closed.”
  • 22. Free Powerpoint Templates Page 22 Detecting Fraudulent Email "Dear Valued Customer."Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
  • 23. Free Powerpoint Templates Page 23 Dectecting Fraudulent Email "Click the link below to gain access to your account.“ This is an example or URL Masking (hiding the web address) URL alteration www.micosoft.com www.mircosoft.com www.verify-microsoft.com
  • 24. Free Powerpoint Templates Page 24 How to Defend Against Phishing Attacks •Never respond to an email asking for personal information • Always check the site to see if it is secure (SSL lock) • Look for misspellings or errors in grammar • Never click on the link on the email. Enter the web address manually • Keep your browser updated • Keep antivirus definitions updated • Use a firewall • When in doubt, ask your Network Administrator for their opinion
  • 25. Free Powerpoint Templates Page 25 A Note on Spear Phishing • Designed especially for you • Includes your name • May reference an environment or issue you are aware of and familiar with • Asks for special treatment, with justification for the request
  • 26. Free Powerpoint Templates Page 26 Don’t Touch That QR Code Curiousity Is Dangerous
  • 27. Free Powerpoint Templates Page 27 Other Techniques An ocean of Phishing techniques •Clone Phishing - Discussion •Whaling - Discussion •Filter Evasion - Discussion •Phone Phishing - Discussion •Tabnabbing - Discussion •Evil Twins - Discussion
  • 28. Free Powerpoint Templates Page 28 Social Engineering Trojans
  • 29. Free Powerpoint Templates Page 29 Baiting Hey, look! A free USB drive! I wonder what is on this confidential CD which I found in the bathroom? These are vectors for malware! Play on your curiousity or desire to get something for nothing Don’t be a piggy!
  • 30. Free Powerpoint Templates Page 30 Out of Office Out of Control Using the Out of Office responder in a responsible manner
  • 31. Free Powerpoint Templates Page 31 Phishing Awareness at DoIT DoIT staff undergo formal Security Awareness training every year Reading is one thing, experiencing is another We wanted some real measurements Purchased a product which enabled us to run measured phishing campaigns Eight campaigns over the past year, from simple to complex
  • 32. Free Powerpoint Templates Page 32 Fidlety - Simple
  • 33. Free Powerpoint Templates Page 33 Liked-In – A Little Harder
  • 34. Free Powerpoint Templates Page 34 Faceblock Friends - Tricky
  • 35. Free Powerpoint Templates Page 35 A Coupon From The Home Despot
  • 36. Free Powerpoint Templates Page 36 A New Kitchen At Work
  • 37. Free Powerpoint Templates Page 37 Dr. Jekyll – Or Mr. Hyde? The Crown Jewel!
  • 38. Free Powerpoint Templates Page 38 Results Average industry end user “participation rate” is 14% Can you guess what our participation rate was? The more familiar the subject matter, the more likely people are to let their guard down
  • 39. Free Powerpoint Templates Page 39 Summary Technology does not provide all the answers Think of Phishing every time you open an email Remember, Social Engineering happens everywhere, not just at St. Elsewhere
  • 40. Free Powerpoint Templates Page 40 Questions and Discussion Nicholas Davis ndavis1@wisc.edu facebook.com/nicholas.a.davis