bad actors, phishers and oh my! liars and internet safety: … · 2020. 8. 28. · 1. change your...
TRANSCRIPT
![Page 1: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/1.jpg)
Internet Safety: Liars and Phishers and Bad Actors, Oh My!
Presented by:
Copyright InfraShield Inc. - All Rights Reserved
Kevin A. [email protected]
![Page 2: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/2.jpg)
About the Speaker
https://www.linkedin.com/in/kmcgrail
Kevin A. McGrailDirector, Business Growth
![Page 3: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/3.jpg)
Security ExpertiseUSMC Cyber Aux Member
Apache SpamAssassin
KAM.cf
Helped with the first IDS
MIMEDefang
Phone Lines Cut
Apology from the FBI
![Page 4: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/4.jpg)
Used to securing high-value, high-target critical infrastructure
$40M cyber range for proving our strategies
OT & IT Cyber Expertise
What Makes InfraShield Special?
Copyright InfraShield Inc. - All Rights Reserved
![Page 5: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/5.jpg)
![Page 6: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/6.jpg)
Today’s Goals
What is Phishing?
How to Recognize Signs of Phishing
Laugh (Preferably with Me, Rather than at Me)
Real World Advice
![Page 7: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/7.jpg)
What is Phishing?
![Page 8: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/8.jpg)
Why me? I’m Not a Target!
![Page 9: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/9.jpg)
Everyone & Anything is a Target!
https://digitalguardian.com/blog/whats-value-stolen-chest-x-ray-more-youd-think
![Page 10: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/10.jpg)
Phishing isn’t just about
Personal Interactions
Unexpected Value
Steganography
Unintended Leakage
Social Media
Job Inquiries
Invoice Scams
![Page 11: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/11.jpg)
Watch Out for Psych-O’s
PsychSeason 1, Episode 11
He Loves Me, He Loves Me Not, He Loves Me, Oops He's Dead
![Page 12: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/12.jpg)
Social Media is a Goldmine
Be sensitive about what you post. Birthdays, parents, addresses, pets, graduations, etc. it all adds up! And it’s all archived somewhere...
![Page 13: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/13.jpg)
Hidden Secrets
https://nakedsecurity.sophos.com/2019/01/11/old-twitter-posts-reveal-hidden-secrets-say-researchers/
Twitter data before 2015 included metadata: “Before this date, if a user geotagged themselves in a broad area such as a city, the social network embedded their exact GPS coordinates in the tweet’s metadata...”
Posts containing phrases like “at work”, “at home”, or complaints about a doctor leaked Personally Identifiable Information (PII)
Able to positively identify dozens of anonymous Twitter users!
![Page 14: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/14.jpg)
Florida Man Challenge
Have you heard of the Florida Man Challenge?
Did anyone here do it?
What are the risks involved?
![Page 15: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/15.jpg)
Q: Why Do Hackers Love OOM?
![Page 16: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/16.jpg)
A: People Overshare
![Page 17: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/17.jpg)
There is a Quick Fix
![Page 18: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/18.jpg)
Spear Phishing on Business Social Media
![Page 19: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/19.jpg)
Some are Quite Silly….
Do I know your father, Qwerty Asdfg?
![Page 20: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/20.jpg)
<3 the <3’s
![Page 21: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/21.jpg)
Sometimes we see patterns...
![Page 22: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/22.jpg)
The Risk of Job Inquiries
https://nakedsecurity.sophos.com/2019/01/21/attackers-used-a-linkedin-job-ad-and-skype-call-to-breach-banks-defences/
![Page 23: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/23.jpg)
LI to PDF to URL Shortener
They use these techniques to:
A) Make the message look more legitimate
B) Evade scanners
![Page 24: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/24.jpg)
“This notice is not a bill…”
Pay no attention to the man behind the curtain…
Not all scams are illegal!
“Invoice” Scams
![Page 25: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/25.jpg)
“This is an advertisement…”
Warn your A/P. We see more than a few of these
get paid!
“Invoice” Scams
![Page 26: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/26.jpg)
Not a Risk in 2020… But...
Conference Hotel Pirates
![Page 27: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/27.jpg)
Now Email Phishing #1 Vector
Examples
![Page 28: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/28.jpg)
91%The percentage of compromises that occur because of a spear phishing email.
Source: Cofense (previously Phishme) 2016 Study on Enterprise Phishing
![Page 29: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/29.jpg)
Credential Phishing
Dear Linkedin User
As part of our effort to improve your experience in Linkedin access acrossour consumer services, we're updating Linkedin Services Agreement andPrivacy.Click the link below to update your account.http://workwp.ir/a/a/sign.htmYour account will be De-Activated if you do not update.This notice Ends WED September 26, 2018We apologize for any inconvenience.Thank you for your cooperation.
Sincerely.
Linkedin Service Provider
Copyright ? 2018 InformationCompany. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.
![Page 30: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/30.jpg)
Watch Out for Impersonators!
![Page 31: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/31.jpg)
The Wrong Approach
While accurate, it’s too simplistic and shows only basic examples: https://securityboulevard.com/2019/05/your-account-has-been-locked-7-telltale-signs-of-a-phishing-scam/
https no longer safe; Malicious URL attacks using HTTPS surge across the enterprisehttps://www.zdnet.com/article/social-engineering-attacks-surge-across-the-enterprise/
https is not an indicator of bad or good actors. Tools like letsencrypt make it too simple to implement and good guys mess up
![Page 32: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/32.jpg)
The Wrong Approach - Part 2
Obfuscation techniques using shorteners or google/box/microsoft files appear OK
Hovering is BAD
Escalate Escalate Escalate
Use a box with a browser on a simple ChromeOS or Linux box to do checking of potential bad forwards using WebMail. Don’t have it? Consider VirtualBox and an installation of Ubuntu or CentOS.
![Page 33: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/33.jpg)
Think EvilGANs
Anime Art
Security Data Sharing
![Page 34: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/34.jpg)
Bad Actors are More Evil than KAM
![Page 35: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/35.jpg)
Please Don’t...
![Page 36: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/36.jpg)
Generative Adversarial Networks (GAN)
https://thispersondoesnotexist.com/image
![Page 37: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/37.jpg)
Think Evil
https://nips2017creativity.github.io/doc/High_Quality_Anime.pdf
https://news.ycombinator.com/item?id=19144280
![Page 38: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/38.jpg)
Data Sharing & Unintended Consequences
Another Worrying Trend:
Q: What’s a consistently overused security question?A: Your Mother’s Maiden Name.
Q: How many married women can you find on social media because they add their maiden name?A: Sigh...
![Page 39: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/39.jpg)
Limit Social Media sharing & restrict Out of Office Messages
![Page 40: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/40.jpg)
Tools to Combat Phishers
Passphrases
Entropy
Multi-Factor Authentication
Credit Watch
Silly Security Tips
My Advice
![Page 41: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/41.jpg)
Passphrasesnot passwords
Passwords you have to write down are less secure!
NIST 800-63 Password Guidelines is now revised: minimum 8 to a MINIMUM MAXIMUM of 64, no sequences but no special char requirements.
MickeyMinniePlutoHueyDeweyLouieDonaldGoofyRichmond
![Page 42: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/42.jpg)
Password Length is Better Than Password Complexity!!
![Page 43: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/43.jpg)
Use Multi-Factor Authentication
![Page 44: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/44.jpg)
Monitor Your Credit
https://refer.discover.com/s/pwdup
![Page 45: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/45.jpg)
1. Change your password manager monthly
2. Install a secure font3. Use a 2-factor smoke
detector4. Change your maiden
name regularly5. Put strange USB
drives in a bag of rice overnight
Top 5 XKCD Security Tips
![Page 46: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/46.jpg)
Be a Strong Link
You CANNOT identify all scams. Use Your Help Desk!
Anytime you have a concern, Take 10 Seconds to Separate Emotion from Logic.
![Page 47: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/47.jpg)
Preparing for the Worst
![Page 48: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/48.jpg)
Have I Been Pwned?
haveIbeenpwned.com
![Page 49: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/49.jpg)
Limit damage / Reduce recovery time / Lower costs
Speed matters
Key phone numbers / account numbers / credentials / list of privileged accounts
Asset Inventory
Paper and Electronic Copies of the Plan
Keep Calm and Have an Incident Response Plan
![Page 50: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/50.jpg)
Discussing Scams
Use *munge* or similar to deactivate links when discussing dangerous things
Phish example for for Steve Chiama:
Seeing a new process on LI but using images, or pdfs or links to OneDrive/ Google Drive that are fake.
Message on linkedin which has a PDF leading to a One Drive link that is actually to bit.ly/*munge*2JaqcEQ that lands on https://destingulfgate*munge*.icu
![Page 51: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/51.jpg)
Psychology
![Page 52: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/52.jpg)
Psychology of Scams
Nigerian Prince Scam
Try to separate logic from emotion
Almost always impose a deadline with severe penalties
![Page 53: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/53.jpg)
Opportunistic vs. Persistent Adversaries
Hive versus Targeted
Scale of Economies
Doesn’t stay $20
Paranoid KAMland: Engadget: How a trivial cell phone hack is ruining lives. https://www.engadget.com/2019/06/28/cell-phone-hack-is-ruining-lives-identity-theft/
![Page 54: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/54.jpg)
Being a Better
Administrator
![Page 55: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/55.jpg)
Users Can Be a Strong Link
Users CANNOT identify all scams. Encourage Help Desk Use!
Look for “Tip of the Iceberg” issues & pay attention to users who file good trouble tickets.
Encourage users to get those 10 seconds they need to separate the Emotion from the Logic.
![Page 56: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/56.jpg)
How to Be the Best Administrator
LISA/SAGE IT Ten Commandments: https://www.pccc.com/base.cgim?template=sage_code_of_ethics
Users can do no wronghttps://www.itweb.co.za/content/JBwErvn5wlYq6Db2
Our job is to protect users from the bad guys (and themselves)
“The goal of cyber is to minimize mean time to detect and mean time to resolve”, CSO of Raytheon
![Page 57: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/57.jpg)
Administrative Training Resources
lmgtfy.com
XKCD.com
BOFH (http://bofh.bjash.com/bofh/bofh1.html)
The IT Crowd (https://www.netflix.com/title/70140450)
![Page 58: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/58.jpg)
Shadow IT is Real
Embrace new ideas ...before users do so outside your control...
![Page 59: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/59.jpg)
OffboardingMake sure exiting employees have their accounts disabled!
![Page 60: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/60.jpg)
Don’t Require Password Changes
“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”SP 800-63B Section 5.1.1.2 paragraph 9
![Page 61: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/61.jpg)
Spam is about Consent NOT about Content
![Page 62: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/62.jpg)
Money Handlers are the Biggest TargetsA few types of fraud to discuss
CxO FraudCloningDomain SpoofingRogue Access point like ATTWIRELESSMalicious Text Messages (SMISHING?)PhishingSpear PhishingWhale Phishing
QR Code Phishing (https://www.bleepingcomputer.com/news/security/phishing-security-controls-fully-bypassed-using-qr-codes/)
Security Alerts (https://www.scmagazine.com/home/security-news/phishing/phishing-campaign-impersonates-email-alerts-from-dhs/)
![Page 63: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/63.jpg)
Pow-Wow Exercise
State Department Wi-Fi Example
Think about X-Rays example and be broad in this exercise:
How/What/Who/When/Why do you think you will be attacked?
If you were evil, how would you attack/steal/cripple your infrastructure?
![Page 64: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/64.jpg)
Surveillance 2.0 and FSB Disclosure
https://www.nytimes.com/2019/07/03/technology/personaltech/fingerprinting-track-devices-what-to-do.html
https://www.forbes.com/sites/zakdoffman/2019/07/20/russian-intelligence-has-been-hacked-with-social-media-and-tor-projects-exposed/#45ddda316b11
NOTE: Government Blockchain Association event 1Q Next Year at US Capitol. Will be speaking on de-anonymizing cryptocurrency
![Page 65: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/65.jpg)
ClosingQ&A
Escalate
Thanks
Credits
![Page 66: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/66.jpg)
Q&A
Suggested Questions:
I talk fast. Anything you’d like to go back or go over?
How did I get so good looking?
What is my Skincare regimen?
Is that me in a Megapode chicken suit?
![Page 67: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/67.jpg)
Thanks!
Kevin A. McGrailwww.linkedin.com/in/kmcgrail
![Page 68: Bad Actors, Phishers and Oh My! Liars and Internet Safety: … · 2020. 8. 28. · 1. Change your password manager monthly 2. Install a secure font 3. Use a 2-factor smoke detector](https://reader036.vdocument.in/reader036/viewer/2022071402/60eddd168445e17d6f551073/html5/thumbnails/68.jpg)
CreditsImage Credits:
Operation Gold Bundesarchiv, Bild 183-37695-0003 / Junge, Peter Heinz / CC-BY-SA 3.0Chest Xray from the CDC Public DomainKAM photo taken by Ted King, used with permission.Facebook, LinkedIN & Twitter Logos Brand Resources of their Respective CompaniesPsych Logo from WikipediaPineapple Logo free from UIHereAnime Photo Used with PermissionXKCD comics CC BY-NC 2.5 from https://xkcd.com/936/ & https://xkcd.com/1820/Rings Photo by FOX from PexelsKeep Calm Poster & Exit Sign from Public DomainShadow IT picture courteous of Noble Ackerson, used with permission.
Special thanks to Paul Rockwell & ThisPersonDoesNotExist.com