Sophisticated phishing: How to stay safe and save money

Sophisticated phishing: How to stay safe and save money

Sophisticated phishing: How to stay safe and save money

Date: Feb 04, 2014

In this webcast, Johanne B. Ullrich, dean of research for the SANS Technology Institute, focuses on spear phishing and the automated clearing house fraud and demonstrates new ways attackers can swipe millions of dollars without using malware.

Ullrich first outlines the anatomy of one new type of attack, explaining how the attacker locates a target, obtains the crucial information and reconfigures the victim's email system to reroute payment-related email to the attacker. Once accomplished, the evildoer then can scoop up millions of dollars -- all without deploying a bit of malware.

As Ullrich makes clear, this new scam can easily escape the notice of host-based detection systems. What's more scary is that this sort of attack could be automated. So does that mean such attacks are likely to increase? Yes. Does it also mean they are unpreventable? Fortunately, no.

Ullrich explains the various ways to thwart them, from security education (making users more aware) to implanting effective methods and procedures (such as continuous network monitoring).

The first step in staying secure in 2014, therefore, is this: Know thy enemy.

Johannes B. Ullrich, Ph.D., GIAC, GCIA and GWEB, is the dean of research at the SANS Technology Institute and head researcher at its Internet Storm Center. Follow him on twitter @johullrich.

More on Identity Theft and Data Security Breaches

  • Enterprise business leaders overconfident in basic security measures

    News - News roundup: A recent study revealed IT pros' confidence in implementing basic security measures is high, contradicting data that enterprises consistently fail to thwart basic attacks. Plus: BrowserStack hack lessons; responsible phishing reporting and more.

    ( Nov 14, 2014 )

  • White House hack confirmed; state-affiliated actors suspected

    News - State-affiliated actors, possibly tied to the Russian government, are thought to be behind a newly confirmed breach of the White House's unclassified computer network.

    ( Oct 29, 2014 )

  • Estimate the cost of a data breach with CyberTab

    Answer - The CyberTab tool aims to help enterprises estimate the cost of a data breach, as well as estimate the cost of resources to prevent future breaches.
  • Breaches show information security fundamentals prove hard to learn

    News - News roundup: Heartbleed vulnerabilities, point-of-sale malware and phishing scams are nothing new, yet numerous companies continue to fall victim to them. Shouldn't the lesson be learned by now? Plus: HTTP Shaming, Dropbox improvements and more.

    ( Aug 22, 2014 )

  • passive attack

    Definition - A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose is solely to gain information about the target and no data is changed on the target.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: