Sophisticated phishing: How to stay safe and save money

Sophisticated phishing: How to stay safe and save money

Date: Feb 04, 2014

In this webcast, Johanne B. Ullrich, dean of research for the SANS Technology Institute, focuses on spear phishing and the automated clearing house fraud and demonstrates new ways attackers can swipe millions of dollars without using malware.

Ullrich first outlines the anatomy of one new type of attack, explaining how the attacker locates a target, obtains the crucial information and reconfigures the victim's email system to reroute payment-related email to the attacker. Once accomplished, the evildoer then can scoop up millions of dollars -- all without deploying a bit of malware.

As Ullrich makes clear, this new scam can easily escape the notice of host-based detection systems. What's more scary is that this sort of attack could be automated. So does that mean such attacks are likely to increase? Yes. Does it also mean they are unpreventable? Fortunately, no.

Ullrich explains the various ways to thwart them, from security education (making users more aware) to implanting effective methods and procedures (such as continuous network monitoring).

The first step in staying secure in 2014, therefore, is this: Know thy enemy.

Johannes B. Ullrich, Ph.D., GIAC, GCIA and GWEB, is the dean of research at the SANS Technology Institute and head researcher at its Internet Storm Center. Follow him on twitter @johullrich.

More on Identity Theft and Data Security Breaches

  • RFID skimming

    Definition - RFID skimming is the wireless interception of information from RFID chip-based debit, credit and ID cards and other documents, such as passports. The purpose of RFID skimming may be simple theft or more complex identity theft. Most typically, thieves use an NFC-enabled device that records unencrypted data from the card's RFID chip, which is broadcast into the air.
  • NSA involved in industrial espionage, says Snowden

    NSA involved in industrial espionage, says Snowden

    News - The US National Security Agency’s cyber surveillance is not confined to matters of national security, says whistleblower Edward Snowden

    ( Jan 27, 2014 )

  • Key takeaways from the 2013 Verizon DBIR: What can be learned for 2014

    Answer - Expert Joseph Granneman looks back at the 2013 Verizon DBIR and provides key takeaways for companies looking to avoid being part of the 2014 edition.
  • tech support phone scam

    Definition - A tech support phone scam is an exploit in which an attacker calls offering support for problems they claim were detected on the victim's computer. When the victim answers the phone, the attacker says they’re calling from some well-known company, such as Microsoft, and that the user’s ISP has detected malware on their computer, which the caller offers to get rid of.
  • Hand of Thief

    Definition - Hand of Thief is banking crimeware that targets Linux operating systems. The Hand of Thief uses a form grabber to steal IDs, passwords and other information pertaining to Internet banking.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: