SlideShare a Scribd company logo

UW School of Medicine Social Engineering and Phishing Awareness

Download as PPT, PDF
Nicholas Davis
Nicholas Davis

An IT Security presentation I created for faculty and staff of the UW-Madison, School of Medicine, about how to recognize and defend against the threats of complex Phishing and Social Engineering, to protect sensitive digital information.

1 of 40
Free Powerpoint Templates Page 1 Free Powerpoint Templates Phishing and Social Engineering Awareness - Nicholas Davis CISA, CISSP Security Architect UW-Madison, Division of Information Technology - 9 – 26 - 2013
Free Powerpoint Templates Page 2 Introduction • Background • Phishing and Social Engineering • History • Types • Examples • Detecting Fraudulent Email • Defending Against Phishing Attacks • Measured Phishing Awareness at DoIT • Samples and Participation Rates • Question and Answer Session
Free Powerpoint Templates Page 3 Social Engineering The art of manipulating people into performing actions or divulging confidential information It is typically trickery or deception for the purpose of information gathering, fraud, or computer system access
Free Powerpoint Templates Page 4 Phishing • Deception • Email • Websites • Facebook status updates • Tweets • Phishing, in the context of the healthcare working environment is extremely dangerous
Free Powerpoint Templates Page 5 Phishing 1995 • Target AOL users • Account passwords=free online time • Threat level: low • Techniques: similar names, such as www.ao1.com for www.aol.com
Free Powerpoint Templates Page 6 Phishling 2001 Target: Ebay and major banks Credit card numbers and account numbers = money Threat level: medium Techniques: Same in 1995
Free Powerpoint Templates Page 7 Phishing 2007 Targets are Paypal, banks, ebay Purpose to steal bank accounts Threat level is high Techniques: browser vulnerabilities, link obfuscation
Free Powerpoint Templates Page 8 Phishing in 2013 • Identity Information • Personal Harm • Blackmail
Free Powerpoint Templates Page 9 Looking In the Mirror • Which types of sensitive information do you have access to? • What about others who share the computer network with you? • Think about the implications associated that data being stolen and exploited!
Free Powerpoint Templates Page 10 What Phishing Looks Like • As scam artists become more sophisticated, so do their phishing e- mail messages and pop-up windows. • They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.
Free Powerpoint Templates Page 11 Techniques For Phishing • Employ visual elements from target site • DNS Tricks: • www.ebay.com.kr • www.ebay.com@192.168.0.5 • www.gooogle.com • Unicode attacks • JavaScript Attacks • Spoofed SSL lock Certificates • Phishers can acquire certificates for domains they own • Certificate authorities make mistakes
Free Powerpoint Templates Page 12 Social Engineering Techniques • Socially aware attacks • Mine social relationships from public data • Phishing email appears to arrive from someone known to the victim • Use spoofed identity of trusted organization to gain trust • Urge victims to update or validate their account • Threaten to terminate the account if the victims not reply • Use gift or bonus as a bait • Security promises
Free Powerpoint Templates Page 13 Remember These Social Engineering Techniques Often employed in Phishing seem more real, urgent or to lower your guard of trust Threats – Do this or else! Authority – I have the authority to ask this Promises – If you do this, you will get $$$ Praise – You deserve this
Free Powerpoint Templates Page 14 Other Phishing Techniques Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to the victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises
Free Powerpoint Templates Page 15 Let’s Talk About Facebook • So important, it gets its own slide! • Essentially unauthenticated – discussion • Three friends and you’re out! - discussion • Privacy settings mean nothing – discussion • Treasure Trove of identity information • Games as information harvesters
Free Powerpoint Templates Page 16 Socially Aware
Free Powerpoint Templates Page 17 Context Aware “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!”
Free Powerpoint Templates Page 18 Seems Suspicious
Free Powerpoint Templates Page 19 Social Engineering Methods 419 Scam Nigerian Email Spanish Prisoner
Free Powerpoint Templates Page 20 Too Good to be True
Free Powerpoint Templates Page 21 Detecting Fraudulent Email Information requested is inappropriate for the channel of communication: "Verify your account."nobody should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. Urgency and potential penalty or loss are implied: "If you don't respond within 48 hours, your account will be closed.”
Free Powerpoint Templates Page 22 Detecting Fraudulent Email "Dear Valued Customer."Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
Free Powerpoint Templates Page 23 Dectecting Fraudulent Email "Click the link below to gain access to your account.“ This is an example or URL Masking (hiding the web address) URL alteration www.micosoft.com www.mircosoft.com www.verify-microsoft.com
Free Powerpoint Templates Page 24 How to Defend Against Phishing Attacks •Never respond to an email asking for personal information • Always check the site to see if it is secure (SSL lock) • Look for misspellings or errors in grammar • Never click on the link on the email. Enter the web address manually • Keep your browser updated • Keep antivirus definitions updated • Use a firewall • When in doubt, ask your Network Administrator for their opinion
Free Powerpoint Templates Page 25 A Note on Spear Phishing • Designed especially for you • Includes your name • May reference an environment or issue you are aware of and familiar with • Asks for special treatment, with justification for the request
Free Powerpoint Templates Page 26 Don’t Touch That QR Code Curiousity Is Dangerous
Free Powerpoint Templates Page 27 Other Techniques An ocean of Phishing techniques •Clone Phishing - Discussion •Whaling - Discussion •Filter Evasion - Discussion •Phone Phishing - Discussion •Tabnabbing - Discussion •Evil Twins - Discussion
Free Powerpoint Templates Page 28 Social Engineering Trojans
Free Powerpoint Templates Page 29 Baiting Hey, look! A free USB drive! I wonder what is on this confidential CD which I found in the bathroom? These are vectors for malware! Play on your curiousity or desire to get something for nothing Don’t be a piggy!
Free Powerpoint Templates Page 30 Out of Office Out of Control Using the Out of Office responder in a responsible manner
Free Powerpoint Templates Page 31 Phishing Awareness at DoIT DoIT staff undergo formal Security Awareness training every year Reading is one thing, experiencing is another We wanted some real measurements Purchased a product which enabled us to run measured phishing campaigns Eight campaigns over the past year, from simple to complex
Free Powerpoint Templates Page 32 Fidlety - Simple
Free Powerpoint Templates Page 33 Liked-In – A Little Harder
Free Powerpoint Templates Page 34 Faceblock Friends - Tricky
Free Powerpoint Templates Page 35 A Coupon From The Home Despot
Free Powerpoint Templates Page 36 A New Kitchen At Work
Free Powerpoint Templates Page 37 Dr. Jekyll – Or Mr. Hyde? The Crown Jewel!
Free Powerpoint Templates Page 38 Results Average industry end user “participation rate” is 14% Can you guess what our participation rate was? The more familiar the subject matter, the more likely people are to let their guard down
Free Powerpoint Templates Page 39 Summary Technology does not provide all the answers Think of Phishing every time you open an email Remember, Social Engineering happens everywhere, not just at St. Elsewhere
Free Powerpoint Templates Page 40 Questions and Discussion Nicholas Davis ndavis1@wisc.edu facebook.com/nicholas.a.davis

Recommended

Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
Aleksandr Yampolskiy
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
abercius24
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 

Recommended

Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
Aleksandr Yampolskiy
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
abercius24
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacks
masoud khademi
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
Rob Ragan
 
social engineering
social engineering social engineering
social engineering
Ravi Patel
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
SpencerBurton8
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
Rob Ragan
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
Jahangirnagar University
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
Tzar Umang
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
Ahmed Musaad
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
Murray Security Services
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishingthecorrosiveone
 

More Related Content

What's hot

Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacks
masoud khademi
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
Rob Ragan
 
social engineering
social engineering social engineering
social engineering
Ravi Patel
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
SpencerBurton8
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
Rob Ragan
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
Jahangirnagar University
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
Tzar Umang
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
Ahmed Musaad
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
Murray Security Services
 

What's hot (20)

Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacks
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
social engineering
social engineering social engineering
social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 

Viewers also liked

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishingthecorrosiveone
 
Geovon TECH621 Presentation
Geovon TECH621 PresentationGeovon TECH621 Presentation
Geovon TECH621 PresentationGeovon
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
Ayoma Wijethunga
 
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Aurum Radiance
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
Craig Clark ITIL, CIS LI,EU GDPR P
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
Stephan Chenette
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
Tudor Damian
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Information Warfare
Information WarfareInformation Warfare
Information Warfare
Eashani Rodrigo
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
Praetorian
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Shah Sheikh
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Viewers also liked (16)

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishing
 
Geovon TECH621 Presentation
Geovon TECH621 PresentationGeovon TECH621 Presentation
Geovon TECH621 Presentation
 
Cyber war
Cyber warCyber war
Cyber war
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
 
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
Perkenalan Keamanan Siber Offensive Security of SMAN 1 Karawang /w Aurumradia...
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Information Warfare
Information WarfareInformation Warfare
Information Warfare
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to UW School of Medicine Social Engineering and Phishing Awareness

IT Security for Healthcare Professionals
IT Security for Healthcare ProfessionalsIT Security for Healthcare Professionals
IT Security for Healthcare Professionals
Nicholas Davis
 
It Security For Healthcare
It Security For HealthcareIt Security For Healthcare
It Security For Healthcare
Nicholas Davis
 
It Security For Healthcare
It Security For HealthcareIt Security For Healthcare
It Security For Healthcare
Nicholas Davis
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentNicholas Davis
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentNicholas Davis
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
Excellence Foundation for South Sudan
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
Lourdes Paloma Gimenez
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptx
LaurieAnnFrazier
 
Webinar: How to avoid the 12 Scams of Christmas
Webinar: How to avoid the 12 Scams of ChristmasWebinar: How to avoid the 12 Scams of Christmas
Webinar: How to avoid the 12 Scams of Christmas
AbilityNet
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
2015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_0920152015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_092015Pete Pouridis
 
10 online privacy module samedit1
10 online privacy module samedit110 online privacy module samedit1
10 online privacy module samedit1Rozell Sneede
 
Breakfast Briefings - February 2018
Breakfast Briefings - February 2018Breakfast Briefings - February 2018
Breakfast Briefings - February 2018
PKF Francis Clark
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...
Justin Denton
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
Rayane Hazimeh
 
Building Trust in the Digital Age
Building Trust in the Digital AgeBuilding Trust in the Digital Age
Building Trust in the Digital Age
Marian Merritt
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
Rayane Hazimeh
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
Rayanehaz
 
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social MediaAsset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
Helen Levinson
 

Similar to UW School of Medicine Social Engineering and Phishing Awareness (20)

IT Security for Healthcare Professionals
IT Security for Healthcare ProfessionalsIT Security for Healthcare Professionals
IT Security for Healthcare Professionals
 
It Security For Healthcare
It Security For HealthcareIt Security For Healthcare
It Security For Healthcare
 
It Security For Healthcare
It Security For HealthcareIt Security For Healthcare
It Security For Healthcare
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptx
 
Webinar: How to avoid the 12 Scams of Christmas
Webinar: How to avoid the 12 Scams of ChristmasWebinar: How to avoid the 12 Scams of Christmas
Webinar: How to avoid the 12 Scams of Christmas
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
2015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_0920152015 NOLA_HHM_SE_PP_092015
2015 NOLA_HHM_SE_PP_092015
 
10 online privacy module samedit1
10 online privacy module samedit110 online privacy module samedit1
10 online privacy module samedit1
 
10 online privacy module samedit1
10 online privacy module samedit110 online privacy module samedit1
10 online privacy module samedit1
 
Breakfast Briefings - February 2018
Breakfast Briefings - February 2018Breakfast Briefings - February 2018
Breakfast Briefings - February 2018
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
 
Building Trust in the Digital Age
Building Trust in the Digital AgeBuilding Trust in the Digital Age
Building Trust in the Digital Age
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
 
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social MediaAsset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
 

More from Nicholas Davis

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Nicholas Davis
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support Systems
Nicholas Davis
 
Lecture blockchain
Lecture blockchainLecture blockchain
Lecture blockchain
Nicholas Davis
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development Methodologies
Nicholas Davis
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
Nicholas Davis
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Nicholas Davis
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things Overview
Nicholas Davis
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
Nicholas Davis
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
Nicholas Davis
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team Project
Nicholas Davis
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
Nicholas Davis
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Nicholas Davis
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
Nicholas Davis
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing Education
Nicholas Davis
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An Overview
Nicholas Davis
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security Implications
Nicholas Davis
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Nicholas Davis
 

More from Nicholas Davis (20)

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support Systems
 
Lecture blockchain
Lecture blockchainLecture blockchain
Lecture blockchain
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development Methodologies
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things Overview
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team Project
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing Education
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An Overview
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security Implications
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
 

Recently uploaded

Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
UiPathCommunity
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 

Recently uploaded (20)

Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 

UW School of Medicine Social Engineering and Phishing Awareness

  • 1. Free Powerpoint Templates Page 1 Free Powerpoint Templates Phishing and Social Engineering Awareness - Nicholas Davis CISA, CISSP Security Architect UW-Madison, Division of Information Technology - 9 – 26 - 2013
  • 2. Free Powerpoint Templates Page 2 Introduction • Background • Phishing and Social Engineering • History • Types • Examples • Detecting Fraudulent Email • Defending Against Phishing Attacks • Measured Phishing Awareness at DoIT • Samples and Participation Rates • Question and Answer Session
  • 3. Free Powerpoint Templates Page 3 Social Engineering The art of manipulating people into performing actions or divulging confidential information It is typically trickery or deception for the purpose of information gathering, fraud, or computer system access
  • 4. Free Powerpoint Templates Page 4 Phishing • Deception • Email • Websites • Facebook status updates • Tweets • Phishing, in the context of the healthcare working environment is extremely dangerous
  • 5. Free Powerpoint Templates Page 5 Phishing 1995 • Target AOL users • Account passwords=free online time • Threat level: low • Techniques: similar names, such as www.ao1.com for www.aol.com
  • 6. Free Powerpoint Templates Page 6 Phishling 2001 Target: Ebay and major banks Credit card numbers and account numbers = money Threat level: medium Techniques: Same in 1995
  • 7. Free Powerpoint Templates Page 7 Phishing 2007 Targets are Paypal, banks, ebay Purpose to steal bank accounts Threat level is high Techniques: browser vulnerabilities, link obfuscation
  • 8. Free Powerpoint Templates Page 8 Phishing in 2013 • Identity Information • Personal Harm • Blackmail
  • 9. Free Powerpoint Templates Page 9 Looking In the Mirror • Which types of sensitive information do you have access to? • What about others who share the computer network with you? • Think about the implications associated that data being stolen and exploited!
  • 10. Free Powerpoint Templates Page 10 What Phishing Looks Like • As scam artists become more sophisticated, so do their phishing e- mail messages and pop-up windows. • They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.
  • 11. Free Powerpoint Templates Page 11 Techniques For Phishing • Employ visual elements from target site • DNS Tricks: • www.ebay.com.kr • www.ebay.com@192.168.0.5 • www.gooogle.com • Unicode attacks • JavaScript Attacks • Spoofed SSL lock Certificates • Phishers can acquire certificates for domains they own • Certificate authorities make mistakes
  • 12. Free Powerpoint Templates Page 12 Social Engineering Techniques • Socially aware attacks • Mine social relationships from public data • Phishing email appears to arrive from someone known to the victim • Use spoofed identity of trusted organization to gain trust • Urge victims to update or validate their account • Threaten to terminate the account if the victims not reply • Use gift or bonus as a bait • Security promises
  • 13. Free Powerpoint Templates Page 13 Remember These Social Engineering Techniques Often employed in Phishing seem more real, urgent or to lower your guard of trust Threats – Do this or else! Authority – I have the authority to ask this Promises – If you do this, you will get $$$ Praise – You deserve this
  • 14. Free Powerpoint Templates Page 14 Other Phishing Techniques Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to the victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises
  • 15. Free Powerpoint Templates Page 15 Let’s Talk About Facebook • So important, it gets its own slide! • Essentially unauthenticated – discussion • Three friends and you’re out! - discussion • Privacy settings mean nothing – discussion • Treasure Trove of identity information • Games as information harvesters
  • 16. Free Powerpoint Templates Page 16 Socially Aware
  • 17. Free Powerpoint Templates Page 17 Context Aware “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!”
  • 18. Free Powerpoint Templates Page 18 Seems Suspicious
  • 19. Free Powerpoint Templates Page 19 Social Engineering Methods 419 Scam Nigerian Email Spanish Prisoner
  • 20. Free Powerpoint Templates Page 20 Too Good to be True
  • 21. Free Powerpoint Templates Page 21 Detecting Fraudulent Email Information requested is inappropriate for the channel of communication: "Verify your account."nobody should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. Urgency and potential penalty or loss are implied: "If you don't respond within 48 hours, your account will be closed.”
  • 22. Free Powerpoint Templates Page 22 Detecting Fraudulent Email "Dear Valued Customer."Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
  • 23. Free Powerpoint Templates Page 23 Dectecting Fraudulent Email "Click the link below to gain access to your account.“ This is an example or URL Masking (hiding the web address) URL alteration www.micosoft.com www.mircosoft.com www.verify-microsoft.com
  • 24. Free Powerpoint Templates Page 24 How to Defend Against Phishing Attacks •Never respond to an email asking for personal information • Always check the site to see if it is secure (SSL lock) • Look for misspellings or errors in grammar • Never click on the link on the email. Enter the web address manually • Keep your browser updated • Keep antivirus definitions updated • Use a firewall • When in doubt, ask your Network Administrator for their opinion
  • 25. Free Powerpoint Templates Page 25 A Note on Spear Phishing • Designed especially for you • Includes your name • May reference an environment or issue you are aware of and familiar with • Asks for special treatment, with justification for the request
  • 26. Free Powerpoint Templates Page 26 Don’t Touch That QR Code Curiousity Is Dangerous
  • 27. Free Powerpoint Templates Page 27 Other Techniques An ocean of Phishing techniques •Clone Phishing - Discussion •Whaling - Discussion •Filter Evasion - Discussion •Phone Phishing - Discussion •Tabnabbing - Discussion •Evil Twins - Discussion
  • 28. Free Powerpoint Templates Page 28 Social Engineering Trojans
  • 29. Free Powerpoint Templates Page 29 Baiting Hey, look! A free USB drive! I wonder what is on this confidential CD which I found in the bathroom? These are vectors for malware! Play on your curiousity or desire to get something for nothing Don’t be a piggy!
  • 30. Free Powerpoint Templates Page 30 Out of Office Out of Control Using the Out of Office responder in a responsible manner
  • 31. Free Powerpoint Templates Page 31 Phishing Awareness at DoIT DoIT staff undergo formal Security Awareness training every year Reading is one thing, experiencing is another We wanted some real measurements Purchased a product which enabled us to run measured phishing campaigns Eight campaigns over the past year, from simple to complex
  • 32. Free Powerpoint Templates Page 32 Fidlety - Simple
  • 33. Free Powerpoint Templates Page 33 Liked-In – A Little Harder
  • 34. Free Powerpoint Templates Page 34 Faceblock Friends - Tricky
  • 35. Free Powerpoint Templates Page 35 A Coupon From The Home Despot
  • 36. Free Powerpoint Templates Page 36 A New Kitchen At Work
  • 37. Free Powerpoint Templates Page 37 Dr. Jekyll – Or Mr. Hyde? The Crown Jewel!
  • 38. Free Powerpoint Templates Page 38 Results Average industry end user “participation rate” is 14% Can you guess what our participation rate was? The more familiar the subject matter, the more likely people are to let their guard down
  • 39. Free Powerpoint Templates Page 39 Summary Technology does not provide all the answers Think of Phishing every time you open an email Remember, Social Engineering happens everywhere, not just at St. Elsewhere
  • 40. Free Powerpoint Templates Page 40 Questions and Discussion Nicholas Davis ndavis1@wisc.edu facebook.com/nicholas.a.davis