Spear Phishing

Spear Phishing
Slide Note
Embed
Share

Learn about spear phishing attacks, ways to reduce risks, and common methods used by attackers. Understand the importance of safeguarding against social engineering tactics in cybersecurity. Explore the techniques employed to deceive victims and steps to enhance security measures.

  • Spear Phishing
  • Cybersecurity
  • Risk Mitigation
  • Social Engineering
  • Attack Methods
pich_r
pich_r Follow

Uploaded on Feb 16, 2025 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Spear Phishing Ways to Minimize its Risks By Basiru A. Mohammed Mercy College

  2. What Is It? Spear Phishing is a social engineering attack Phishing attacks trick victims into providing their credentials It can also be used to create a backdoor within an organization s system 97% of participants fell for at least one of the phishing messages sent to them in the phishing experiment [1] Due to the human negligence or errors, phishing attacks in general have become one of the most successful attacks

  3. What do we know? Spear phishing are attacks on renowned individuals Phishing attacks are a form of Advanced Persistent Threat where the attacker seeks to gain information and remain undetected for a long period of time According to a Trend Micro s findings on APT related spear phishing, 91% of targeted attacks involve spear-phishing emails [2]

  4. How is it done? Use of embedded link within an email with the aim of harvesting credentials of victims Creation of malicious program as an attachment to an email to create a backdoor via Trojan Obtaining information through the phone by impersonation Spoofing the sender address to make messages look credible

  5. Is that Even Possible? Goal is to make victim believe it s from a trusted source Starts with extensive reconnaissance Recon enables the hackers to streamline the emails sent to their targets Email sent contain a stealthy malicious program or a link to a fake website designed by the hacker Downloading the attachment of the email will enables the Trojan to be installed on the target s computer Or clicking the link takes targets to a malicious website to collect their credentials

  6. Website Attack Vectors Using Kali Linux, type sudo setoolkit and press enter. Press y to agree to the license agreement Select menu 1 and press enter, which will also take you to another menu. From the next menu, select 2 Website Attack Vectors and enter From the next menu presented, select 3 Credential Harvester Attack Method and enter From the next menu presented, select 2 Site Cloner and enter It will demand you to provide an IP address, if you don t have it handy, open another terminal and type sudo ifconfig to obtain the IP address of your system Enter the URL to be cloned, for instance http://www.facebook.com A new URL will be presented to you Compose an email, copy and embed the URL created in the email Keep the terminal opened as you will receive the credentials there.

  7. Spear Phishing Attack Vectors Using Kali Linux, type sudo setoolkit and press enter. Press y to agree to the license agreement Select menu 1 and press enter, which will also take you to another menu. From the next menu, select 1 Spear-Phishing Attack Vectors and hit enter From the next menu presented, select 2 Create a FileFormat Payload and hit enter At the next menu, select 4 Microsoft Word RTF Fragments MS10_87 At the next menu, select 5 Windows Meterpreter Reverse_TCP(x64) Enter a port number or keep the default 443 After creating the malicious file, rename the Attach the malicious file in the email created to trick the victim.

  8. What Can Be Done? Institutional Educate employees Conduct mock phishing attack scenarios Protect network from unwanted programs Use legitimate applications from trusted vendors a keep it updated Install antivirus for both network and internal systems Use of a firewall and web filters to block malicious websites Encrypt all sensitive company information Develop a comprehensive policy for BYOD and other security policies

  9. What Can Be Done? Individuals Avoid sharing too much information on social media Avoid opening files or following links from unknown email sources. Make use of the spam filters on your email applications. Investigate every email that has a link or attachment. Make use of a very good antivirus software and update it regularly. Make use of a firewall for your private network. Do not share personal information with websites that do not make use of two-factor authentication.

  10. What Have We Learnt? As cyber-attacks are becoming more sophisticated, more people are falling victims. According to SANS Institute, 95% of all attacks on enterprise networks are result of successful spear phishing [2] Based on our knowledge of Spear phishing attacks we can deploy the necessary measures to minimize our risk of falling victims to them.

  11. References [1] Egelman S., Cranor F. L. and Hong J., You ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings, CHI 2008 Proceedings-Am I Safe, April 5-10 2008. Available: ACM Digital Library, https://dl-acm-org.rdas- proxy.mercy.edu/citation.cfm?id=1357219 [Accessed February18, 2018]. [2] Micro, T. (2012). Spear-Phishing Email: Most Favored APT Attack Bait. Trend Micro, http://www. trendmicro. com. au/cloud- content/us/pdfs/security-intelligence/white-papers/wp-spear- phishing-email-most-favored-apt-attack-bait. pdf (Accessed March 1, 2018). [3] Weinberg N. How to Blunt Spear Phishing Attacks, March 6, 2013. Retrieved from: https://www.networkworld.com/article/2164139/network- security/how-to-blunt-spear-phishing-attacks.html. [Accessed March 1, 2018].

Related


Phishing and Social Media Scam Protection | Scam Killnet Switch

Phishing and Social Media Scam Protection | Scam Killnet Switch

Scam
State of Oregon Phishing Awareness Program Implementation Overview

State of Oregon Phishing Awareness Program Implementation Overview

nehemiah
Oregon Phishing Awareness Program: Implementation and Strategy

Oregon Phishing Awareness Program: Implementation and Strategy

stiles
Enhanced Chapter Management Tools and Security Protocols for ASSP Region I

Enhanced Chapter Management Tools and Security Protocols for ASSP Region I

manon
Phriendly Phishing Training Solutions Overview

Phriendly Phishing Training Solutions Overview

damien
Modern Phishing Techniques and Evilginx Framework

Modern Phishing Techniques and Evilginx Framework

marmaduke
Phishing Attacks: Risks, Prevention, and Awareness

Phishing Attacks: Risks, Prevention, and Awareness

lenny
Protect Yourself from Phishing Scams: Essential Tips to Stay Safe Online

Protect Yourself from Phishing Scams: Essential Tips to Stay Safe Online

saffron
Cyber Crime: Risks and Prevention Measures

Cyber Crime: Risks and Prevention Measures

whittaker
Phishing Survival Guide: Educating Children and Parents

Phishing Survival Guide: Educating Children and Parents

wilder
Phishing: Types, Risks, and Prevention Strategies

Phishing: Types, Risks, and Prevention Strategies

astraeus
How to Protect Your Cryptocurrencies from DeFi Phishing Scams

How to Protect Your Cryptocurrencies from DeFi Phishing Scams

NavExm
Phishing Survival Guide: How to Recognize and Respond to Suspicious Emails

Phishing Survival Guide: How to Recognize and Respond to Suspicious Emails

fern
Essential Cybersecurity Practices for Safe Online Activities

Essential Cybersecurity Practices for Safe Online Activities

asiya
Staying Safe Online_ How to Avoid Phishing Scams?

Staying Safe Online_ How to Avoid Phishing Scams?

Oliver1
ReBIT Operational Excellence Webinar Series: Anti-Phishing Campaign

ReBIT Operational Excellence Webinar Series: Anti-Phishing Campaign

flanigan_s
Phishing, Viruses, and Online Security

Phishing, Viruses, and Online Security

wees_i
Watch Out for Online Scams and Phishing Attempts

Watch Out for Online Scams and Phishing Attempts

longacre_y
Protect Yourself from Phishing Scams: Key Tips for Members

Protect Yourself from Phishing Scams: Key Tips for Members

divyade
Secure Online Behavior: Learn to Identify and Protect Against Cyber Threats

Secure Online Behavior: Learn to Identify and Protect Against Cyber Threats

norquist_d
Cyber Security Awareness and Best Practices

Cyber Security Awareness and Best Practices

ssuz
Cybersecurity Awareness: Phishing Investigations Practitioner Notes and Game Instructions

Cybersecurity Awareness: Phishing Investigations Practitioner Notes and Game Instructions

dell_318

More Related Content