Phishing is a real problem, and that problem is only increasing in frequency.
Phish attacks come in many different forms. Everyone is affected by phishing. Whether it be that a credit card number is stolen from your family member, or your friend gets their Facebook account hijacked, or you have your company web site blacklisted for SPAM, we are all affected by phishing attacks. Some of those attacks are worse than others.
All information in this presentation is derived from public sources.
A few definitions
- Exploitation is an attack on a computer system, especially one that takes advantage of a particular vulnerability that the system offers to intruders
- Social engineering is a confidence trick, an attack vector that relies on human interaction to take advantage of tricking people into doing something that is likely not in their best interest
- Social Engineering is an attempt to take advantage of the vulnerability called the Human OS
- Phishing is the attempt to take advantage of social and emotional constructs to obtain sensitive information by disguising as a trustworthy entity in an electronic communication
Comparison to SPAM
- SPAM are unsolicited or unwanted emails, often related to product endorsement
- Unsolicited mail predates computers; SPAM is electronic unsolicited mail
- Phish are pretextual lies intended to dupe the victim into providing something private or valuable, or inadvertently providing command and control access to a computer
- Pretexting predates computers; a pretext is something that is put forward to conceal a true purpose
- “You’ve Been Phished!”,
- “Avoiding Social Engineering and Phishing Attacks”,
- “Phishing: Don’t be phooled”,