Scribd
Upload
110 views16 pages

Mass Phishing: Understanding the Threat

This document discusses phishing, including what it is, common types of phishing attacks, and how organizations use phishing simulation programs to educate employees. It defines phishing as a cybercrime that uses fraudulent communications to trick targets into revealing sensitive information. Common types include mass phishing, spear phishing, and whaling attacks. Organizations use simulation tools to test employees by sending fake phishing emails and tracking who falls for them to identify training needs. Dashboards from these tools report metrics like open and click rates to evaluate the effectiveness of phishing education programs.

Uploaded by

shravani kulthe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
110 views16 pages

Mass Phishing: Understanding the Threat

This document discusses phishing, including what it is, common types of phishing attacks, and how organizations use phishing simulation programs to educate employees. It defines phishing as a cybercrime that uses fraudulent communications to trick targets into revealing sensitive information. Common types include mass phishing, spear phishing, and whaling attacks. Organizations use simulation tools to test employees by sending fake phishing emails and tracking who falls for them to identify training needs. Dashboards from these tools report metrics like open and click rates to evaluate the effectiveness of phishing education programs.

Uploaded by

shravani kulthe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Understanding

Phishing
Phishing
• It is a type of cybercrime
• Targets are contacted via email, text message or via call
• They lure targets, and then obtain sensitive information such as credit-card details, passwords of net banking, etc.
• Some common examples of phishing are URLs, emails, attachments, etc.
• This is the most powerful and popular attack for hacking.
• May appear to come from legitimate companies, organizations or known individuals
• Takes advantage of natural disasters, epidemics, health scares, political elections or timely events

2
Types of Phishing
 Mass Phishing – Mass, large-volume attack intended to reach as many people as possible
 Spear Phishing – Targeted attack directed at specific individuals or companies using gathered information to personalize the
message and make the scam more difficult to detect
 Whaling – Type of spear phishing attack that targets “big fish,” including high-profile individuals or those with a great deal of
authority or access
 Clone Phishing – Spoofed copy of a legitimate and previously delivered email, with original attachments or hyperlinks replaced
with malicious versions, which is sent from a forged email address, so it appears to come from the original sender or another
legitimate source
 Advance-Fee Scam: Requests the target to send money or bank account information to the cybercriminal

3
Common Phishing Sources

Fake account on a social media Advertisement for immediate


site weight loss, hair growth or
fitness prowess

Attachment labeled “invoice” or Notification from what


“shipping order” appears to be a credit card
company

4
Causes of Phishing

Unsecured desktop / laptop Lack of user awareness

Misleading e-mails Fancy offers

5
Phishing Examples

6
Targeted - Phishing
• It is also called as spear phishing.
• This type of phishing targets a specific person or an organization instead of a group.
• Motive is as same as phishing.
• This type of phishing needs research to narrow their targets.

7
Phishing Simulation
Programs conducted by
various Organizations

8
Organisation Name – cyberriskware
Product Name – Phish Maestro
• Recreates phishing attacks as well as ransomware attacks to test the employees.
• Simulates phishing attacks with internal email addresses.
• Identifies the geographic location, OS as well as browser related information of the devices who fall
into the trap, and then auto-enrols them into cyber-security awareness trainings.
• Identifies the users who repeatedly fall into the trap as well has high-risk departments as well as
locations.
• They provide “PhishHuk Alert button” where users can report the real-time phishing attacks for
further analysis.

9
Organization Name – [Link]
Product Name – Phishing Simulation Tool
• They simulate real-life and recent phishing style attacks.
• Notification is received when the employees who fall into the simulation trap and click on the links.
• After the simulation, they can check which user is at the highest risk via email as well as showcase
overall simulation analytics.
• They try again to reinforce best practices.

10
Organization Name – Trend Micro Phish Insight
Product Name – Phish Insight

• Saas based tool.


• Real time dashboard(includes attachment history as well).
• Recipient alert options which show when the user is phished, without notifying the target.

11
Various Phishing Simulator
Dashboards

12
13
14
Metrics of the Phishing Simulator used
by Various Organisations
 Active Campaigns  Users tested
 Open rate  Pass rate
 Click rate  Report-to-open ratio
 Report rate  Threat reporters
 Caught-to-open ratio

15
THANK YOU
Shravani Kulthe
[Link]@[Link]
+91 9673755208

You might also like