knowbe4 u r phished!

KnowBe4 U R Phished!How you can protect you and your organization from social engineering scams

James R. McQuiggan, CISSPSecurity Awareness Advocate

• Security Awareness Advocate, KnowBe4 Inc.

• Former Cyber Security Awareness Lead, Siemens Energy & Product Security Officer, Siemens Gamesa

• Professor, Valencia College

• President, (ISC)2 Central Florida Chapter

• Board of Trustees, Center for Cyber Safety & EducationJames R. McQuiggan, CISSP

Security Awareness Advocate

3

3 2

• The world’s largest integrated Security Awareness Training and Simulated Phishing platform

• Based in Tampa Bay, Florida, founded in 2010

• CEO & employees are ex-antivirus, IT Security pros

• We help tens of thousands of organizations manage the ongoing problem of social engineering

• Winner of numerous industry awards

Enabling employees to make smarter security decisions

everyday

https://www.knowbe4.com/ncsam-resource-kit

• Cybersecurity Awareness Month training plan PDF• Social Media: A Global Concern"• Infographics, awareness posters• Cybersecurity awareness tip sheet• All assets are printable and available digitally• Bonus: access to free resources for you including

our popular on-demand webinar and whitepaper

Happy National Cybersecurity Month!

YOU are a criticallayer within the fabric of the Security Programs

Agenda• Social Engineering• Phishing• Different Phishing Emails• Cyber hygiene• Wrap-up / Q&A

8

91%Source: Trend Micro

95%of all security incidents involve human errorSource: Security Intelligence

of cyber espionage begins with phishing

8

Cybercriminals rely on phishing because it works…

10

Our brains’ jobto filter,

interpret, and present

‘reality’

Understanding the root of deception

Are they naked or wearing clothes?

• The phaonmneal pweor of the hmuan mnid, aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihngis taht the frist and lsat ltteer be in the rghit pclae.

• The rset can be a taotl mses and you can sitll raed it wouthita porbelm.

• Tihs is bcuseae the huamn mnid deos not raed ervey lteterby istlef, but the wrod as a wlohe. Amzanig huh?

• And I awlyas tghuhot slpeling was ipmorantt!

Perception vs. Reality

Pick a card

Is it gone?

We started with this:

And ended with this:

These are two completely different sets of cards.And by rushing you through the process, you probably didn’t notice!

How did I identify and remove your card?

Thinking, Fast & Slow (Daniel Kahneman)

Graphic Source: https://readingraphics.com/book-summary-thinking-fast-and-slow/

System 1 Thinking Example

2+2=?2 2 4

System 2 Thinking Example

x

5327 86 x

The OODA Loop

It’s not this…. …Or this

OODA-----------

A Model for Decision Making

What is an OODA Loop and how do I mess with it?

Observe

Orient

Decide

Act

“In order to win, we should operate at a faster tempo or rhythm than our adversaries—or, better yet, get inside [the] adversary's Observation-Orientation-Decision-Action time cycle or loop ... Such activity will make us appear ambiguous (unpredictable) thereby generate confusion and disorder among our adversaries—since our adversaries will be unable to generate mental images or pictures that agree with the menacing, as well as faster transient rhythm or patterns, they are competing against.”

-- John Boyd (creator of the OODA Loop)

Spies, Magicians, Pickpockets, Con-artists and Cybercriminals use techniques to

bypass the OODA Loop

23

What is an OODA Loop and how do I mess with it?

Observe

Orient

Decide

Act

These are critical thinking steps

These all impact the final action

The ideal situation for a cyber criminal is to hijack the OODA loop by creating a

knee-jerk action that effectively bypasses the first three steps and results in the

attacker’s intended Action.

-- effective phishing lures --

Greed

Urgency

Curiosity

Fear

Self Interest

Helpfulness

Money

Hunger

Opening your front door and letting the bad guys into your

organization.

Phishing

Different types of Attack Vectors

Spearphishing

SMSishing

Vishing

Even KnowBe4 is a target

•Check your links!•Look for transposed letters or used other symbols in the websites •Micorsoft.com(transposed)

•G00GLE.com (similar letters)

•Bankofarnerica.com(combined r n -> m)

•wikipediа.org vs wikipedia.org (homograph)

Typo-squatting

37

Rogue URL Tip Sheet

38

Top 5 Spoofed BrandsMicrosoft

UPSAmazon

AppleZoom

The Effect Of Consistency

KnowBe4 Study (10/2019)

• 20 Million Phishing Security Tests (PSTs)

• 18K organizations• Segmented by

industry type and organization size

Phishing Assessments

41

Generating Industry-Leading Results and ROI

5

• Reduced Malware Infections

• Reduced Data Loss

• Reduced Potential Cyber-theft

• Increased User Productivity

• Users Have Security Top of Mind

87% Average ImprovementAcross all industries and sizes from baseline testing to one year or more of ongoing training and testing

Note: The initial Phish-Prone percentage is calculated on the basis of all users evaluated. These users had not received any training with the KnowBe4 platform prior to the evaluation. Subsequent time periods reflect Phish-Prone percentages for the subset of users who received training with the KnowBe4 platform.

Source: 2020 KnowBe4 Phishing by Industry Benchmarking Report

Red Flags

• Document to review• Vague message• Were you expecting

this?

Red Flags

• Looks authentic• Check the link• Onedrive501a.com

• NOT VALID• States Dangerous

Red Flags

• Enable Editing• Enable Macros• DO YOU TRUST THE

SOURCE?• .XLSM file (contains

macros)• Emergency Contacts -??

• Why macros for a list?• Organization address book

Red Flags

• Urgency• Who.doc – really?• Expecting the email?

Red Flags

• Curiosity • Medicine – fear• Formatting is bad

Red Flags

• Disguise as CDC• GMX.com• Link for software - curiousity

The Cybercriminals are evolving

Updating the hover link

Check the link in the browser!

• Who is it coming from?• Expected vs unexpected

• Attachments / Links• Mood / intent• Too Good to be true?

RECAP - Phishing

53

COVID

56

Personally for Passwords, I like…

24446666688888888

• Social Engineering • Phishing

• Guessing• Brute Force, Dictionary, weak

passwords• Lookups

• Based on previous data breaches

• 2.2 billion records out there!• Account Takeover (ATO)

Recoveries• Email security questions

Password Attacks

58

It reduces your risk because it can:• Store credential information• Generate the strong passwords• Alert you of compromised accounts• Keep the passwords unique• If possible, unique usernames too• Store the security question responses

• With social media it’s easier to discover the answers

• Consider different / wrong answers• Free vs Paid Options

Password Vault

59

• Have I been Pwned• https://haveibeenpwned.com

• Alerts you data breaches• If it happens, change your password even if

it’s got MFA• Change the password on other accounts that

use the same password

• Password Exposure Test• www.knowbe4.com/resources

Ways to Protect / Check your email

https://haveibeenpwned.com/

http://www.knowbe4.com/resources

• Separate devices for work & personal use

• Consider using direct Ethernet connection

• Ensure wireless connection is secure (WPA2/WPA3)

• Keep systems and network devices up to date

• Use a VPN for protection & to interact with employer systems/data

• Use a VPN when outside of your home or work network (hotel, coffee shop wifi)

Work from home considerations

Source: expressvpn.com

CYBERHYGIENE

Check your Links

Backup your data

Use secure WiFi & VPNs

Consider strong & unique passwords

Have a password vault for secure information

Avoid oversharing on social media

People working from home may bestressed and distracted.

…which makes them more vulnerable than ever to deception and cyberattack.

YOU are a criticallayer within the fabric of the Security Programs

James R. McQuiggan, CISSPSecurity Awareness AdvocateEmail: [email protected]: @James_McQuigganLinkedIn: /in/jmcquiggan

Thank you for your attention

For more information visit blog.knowbe4.com

Questions?

Resources• KnowBe4

• Blog – https://blog.knowbe4.com• Social Engineering Red Flags - https://www.knowbe4.com/hubfs/Social-Engineering-Red-Flags.pdf• Rogue URLs - https://www.knowbe4.com/hubfs/Red%20Flags%20of%20Rogue%20URLs%20(3).pdf• Rogue URL webinar: https://blog.knowbe4.com/combatting-rogue-url-tricks-how-you-can-quickly-identify-and-

investigate-the-latest-phishing-attacks• Phishing Benchmark Report - https://info.knowbe4.com/phishing-by-industry-benchmarking-report• KnowBe4 Homecourse Training (password: homecourse) https://www.knowbe4.com/homecourse

• Identity Security Resources• Have I been pwned (email check) https://haveibeenpwned.com

• Books• Transformational Security Awareness

• https://www.amazon.com/dp/B07RDM1C2M/ref=cm_sw_r_tw_dp_x_4Kk9EbMRWGASX• A Data Driven Computer Defense

• https://www.amazon.com/dp/1092500847/ref=cm_sw_r_tw_dp_x_gKk9EbYJTJBRZ

https://blog.knowbe4.com/

https://www.knowbe4.com/hubfs/Social-Engineering-Red-Flags.pdf

https://www.knowbe4.com/hubfs/Red%20Flags%20of%20Rogue%20URLs%20(3).pdf

https://blog.knowbe4.com/combatting-rogue-url-tricks-how-you-can-quickly-identify-and-investigate-the-latest-phishing-attacks

https://info.knowbe4.com/phishing-by-industry-benchmarking-report

https://www.knowbe4.com/homecourse

https://haveibeenpwned.com/

https://www.amazon.com/dp/B07RDM1C2M/ref=cm_sw_r_tw_dp_x_4Kk9EbMRWGASX

https://www.amazon.com/dp/1092500847/ref=cm_sw_r_tw_dp_x_gKk9EbYJTJBRZ

70

KnowBe4 Security Awareness TrainingBaseline TestingWe provide baseline testing to assess the Phish-Prone™ percentage of your users through a free simulated phishing attack.

Train Your UsersThe world's largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.

Phish Your UsersBest-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.

See the ResultsEnterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!

Generating Industry-Leading Results and ROI

5

• Reduced Malware Infections

• Reduced Data Loss

• Reduced Potential Cyber-theft

• Increased User Productivity

• Users Have Security Top of Mind

87% Average ImprovementAcross all industries and sizes from baseline testing to one year or more of ongoing training and testing

Note: The initial Phish-Prone percentage is calculated on the basis of all users evaluated. These users had not received any training with the KnowBe4 platform prior to the evaluation. Subsequent time periods reflect Phish-Prone percentages for the subset of users who received training with the KnowBe4 platform.

Source: 2020 KnowBe4 Phishing by Industry Benchmarking Report

2

• The world’s largest integrated Security Awareness Training and Simulated Phishing platform

• Based in Tampa Bay, Florida, founded in 2010

• CEO & employees are ex-antivirus, IT Security pros

• We help tens of thousands of organizations manage the ongoing problem of social engineering

• Winner of numerous industry awards

About Us

knowbe4 u r phished!

Documents