phishing social engineering various malwares
play

Phishing, Social Engineering, Various malwares Week 3 Frank Chen | - PowerPoint PPT Presentation

Dec 25, 2022 •242 likes •774 views

Ray-Ban phishing scams occur a lot on Facebook CS 88S Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017 Agenda Review last weeks material Phishing & Social Engineering Various Malwares Spam

  1. Ray-Ban phishing scams occur a lot on Facebook CS 88S Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017

  2. Agenda ● Review last week’s material ● Phishing & Social Engineering ● Various Malwares ● Spam Classification: A Machine Learning Approach ● Resources + Best Practices Frank Chen | Spring 2017

  3. Announcement Frank Chen | Spring 2017

  4. Agenda ● Review last week’s material ● Phishing & Social Engineering ● Various Malwares ● Spam Classification: A Machine Learning Approach ● Resources + Best Practices Frank Chen | Spring 2017

  5. Hack? Def: Maliciously taking advantage of a system's CIA paradigms Frank Chen | Spring 2017

  6. Hack? Def: A slang for innovatively solving a problem or making a product. Frank Chen | Spring 2017

  7. Hackathon? Def: Programming competitions where students are encouraged to build anything they’d like. From websites to apps to hardware products etc. Frank Chen | Spring 2017

  8. Implicit Bias Def: Bias in judgment and/or behavior that results from subtle cognitive processes (e.g., implicit attitudes and implicit stereotypes) that often operate at a level below conscious awareness and without intentional control. UCLA Vice Chancellor Jerry Kang's TED talk video: http://bit.ly/2oaM8Ek Frank Chen | Spring 2017

  9. Agenda ● Review last week’s material ● Phishing & Social Engineering ● Various Malwares ● Spam Classification: A Machine Learning Approach ● Resources + Best Practices Frank Chen | Spring 2017

  10. C Phishing I A Def: The activity of defrauding an online account holder of financial information by posing as a legitimate company Frank Chen | Spring 2017

  11. An Overview Source : http://bit.ly/24tI2V0 Frank Chen | Spring 2017

  12. Spelling Attackers may not speak English at all. Source : http://bit.ly/2oCq1Jj Frank Chen | Spring 2017 Frank Chen | Spring 2017

  13. Suspicious Links Never click on links before Source : http://unfurlr.com/ checking them properly. Most URL shortener websites give you the option to check a URL. Source: https://techhelpkb.com/how-to-check- shortened-urls-for-safety/ Source : https://bitly.com/ Frank Chen | Spring 2017 Frank Chen | Spring 2017

  14. Threats Intended to take advantage of our fear of the unknown Source : http://bit.ly/2kjyos0 Frank Chen | Spring 2017 Frank Chen | Spring 2017

  15. Popular Company or Organization Intended to add credibility to the phish Source : http://bit.ly/2oiuNbo Frank Chen | Spring 2017 Frank Chen | Spring 2017

  16. Phishing via Facebook Source : http://bit.ly/2oiuNbo Frank Chen | Spring 2017

  17. Phishing via Google https://l.facebook.com/l.php?u=http%3A%2 Translate F%2Ftranslate.google.com%2Ftranslate%3Fs l%3Den%26tl%3Dde%26u%3Dhttp%253A%252F%25 2Fyjtdydjyc.es.tl%252F%253F0706155&h=ATP -krBIeekxAKsByfeNch_ZDF70pcQHGSWJdO3V40F _2ZZXQQTCwnH6YwGn8qHIwPq69ICvchuDq82FdPj gV2M7PiciBXVtpxmRiL9Lj52OhFuEh2rJsEc8ijG 6LrJjHXJhVlWNphA&s=1 Source : http://bit.ly/2nYXZIp Frank Chen | Spring 2017

  18. Phishing via Gmail Frank Chen | Spring 2017

  19. A CLoser Look Frank Chen | Spring 2017

  20. More Examples Frank Chen | Spring 2017

  21. C Social Engineering I A Def: Psychological manipulation of people into performing actions or divulging confidential information Frank Chen | Spring 2017

  22. Amazon Customer Service "Backdoor" Def: A backdoor is a method, often secret, of bypassing normal authentication in a secure system. Source : http://bit.ly/2gHurHF Frank Chen | Spring 2017

  23. Amazon Customer Service "Backdoor" Source : http://bit.ly/2gHurHF Frank Chen | Spring 2017

  24. Amazon Customer Service "Backdoor" Source : http://bit.ly/2gHurHF Frank Chen | Spring 2017

  25. Amazon Customer Service "Backdoor" Source : http://bit.ly/2gHurHF Frank Chen | Spring 2017

  26. A semi-realistic example Frank Chen | Spring 2017

  27. Agenda ● Review last week’s material ● Phishing & Social Engineering ● Various Malwares ● Spam Classification: A Machine Learning Approach ● Resources + Best Practices Frank Chen | Spring 2017

  28. Malware Def: Malware is short for malicious software , meaning software that can be used to compromise CIA principles of a system. Malware is a broad term that refers to a variety of malicious programs. **Note: Advanced understanding of how these malware works is out of the scope for this class, but the relevant readings are provided as resources. Frank Chen | Spring 2017

  29. C Adware I Adware (short for A advertising-supported software) is a type of malware that automatically delivers advertisements. Source : http://symc.ly/2pkTubZ Frank Chen | Spring 2017

  30. C Bot I Bots are software A programs created to automatically perform specific operations. Source : http://symc.ly/2pkOp3q Frank Chen | Spring 2017

  31. C Ransomware I Ransomware is a form of A malware that essentially holds a computer system captive while demanding a ransom. Source : http://symc.ly/2oMbU4t Frank Chen | Spring 2017

  32. C Rootkit I A rootkit is a type of A malicious software designed to remotely access or control a computer without being detected by users or security programs. Source : https://www.avast.com/c-rootkit Frank Chen | Spring 2017

  33. C Spyware I Spyware is a type of malware that A functions by spying on user activity without their knowledge. These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting Source : http://bit.ly/2mZDefB Frank Chen | Spring 2017

  34. C Trojan Horse I A Trojan horse, commonly A known as a “Trojan,” is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware. (Right: Impact of Zeus Trojan Horse worldwide) Source : http://symc.ly/2joUzZG Frank Chen | Spring 2017

  35. C Virus I A virus is a form of malware A that is capable of copying itself and spreading to other computers. Source : http://symc.ly/2pkOp3q Frank Chen | Spring 2017

  36. C Worm I They spread over computer A networks by exploiting operating system vulnerabilities.Worms typically cause harm to their host networks by consuming bandwidth and overloading web servers. Source : http://bit.ly/2p6Mz6h Frank Chen | Spring 2017

  37. Agenda ● Review last week’s material ● Phishing & Social Engineering ● Various Malwares ● Spam Classification: A Machine Learning Approach ● Resources + Best Practices Frank Chen | Spring 2017

  38. Spam/Ham ฀ 143 Million Americans...they didn't expect this Dear Frank, at all… ฀ Do you have 10 minutes to meet <link to strange website URL: tomorrow about http://difirtyuio.ga/neyJjIjogNzM1NjAsICJmIjog my roommate conflict situation? MCwgIm0iOiA2Mzk3MCwgImwiOiA2NCwgInM iOiAwLCAidSI6IDIzNTYzMTQwMywgInQiOiAxL Thanks, CAic2QiOiAyMH0=> Bob *Slide content credit to Prof. Ameet Talwalkar Frank Chen | Spring 2017

  39. Strategy: Count the Words free … 100 free … 1 money … 10 money … 1 . . . . . . . . . . . . account … 2 account … 2 *Slide content credit to Prof. Ameet Talwalkar Frank Chen | Spring 2017

  40. Train a Classifier Model Our "Magical" Email labeled as 'ham' Classifier Model Email labeled as 'spam' *Slide content credit to Prof. Ameet Talwalkar Frank Chen | Spring 2017

  41. How to train the Classifier Model Given: Training Data Ɗ Goal: Learn some parameters π, θ under some constraints. *Slide content credit to Prof. Ameet Talwalkar Frank Chen | Spring 2017

  42. Solve: Constrained Optimization Out of scope for this class! For more information on the math formulations behind Bayes Optimal Classifier and Constrained Optimization using Lagrange Multipliers, check out Prof. Talwalkar's slides on Logistic Regression. http://web.cs.ucla.edu/~ameet/teaching/winter17/cs260/lecture s/lec05.pdf *Slide content credit to Prof. Ameet Talwalkar Frank Chen | Spring 2017

  43. Use model to make prediction Our "Magical" OR Classifier Model New, unlabeled email *Slide content credit to Prof. Ameet Talwalkar Frank Chen | Spring 2017

  44. Google ReCaptcha Cursor Movement in the x and y-axis ● Prior Behavior ● Click Location History ● For more information, visit Google's Security Blog: http://bit.ly/2fUMY2G Frank Chen | Spring 2017

  45. Agenda ● Review last week’s material ● Phishing, Social Engineering, Identity Theft ● Extended Examples ● Spam Classification: A Machine Learning Approach ● Resources + Best Practices Frank Chen | Spring 2017

  46. Anti-Virus Software Def: computer software used to prevent, detect and remove malicious software. Frank Chen | Spring 2017

  47. Avast As of 2015, Avast is the most popular antivirus on the market, and it had the largest share of the market for antivirus applications. Avast has both desktop and mobile applications. Frank Chen | Spring 2017

  48. AVG A family of antivirus and Internet security software developed by AVG Technologies, a subsidiary of Avast Software. Frank Chen | Spring 2017

  49. MalwareBytes Primarily a scanner that scans and removes malicious software, including rogue security software, adware, and spyware Frank Chen | Spring 2017

Recommend

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social Engineering Scams Allen Zhou Comp116 Final Presentation What is Phishing? Social Engineering Steal credentials, data, or money Infect

438 views • 26 slides
Social Engineering Phishing &amp; More Phishing Fake Email Accounts Real Email Accounts

Social Engineering Phishing &amp; More Phishing Fake Email Accounts Real Email Accounts

Social Engineering Phishing &amp; More Phishing Fake Email Accounts Real Email Accounts DrLaneA@mail.com b.miller@tcu.edu Bursar-SecureServices@me.com jbickford@necc.mass.edu No proof of identity Could already be compromised

343 views • 7 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of

Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of

Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of Amsterdam) Supervisors: Alex Stavroulakis, Rick van Galen (KPMG) Phishing emails Special type of spam message Fraudulent social

1.11k views • 29 slides
Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing,

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing,

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing, Vishing 2. Payment Fraud CEO Impersonation, Invoice Fraud. 3. Online / Cyber Fraud Malware &amp; Trojans, Security Software, Social

448 views • 13 slides
Phishing Junxiao Shi, Sara Saleem University of Arizona Apr 23, 2012 1 Introduction 2 Email

Phishing Junxiao Shi, Sara Saleem University of Arizona Apr 23, 2012 1 Introduction 2 Email

Phishing Junxiao Shi, Sara Saleem University of Arizona Apr 23, 2012 1 Introduction 2 Email Spoofing 3 Web Spoofing 4 Pharming 5 Malware 6 Phishing through PDF 7 References What is Phishing a form of social engineering to fraudulently retrieve

640 views • 38 slides
The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types &amp; Techniques 3. Phishing Stats &amp; Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
PHISHING IN DEPTH (ATTACKS &amp; MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS &amp; MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS &amp; MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos &amp; Practical INTRODUCTION

565 views • 27 slides
Phi.sh/$oCiaL: The Phishing landscape through Short URL's 1. Introduction With the advent of

Phi.sh/$oCiaL: The Phishing landscape through Short URL's 1. Introduction With the advent of

Phi.sh/$oCiaL: The Phishing landscape through Short URL's 1. Introduction With the advent of Web 2.0 technologies, social services like Twitter, Facebook, and MySpace have emerged as popular media for information sharing; While phishing

813 views • 33 slides
Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring: What is phishing? How phishing can damage a business What are the difgerent types of phishing? How to spot a phishing email What to do if

159 views • 12 slides
of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

PhishEye: Xiao Han Nizar Kheir Live Monitoring Davide Balzarotti of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd Quarter 2016] All time high record

921 views • 59 slides
Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing 2. Strategic defense techniques 3. A new client based solution: DOMAntiPhish 4. Conclusions Nature of Phishing Statistics from the Anti

536 views • 31 slides
Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke Tian, Steve T.K. Jan , Hang Hu, Danfeng Yao, Gang Wang Computer Science, Virginia Tech Phishing is a Big Th Threat Phishing: fraudulent attempt

411 views • 30 slides
Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able to: Define phishing Identify signs of a potential phishing email Know where to report phishing emails to and how to report them

168 views • 15 slides
Phishing O que ? Ttica de engenharia social Pescaria de credenciais Ttica 1 - site

Phishing O que ? Ttica de engenharia social Pescaria de credenciais Ttica 1 - site

Phishing O que ? Ttica de engenharia social Pescaria de credenciais Ttica 1 - site convincente + Ctrl-S www.ltau.com.br www.ltau.com.br www.LTAU.com.br Ttica 2 - Email customizado exemplo: promoes exclusivas para

476 views • 31 slides
Cyber Security J I L L S K L A R J A C K S O N C O U N T Y J U D G E C O U N T Y C O U R T

Cyber Security J I L L S K L A R J A C K S O N C O U N T Y J U D G E C O U N T Y C O U R T

Cyber Security J I L L S K L A R J A C K S O N C O U N T Y J U D G E C O U N T Y C O U R T A S S I S TA N T S T R A I N I N G C O N F E R E N C E , F E B R U A R Y 2 1 , 2 0 2 0 How Do Hackers Attack? Social Engineering Phishing,

1.13k views • 26 slides
KnowBe4 is the worlds largest security awareness training and simulated phishing platform

KnowBe4 is the worlds largest security awareness training and simulated phishing platform

KnowBe4 is the worlds largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. About Us Over 28,000 The worlds largest integrated Security Awareness

977 views • 16 slides
Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., &amp; Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., &amp; Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., &amp; Hearst, M. (2006, April 22). Why Phishing Works. Gelernter, N., Kalma, S., Magnezi, B., &amp; Porcilan, H. (2017). The Password Reset MitM Attack. What is Phishing? Dhamija, R.,

528 views • 50 slides
Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition of spear phishing Why is spear phishing so valuable to attackers Spear phishing defenses / countermeasures Training concepts and delivery

434 views • 8 slides
SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events

SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events

SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events Social engineering risks Mitigation Strategies Q&amp;A WHAT IS SOCIAL ENGINEERING? The Art of Deception, Kevin Mitnick: &quot;Social

449 views • 19 slides
Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing

Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing

Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing Attack An email address that tries to disguise itself as legitimate Outlook Team &lt;msOutlook@outlook.com&gt; Confirm Acount Details Hello

108 views • 7 slides

More recommend