Deep Sea Phishing: Examples & Countermeasures

Size: px
Start display at page:

Download "Deep Sea Phishing: Examples & Countermeasures"

Transcription

1 Deep Sea Phishing: Examples & Countermeasures

2 Phishing is impersonation of a person or brand.

3 Our focus is -based phishing.

4 Phishing is not malware, spam, or xss, although these often coincide.

5 Current countermeasures Awareness training using synthetic (fake) phishing s. Big lists of crowdsourced URLs and domains known to be bad. Cryptographic standards like DKIM, SPF, DMARC.

6 Deep Sea Phish You can t seem them, but they re there! And they re really nasty. They use tricks to avoid detection by even well-trained users. They thwart URL and domain blacklisting. And they re thriving. Deep Sea Phishing: Examples and Countermeasures

7 Example One Bank of Scamerica

8 Bank of Scamerica This message looks like a legitimate message from Bank of America. But it s actually a phishing scam. There are no obvious visual clues. Even trained experts get fooled by forgeries that are this well-crafted.

9 Bank of Scamerica Maybe you ve trained your users to look at the From: line to make sure the sender is legitimate. Does this From: line look forged? Look carefully! Deep Sea Phishing: Examples and Countermeasures

10 Bank of Scamerica Maybe you ve trained your users to look at the From: line to make sure the sender is legitimate. Does this From: line look forged? Look carefully! That s not a Latin lowercase A. It s a Unicode GREEK SMALL LETTER ALPHA a totally different letter. Deep Sea Phishing: Examples and Countermeasures

11 Bank of Arnerica: Under the Hood The From: and Subject: lines hide the brand name from scanning tools. So this looks like it s from Bank of America to a person, but not to software. This mail was sent from a compromised Cox mail account.

12 Bank of Arnerica This message has a single URL for the user to click. Let s hover over it. Now look closely at where it points in the zoomed in version below. Notice anything peculiar?

13 Bank of Arnerica This message has a single URL for the user to click. Let s hover over it. Now look closely at where it points in the zoomed in version below. Notice anything peculiar? How about now?

14 Bank of Arnerica: Under the Hood The attacker has registered and linked to a visually similar domain.

15 Bank of Arnerica But what else lurks below? A bunch of invisible text! We ve changed its color from white to red so you can actually see it.

16 Bank of Arnerica The invisible text was scraped from a language learning website. Why does the message include this? Because it fools programs that perform statistical analysis on the message text. It makes them think this is a personal rather than a transactional from Bank of America. After all, it s mostly text!

17 Bank of Scamerica: Under the Hood Even the HTML includes extra text, in the form of fake elements and attributes.

18 How we caught it Fuzzy matching of the From: line that is resilient to Unicode substitutions Visual similarity of the domain in the link to a major brand domain B of A brand imagery detected Not sent from a legitimate B of A mail server therefore, malicious

19 Example Two Scamerican Express

20 Scamerican Express This message looks like a legitimate message from American Express. But it s actually a phishing scam. Once again, you d be hard-pressed to tell this is fake, even if you re a trained expert. Like the previous example, this uses several clever tricks to get past mail protection software.

21 Scamerican Express This is another variation of the From: line cloaking technique we saw in the previous example. Unlike the Bank of America phish, you can tell something s wrong if you look closely. In practice this From: line looks good to most users. But that first A is actually Unicode LATIN CAPITAL LETTER A WITH GRAVE. Deep Sea Phishing: Examples and Countermeasures

22 Àmerican Express Here s another variation of the From: line disguising we saw in the previous example. Unlike the Bank of America phish, you can discern this if you look closely. But most people won t. In practice this From: line looks good to most users. But that first A is actually Unicode LATIN CAPITAL LETTER A WITH GRAVE. Deep Sea Phishing: Examples and Countermeasures

23 Àmerican Express: Under the Hood Here again, the From: line makes a person think this is from American Express, but prevents the mail filter software from matching the brand name. Note also the plausible aexp-ib.com domain in the From: and Reply-To: headers.

24 Let s see where aexp-ib.com is hosted WTF? mail-qk0-f194.google.com?

25 The DKIM signature is valid, the SPF and DMARC checks both pass, and Exchange Authentication-Results tell us this message is A-OK!

26 DKIM/SPF/DMARC prove that the mail really came from aexp-ib.com but who controls that domain? Obviously not American Express!

27 Guess where else we found this host?

28 The same hostname and IP address appear in this . It s one of the leaked DNC s, from Debbie Wasserman Schultz.

29

30 DKIM/SPF/DMARC prove what server the mail came from

31 but not who controls that server!

32 Àmerican Express This mail actually came from a compromised Google mail server. Servers like this are invaluable to attackers because they have very good sender reputations. The attacker even went to the trouble of properly configuring DKIM, SPF, and DMARC for aexp-ib.com too so this looks entirely legitimate to most mail protection software. Microsoft EOP let it sail right through.

33 Àmerican Express Now that we know it s fake, we can see a few other tip-offs. Notice the IP address? The last number is 274. But that s an impossible IP address value because each of the four values in an IP address is a single byte, and bytes only range from 0 to 255! And Hello Membership Card? That s rather impersonal

34 How we caught it Doman aexp-ib.com was registered the same day as the was sent. Recognized American Express brand imagery in the message Fuzzy-matched American Express brand term in from text Àmerican Express. Not from a valid American Express mail server.

35 Scared yet?

36 Takeaways Attackers are using new techniques in Deep Sea phishing s that make these forgeries difficult for both trained humans and software to spot. These s use brand terms, imagery, and domain names that are real-looking enough to fool people, but different enough to get past naïve software filters. Inky detects and blocks Deep Sea phishing with machine learning models trained to detect these kinds of s. Deep Sea Phishing: Examples and Countermeasures

Spam Protection Guide

Spam  Protection Guide Spam Email Protection Guide Version 1.0 Last Modified 5/29/2014 by Mike Copening Contents Overview of Spam at RTS... 1 Types of Spam... 1 Spam Tricks... 2 Imitation of 3 rd Party Email Template... 2 Spoofed

More information

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

Phishing. Eugene Davis UAH Information Security Club April 11, 2013 Phishing Eugene Davis UAH Information Security Club April 11, 2013 Overview A social engineering attack in which the attacker impersonates a trusted entity Attacker attempts to retrieve privileged information

More information

Security Using Digital Signatures & Encryption

Security Using Digital Signatures & Encryption Email Security Using Digital Signatures & Encryption CONTENTS. Introduction The Need for Email Security Digital Signatures & Encryption 101 Digital Signatures & Encryption in Action Selecting the Right

More information

PROTECTING YOUR BUSINESS ASSETS

PROTECTING YOUR BUSINESS ASSETS PROTECTING YOUR BUSINESS ASSETS How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and Your Credit Card Number Gets Stolen A MyNAMS Presentation by Regina Smola @2012 Regina

More information

Ages Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk

Ages Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk Ages 11-14 Donʼt Fall for : Activity 1 Don t bite that phishing hook! Children play a game where they study various emails and texts and try to decide which messages are legit and which are phishing scams.

More information

Update on new Microsoft Cloud Technology

Update on new Microsoft Cloud Technology Update on new Microsoft Cloud Technology Advanced Threat Protection Thomas Collier Technical Pre-Sales OFFICE 365 PHISH PROTECTION STACK Protect during Mail Flow Protect Post Delivery Detect & Respond

More information

To learn more about Stickley on Security visit You can contact Jim Stickley at

To learn more about Stickley on Security visit   You can contact Jim Stickley at Thanks for attending this session on March 15th. To learn more about Stickley on Security visit www.stickleyonsecurity.com You can contact Jim Stickley at jim@stickleyonsecurity.com Have a great day! Fraud

More information

How to recognize phishing s

How to recognize phishing  s Phishing email messages, websites, and phone calls are designed to steal money, steal data and/or destroy information. Cybercriminals can do this by installing malicious software on your computer or stealing

More information

An Executive s FAQ About Authentication

An Executive s FAQ About  Authentication An Executive s FAQ About Email Authentication Understanding how email authentication helps your organization protect itself from phishing with an approach that s radically different from other security

More information

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong How Enterprise Tackles Phishing Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong Hackers turning to easy marks - Social engineering Phishing was the #1 threat vector (> 50%) for Office

More information

Train employees to avoid inadvertent cyber security breaches

Train employees to avoid inadvertent cyber security breaches Train employees to avoid inadvertent cyber security breaches TRAIN EMPLOYEES TO AVOID INADVERTENT CYBER SECURITY BREACHES PAGE 2 How much do you know about cyber security? Small business owners often lack

More information

Trustwave SEG Cloud BEC Fraud Detection Basics

Trustwave SEG Cloud BEC Fraud Detection Basics .trust Trustwave SEG Cloud BEC Fraud Detection Basics Table of Contents About This Document 1 1 Background 2 2 Configuring Trustwave SEG Cloud for BEC Fraud Detection 5 2.1 Enable the Block Business Email

More information

Security and Privacy

Security and Privacy E-mail Security and Privacy Department of Computer Science Montclair State University Course : CMPT 320 Internet/Intranet Security Semester : Fall 2008 Student Instructor : Alex Chen : Dr. Stefan Robila

More information

Who We Are! Natalie Timpone

Who We Are! Natalie Timpone Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who

More information

Anti-Spoofing. Inbound SPF Settings

Anti-Spoofing. Inbound SPF Settings Anti-Spoofing SonicWall Hosted Email Security solution allows you to enable and configure settings to prevent illegitimate messages from entering your organization. Spoofing consists of an attacker forging

More information

FAQ. Usually appear to be sent from official address

FAQ. Usually appear to be sent from official  address FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address

More information

Online Scams. Ready to get started? Click on the green button to continue.

Online Scams. Ready to get started? Click on the green button to continue. Online Scams Hi, I m Kate. We re here to learn how to protect ourselves from online scams. We ll follow along with Kevin to learn what types of scams are out there, how to recognize the warning signs,

More information

41% Opens. 73% Clicks. 35% Submits Sent

41% Opens. 73% Clicks. 35% Submits Sent Phishing Awareness Attackers engage with you through your email inbox, and unless you pay close attention, you can become a victim to their masquerade. What tactic are these attackers using? It is called

More information

Cyber Security Guide for NHSmail

Cyber Security Guide for NHSmail Cyber Security Guide for NHSmail Version 3.0 February 2017 Copyright 2017Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute,

More information

On the Surface. Security Datasheet. Security Datasheet

On the Surface.  Security Datasheet.  Security Datasheet Email Security Datasheet Email Security Datasheet On the Surface No additional hardware or software required to achieve 99.9%+ spam and malware filtering effectiveness Initiate service by changing MX Record

More information

Staying Safe on the Internet. Mark Schulman

Staying Safe on the Internet. Mark Schulman Staying Safe on the Internet Mark Schulman 1 Your Presenter Mark Schulman IT professional for almost 40 years No affiliation with any product 2 What We ll Talk About Passwords Email Safety Staying Safe

More information

Phishing. A simplified walkthrough on how phishing campaigns are often orchestrated, and possible defences. Copyright March 2018

Phishing. A simplified walkthrough on how phishing campaigns are often orchestrated, and possible defences. Copyright March 2018 Phishing A simplified walkthrough on how phishing campaigns are often orchestrated, and possible defences. Copyright March 2018 Netscylla Cyber Security Ltd GB 10571639 Address: Telecom House, 125-135

More information

Fighting Phishing I: Get phish or die tryin.

Fighting Phishing I: Get phish or die tryin. Fighting Phishing I: Get phish or die tryin. Micah Nelson and Max Hyppolite bit.ly/nercomp_sap918 Please, don t forget to submit your feedback for today s session at the above URL. If you use social media

More information

Security Protection

Security Protection Email Security Protection Loay Alayadhi Abstract: Email is the most important business communication tool. Security has been an issue in mail from ancient times. Therefore, email security protection has

More information

Safety and Security. April 2015

Safety and Security. April 2015 Safety and Security April 2015 Protecting your smartphone and your data 2 Set a passcode on your smartphone For some smartphone models: 1. Go to Settings. 2. Tap ID & Passcode. 3. Set a 4-digit passcode.

More information

to Stay Out of the Spam Folder

to Stay Out of the Spam Folder Tips and Tricks to Stay Out of the Spam Folder At SendGrid we are very serious about email deliverability. We live and breathe it each day. Similar to how Google keeps adjusting its search algorithm to

More information

BEST PRACTICES FOR PERSONAL Security

BEST PRACTICES FOR PERSONAL  Security BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple

More information

Automatic Delivery Setup Guide

Automatic  Delivery Setup Guide for GuideSpark Communicate Cloud Table of Contents Summary: Working with Automatic Email Delivery... 1 What your IT department needs to know... 2 Prerequisite: Select a Targeted Audience... 3 Enable Automatic

More information

Online Security: Breaking Down the Anatomy of a Phishing

Online Security: Breaking Down the Anatomy of a Phishing Online Security: Breaking Down the Anatomy of a Phishing Email In today s world where everyone s information is online, phishing is one of the most popular and devastating online attacks, because you can

More information

Optimization of your deliverability: set up & best practices. Jonathan Wuurman, ACTITO Evangelist

Optimization of your  deliverability: set up & best practices. Jonathan Wuurman, ACTITO Evangelist Optimization of your email deliverability: set up & best practices Jonathan Wuurman, ACTITO Evangelist ACTITO Webinar Tour Replays & presentations available at www.actito.com/nl Our mission We help our

More information

Table of content. Authentication Domain Subscribers Content Sending practices Conclusion...

Table of content.  Authentication Domain Subscribers Content Sending practices Conclusion... A User Guide Before sending your carefully-crafted email campaigns, it s important to first understand a few basic ideas and rules of email marketing to ensure your campaigns are successful. To achieve

More information

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006 SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of

More information

Competitive Matrix - IRONSCALES vs Alternatives

Competitive Matrix - IRONSCALES vs Alternatives Competitive Matrix - IRONSCALES vs Alternatives Traditional Awareness and Training Features IRONSCALES SEG PhishMe Wombat Knowbe4 Sans Institute Simulation & Training Compliance PCI/DSS, HIPAA, GLBA to

More information

WEB SECURITY: XSS & CSRF

WEB SECURITY: XSS & CSRF WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often

More information

Security 08. Black Hat Search Engine Optimisation. SIFT Pty Ltd Australia. Paul Theriault

Security 08. Black Hat Search Engine Optimisation. SIFT Pty Ltd Australia. Paul Theriault Security 08 Black Hat Search Engine Optimisation SIFT Pty Ltd Australia Paul Theriault 1. Search Engine Optimisation 2. Blackhat techniques explained 3. Security Recommendations Search Engine Optimisation

More information

Teach Me How: B2B Deliverability in a B2C World

Teach Me How: B2B Deliverability in a B2C World Teach Me How: B2B Deliverability in a B2C World Chris Arrendale CEO & Principal Deliverability Strategist Inbox Pros (www.inboxpros.com) @Arrendale Agenda - Outline Delivery versus Deliverability Provisioning

More information

Secure solutions for advanced threats

Secure solutions for advanced  threats Secure solutions for advanced email threats Threat-centric email security Cosmina Calin Virtual System Engineer November 2016 Get ahead of attackers with threat-centric security solutions In our live Security

More information

P2_L12 Web Security Page 1

P2_L12 Web Security Page 1 P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction

More information

FRAUD DEFENSE: How To Fight The Next Generation of Targeted BEC Attacks

FRAUD DEFENSE: How To Fight The Next Generation of Targeted BEC Attacks EMAIL FRAUD DEFENSE: How To Fight The Next Generation of Targeted BEC Attacks Brian Westnedge bwestnedge@proofpoint.com November 8, 2017 1 2017 Proofpoint, Inc. THE BUSINESS PROBLEM BUSINESS EMAIL COMPROMISE

More information

How to prevent phishing attacks? In 3 Pages. Author: Soroush Dalili irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject.

How to prevent phishing attacks? In 3 Pages. Author: Soroush Dalili   irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject. How to prevent phishing attacks? In 3 Pages Author: Soroush Dalili Email: irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject.Com March 2009 How to prevent phishing attacks? 1. Introduction Phishing

More information

Your security on click Jobs

Your security on click Jobs Your security on click Jobs At Click Jobs is a trading name of Raspberry Recruitment Limited, we're committed to helping you find the right job in a safe and secure environment. On these pages, you can

More information

Malicious s. How to Identify Them and How to Protect Yourself

Malicious  s. How to Identify Them and How to Protect Yourself Malicious Emails How to Identify Them and How to Protect Yourself 1.Identify the Sender This is the first thing you should do whenever you receive an email, especially if: It is requesting sensitive information

More information

Getting into Gmail and other inboxes: A marketer's guide to the toughest spam filters

Getting into Gmail and other  inboxes: A marketer's guide to the toughest spam filters FulcrumTech Email Marketing Results You Can Measure Getting into Gmail and other email inboxes: A marketer's guide to the toughest spam filters What Really Determines Inbox Engagement? Do Internet service

More information

How to Conquer Targeted Threats: SANS Review of Agari Enterprise Protect

How to Conquer Targeted  Threats: SANS Review of Agari Enterprise Protect How to Conquer Targeted Email Threats: SANS Review of Agari Enterprise Protect A SANS Product Review Written by Dave Shackleford May 2017 Sponsored by Agari 2017 SANS Institute Introduction: Email Is a

More information

TrendMicro Hosted Security. Best Practice Guide

TrendMicro Hosted  Security. Best Practice Guide TrendMicro Hosted Email Security Best Practice Guide 1 Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. The names of companies,

More information

Authentication KAMI VANIEA 1

Authentication KAMI VANIEA 1 Authentication KAMI VANIEA FEBRUARY 1ST KAMI VANIEA 1 First, the news KAMI VANIEA 2 Today Basics of authentication Something you know passwords Something you have Something you are KAMI VANIEA 3 Most recommended

More information

Anatomy of Phishing Campaigns: A Gmail Perspective

Anatomy of Phishing Campaigns: A Gmail Perspective SESSION ID: HT-R03 Anatomy of Phishing Campaigns: A Gmail Perspective Nicolas Lidzborski Ali Zand Gmail & G Suite Security Engineering Lead Google Anti-Abuse Research team #RSAC Phishing 101 Is phishing

More information

Target Breach Overview

Target Breach Overview Target Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more specifics? A: Yes, Target has confirmed that it experienced unauthorized access to its systems

More information

Sucuri Webinar Q&A HOW TO IDENTIFY AND FIX A HACKED WORDPRESS WEBSITE. Ben Martin - Remediation Team Lead

Sucuri Webinar Q&A HOW TO IDENTIFY AND FIX A HACKED WORDPRESS WEBSITE. Ben Martin - Remediation Team Lead Sucuri Webinar Q&A HOW TO IDENTIFY AND FIX A HACKED WORDPRESS WEBSITE. Ben Martin - Remediation Team Lead 1 Question #1: What is the benefit to spammers for using someone elses UA code and is there a way

More information

Contents. Management. Client. Choosing One 1/20/17

Contents.  Management.  Client. Choosing One 1/20/17 Contents Email Management CSCU9B2 Email clients choosing and using Email message header and content Emailing to lists of people In and out message management Mime attachments and HTML email SMTP, HTTP,

More information

End-to-End Measurements of Spoofing Attacks. Hang Hu, Gang Wang Computer Science, Virginia Tech

End-to-End Measurements of  Spoofing Attacks. Hang Hu, Gang Wang Computer Science, Virginia Tech End-to-End Measurements of Email Spoofing Attacks Hang Hu, Gang Wang hanghu@vt.edu Computer Science, Virginia Tech Spear Phishing is a Big Threat Spear phishing: targeted phishing attack, often involves

More information

Automatic Delivery Setup Guide

Automatic  Delivery Setup Guide for GuideSpark Communicate Cloud Table of Contents Summary: Working with Automatic Email Delivery... 1 What your IT department needs to know... 2 Prerequisite: Select a Targeted Audience... 3 Enable Automatic

More information

Two days ago President Obama released his long form birth certificate. The file is available at:

Two days ago President Obama released his long form birth certificate. The file is available at: Obama s Long-Form Birth Certificate: Evidence Of Manipulation by Jim March, 4/29/11 As I write this, I have never been publicly or privately associated with the birther movement. You can search the web

More information

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11 Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:

More information

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1 Computer Security 3e Dieter Gollmann Security.di.unimi.it/1516/ Chapter 4: 1 Chapter 4: Identification & Authentication Chapter 4: 2 Agenda User authentication Identification & authentication Passwords

More information

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats.

EBOOK. Stopping  Fraud. How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats. EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have

More information

3.5 SECURITY. How can you reduce the risk of getting a virus?

3.5 SECURITY. How can you reduce the risk of getting a virus? 3.5 SECURITY 3.5.4 MALWARE WHAT IS MALWARE? Malware, short for malicious software, is any software used to disrupt the computer s operation, gather sensitive information without your knowledge, or gain

More information

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO) IT Security Protecting Ourselves From Phishing Attempts Ray Copeland Chief Information Officer (CIO) Phishing Defined The fraudulent practice of sending emails claiming to be from reputable people or companies

More information

CIS 4360 Secure Computer Systems XSS

CIS 4360 Secure Computer Systems XSS CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection

More information

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

EBOOK. Stopping  Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats. EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have

More information

CHAPTER 2. Troubleshooting CGI Scripts

CHAPTER 2. Troubleshooting CGI Scripts CHAPTER 2 Troubleshooting CGI Scripts OVERVIEW Web servers and their CGI environment can be set up in a variety of ways. Chapter 1 covered the basics of the installation and configuration of scripts. However,

More information

Computer Security 3e. Dieter Gollmann. Chapter 18: 1

Computer Security 3e. Dieter Gollmann.  Chapter 18: 1 Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter

More information

Handling unwanted . What are the main sources of junk ?

Handling unwanted  . What are the main sources of junk  ? Handling unwanted email Philip Hazel Almost entirely based on a presentation by Brian Candler What are the main sources of junk email? Spam Unsolicited, bulk email Often fraudulent penis enlargement, lottery

More information

ITConnect KEEPING TRACK OF YOUR EXPENSES WITH YNAB

ITConnect KEEPING TRACK OF YOUR EXPENSES WITH YNAB ITConnect Technology made practical for home APRIL 06 Edit PDF files with Word Word is the best tool we have at hand to edit PDFs without having to purchase extra software. Viruses distributed by email

More information

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1 Security and Privacy Xin Liu Computer Science University of California, Davis Introduction 1-1 What is network security? Confidentiality: only sender, intended receiver should understand message contents

More information

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

COMMON WAYS IDENTITY THEFT CAN HAPPEN: COMMON WAYS IDENTITY THEFT CAN HAPPEN: OLD FASHIONED STEALING / DUMPSTER DIVING Thieves typically steal wallets and purses. They also steal mail such as credit card and bank statements, pre-approved credit

More information

Authentication GUIDE. Frequently Asked QUES T ION S T OGETHER STRONGER

Authentication GUIDE. Frequently Asked QUES T ION S T OGETHER STRONGER Email Authentication GUIDE Frequently Asked QUES T ION S T OGETHER STRONGER EMAIL AUTHENTICATION Marketers that use email for communication and transactional purposes should adopt and use identification

More information

Master Cold s. - The ebook. Written with at FindThatLead.com

Master Cold  s. - The ebook. Written with at FindThatLead.com Master Cold Emails - The ebook Written with at.com Index Introduction: What Do I Do Now? The Best Tools To Improve Your Cold Email Game How to Craft the Perfect Cold Email Follow-Ups A Few Examples Your

More information

INTERNET SAFETY IS IMPORTANT

INTERNET SAFETY IS IMPORTANT INTERNET SAFETY IS IMPORTANT Internet safety is not just the ability to avoid dangerous websites, scams, or hacking. It s the idea that knowledge of how the internet works is just as important as being

More information

DMARC ADOPTION AMONG e-retailers

DMARC ADOPTION AMONG e-retailers DMARC ADOPTION AMONG e-retailers Q1 2018 Almost 90% of Top US and EU e-retailer Domains Fail to Protect Consumers from Phishing Attacks Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok TABLE

More information

ybersecurity for the Modern Era Three Steps to Stopping malware, Credential Phishing, Fraud and More

ybersecurity for the Modern Era Three Steps to Stopping malware, Credential Phishing,  Fraud and More ybersecurity for the Modern Era Three Steps to Stopping malware, Credential Phishing, Email Fraud and More www.proofpoint.com EBOOK Cybersecurity in the modern era 2 ONLY AMATEURS ATTACK MACHINES. PROFESSIONALS

More information

Phishing: Don t Phall Phor It Part 1

Phishing: Don t Phall Phor It Part 1 Phishing: Don t Phall Phor It Part 1 Software Training Services Welcome to Part 1 of the online course: Phishing: Don t Fall for it! 1 Objectives Definition of Phishing State of Phishing Today Recognizing

More information

1 Achieving IND-CPA security

1 Achieving IND-CPA security ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces

More information

DMARC ADOPTION AMONG e-retailers

DMARC ADOPTION AMONG e-retailers DMARC ADOPTION AMONG e-retailers Q1 2018 Almost 90% of Top US and EU e-retailer Domains Fail to Protect Consumers from Phishing Attacks Featuring Matthew Vernhout (CIPP/C) Director of Privacy, 250ok TABLE

More information

Machine-Powered Learning for People-Centered Security

Machine-Powered Learning for People-Centered Security White paper Machine-Powered Learning for People-Centered Security Protecting Email with the Proofpoint Stateful Composite Scoring Service www.proofpoint.com INTRODUCTION: OUTGUNNED AND OVERWHELMED Today

More information

Cyber Security Guide. For Politicians and Political Parties

Cyber Security Guide. For Politicians and Political Parties Cyber Security Guide For Politicians and Political Parties Indian Election Integrity Initiative Design by ccm.design Cover Image by Paul Dufour Helping to Safeguard the Integrity of the Electoral Process

More information

TIPS TO AVOID PHISHING SCAMS

TIPS TO AVOID PHISHING SCAMS TIPS TO AVOID PHISHING SCAMS WHAT IS PHISHING? Phishing is the use of fraudulent email, websites, text messages and phone calls to trick people into disclosing personal financial or identity information,

More information

I G H T T H E A G A I N S T S P A M. ww w.atmail.com. Copyright 2015 atmail pty ltd. All rights reserved. 1

I G H T T H E A G A I N S T S P A M. ww w.atmail.com. Copyright 2015 atmail pty ltd. All rights reserved. 1 T H E F I G H T A G A I N S T S P A M ww w.atmail.com Copyright 2015 atmail pty ltd. All rights reserved. 1 EXECUTIVE SUMMARY IMPLEMENTATION OF OPENSOURCE ANTI-SPAM ENGINES IMPLEMENTATION OF OPENSOURCE

More information

MPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames

MPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames MPEG o We now turn our attention to the MPEG format, named after the Moving Picture Experts Group that defined it. To a first approximation, a moving picture (i.e., video) is simply a succession of still

More information

HOLIDAY DELIVERABILITY STAY OFF THE NAUGHTY LIST & GET TO THE INBOX HOLIDAY DELIVERABILITY WEBINAR

HOLIDAY DELIVERABILITY STAY OFF THE NAUGHTY LIST & GET TO THE INBOX HOLIDAY DELIVERABILITY WEBINAR HOLIDAY DELIVERABILITY STAY OFF THE NAUGHTY LIST & GET TO THE INBOX 1 MEET YOUR SPEAKERS Karen Balle Director of Deliverability, BlueHornet Tom Sather Sr. Director, Research, Return Path TODAY S AGENDA

More information

GFI Product Comparison. GFI MailEssentials vs Sophos PureMessage

GFI Product Comparison. GFI MailEssentials vs Sophos PureMessage GFI Product Comparison GFI MailEssentials vs PureMessage GFI MailEssentials Integrates with Microsoft Exchange Server 2003/2007/2010/2013 Scans incoming and outgoing emails Scans internal emails within

More information

Creating and Using an Account

Creating and Using an  Account Creating and Using an Email Account How to get on the Internet Click two times very quickly (double click) on any of the following icons: These are called browsers. They are what you use to search the

More information

Defeating Spam Attacks

Defeating Spam Attacks Defeating Spam Attacks Using the Tectite FormMail Script to tackle Problem Spam How do you get Spam Emails Spam typically results when email addresses become known to spammers. They can find your email

More information

Phishing in the Age of SaaS

Phishing in the Age of SaaS Phishing in the Age of SaaS AN ESSENTIAL GUIDE FOR BUSINESSES AND USERS The Cloud Security Platform Q3 2017 intro Phishing attacks have become the primary hacking method used against organizations. In

More information

Cyber Hygiene Guide. Politicians and Political Parties

Cyber Hygiene Guide. Politicians and Political Parties Cyber Hygiene Guide Politicians and Political Parties Canadian Election Integrity Initiative Design by ccm.design Cover Image by Songquan Deng Helping to Safeguard the Integrity of the Electoral Process

More information

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/

More information

Deliverability Terms

Deliverability Terms Email Deliverability Terms The Purpose of this Document Deliverability is an important piece to any email marketing strategy, but keeping up with the growing number of email terms can be tiring. To help

More information

Online Threats. This include human using them!

Online Threats.   This include human using them! Online Threats There are many dangers from using the web (and computer in general). One should watch out for malware, automated programs designed to cause harm to you, your data, and your system. You are

More information

1 Defining Message authentication

1 Defining Message authentication ISA 562: Information Security, Theory and Practice Lecture 3 1 Defining Message authentication 1.1 Defining MAC schemes In the last lecture we saw that, even if our data is encrypted, a clever adversary

More information

CMPSCI 120 Fall 2017 Midterm Exam #1 Solution Key Friday, October 6, 2017 Professor William T. Verts

CMPSCI 120 Fall 2017 Midterm Exam #1 Solution Key Friday, October 6, 2017 Professor William T. Verts CMPSCI 120 Fall 2017 Midterm Exam #1 Solution Key Friday, October 6, 2017 Professor William T. Verts 30 Points Answer any 30 of the following questions. Answer more for extra credit. Blank answers

More information

Robbing the Bank with a Theorem Prover

Robbing the Bank with a Theorem Prover Robbing the Bank with a Theorem Prover (Transcript of Discussion) Jolyon Clulow Cambridge University So it s a fairly provocative title, how did we get to that? Well automated tools have been successfully

More information

Best Practices. Kevin Chege

Best Practices. Kevin Chege Email Best Practices Kevin Chege Why your email setup is critical Billions of SPAM emails are generated every day The tips here can help you to reduced the chances of you receiving SPAM email or inadvertently

More information

Newcomer Finances Toolkit. Fraud. Worksheets

Newcomer Finances Toolkit. Fraud. Worksheets Newcomer Finances Toolkit Fraud Worksheets Ottawa Community Loan Fund Fonds d emprunt Communautaire d Ottawa 22 O Meara St., Causeway Work Centre, Ottawa, ON K1Y 4N6 Tel: 613-594-3535 Fax: 613-594-8118

More information

Worksheet - Reading Guide for Keys and Passwords

Worksheet - Reading Guide for Keys and Passwords Unit 2 Lesson 15 Name(s) Period Date Worksheet - Reading Guide for Keys and Passwords Background Algorithms vs. Keys. An algorithm is how to execute the encryption and decryption and key is the secret

More information

Home/Network Computing

Home/Network Computing Home/Network Computing How to avoid becoming road kill on the Internet (Information Superhighway) Home Computing not as simple as it used to be almost all computers need to have sys-admin disk drives will

More information

S a p m a m a n a d n d H a H m 성균관대학교 최형기

S a p m a m a n a d n d H a H m 성균관대학교 최형기 Spam and Ham 성균관대학교 최형기 Agenda Email Protocol Introduction to spam Techniques spammers use Kinds of spam Solutions to spam Conclusion CINS/F1-01 Sungkyunkwan University, Hyoung-Kee Choi 2 SMTP 1 Electronic

More information

Why we spam? 1. To get Bank Logs by spamming different banks.

Why we spam? 1. To get Bank Logs by spamming different banks. Hello guys this is tutorial in depth of the topic spamming. First of we will see what do we mean by term spamming. Wikipedia definition: Email spam, also known as unsolicited bulk Email (UBE), junk mail,

More information

Building a Scalable, Service-Centric Sender Policy Framework (SPF) System

Building a Scalable, Service-Centric Sender Policy Framework (SPF) System Valimail White Paper February 2018 Building a Scalable, Service-Centric Sender Policy Framework (SPF) System Introduction Sender Policy Framework (SPF) is the protocol by which the owners of a domain can

More information

Norton Online Reputation Report: Why Millennials should manage their online footprint

Norton Online Reputation Report: Why Millennials should manage their online footprint Norton Online Reputation Report: Why Millennials should manage their online footprint UK May 2016 Methodology A quantitative survey was conducted online among 1,000 mobile users aged 18-34 years who own

More information

and video do s and don ts

and video do s and don ts Email and video do s and don ts Let s talk about 6 things for your emails 5 things for your videos 2 rules to live by for online (a.k.a. 13 things ) 2 Email #1: Is it what you do best? Not the tools, but

More information