ANATOMY OF A PHISHING ATTACK - University of Toronto · 2016-10-24 · Minimize the impact of...
Transcript of ANATOMY OF A PHISHING ATTACK - University of Toronto · 2016-10-24 · Minimize the impact of...
ANATOMY OF APHISHING ATTACK
REPLY ADDRESS IS DIFFERENT FROM SENDER ADDRESS
SENDER ADDRESSCAN BE SPOOFED
LOOKS GENUINE
LINKS DON’T MATCHTHE TEXT OF THE LINK
INDICATES URGENCY
NOT EXPECTED
ODD OR DOESN’T MAKE SENSE
OFTEN HAS SPELLING ORGRAMMATICAL ERRORS
CONTAINS DANGEROUSLINK OR ATTACHMENT
© 2014 by Schweitzer Engineering Laboratories, Inc. · LM00246-01 · 20140613
SEL
cybe
rsec
urity
sol
utio
ns a
re e
asy
to u
se a
nd m
aint
ain,
and
pro
vide
rob
ust p
rote
ctio
n th
at s
uppo
rts
your
com
plia
nce
effo
rts
and
wor
ks w
ith e
xist
ing
or n
ew s
yste
ms.
Des
ign
your
sys
tem
onl
y on
ce, a
nd m
ake
sure
you
are
cov
ered
with
sc
alab
le a
nd m
aint
aina
ble
SEL
cybe
rsec
urity
sol
utio
ns. O
ur te
chno
logy
is c
ritic
ally
test
ed to
with
stan
d al
l kno
wn
atta
ck s
cena
rios
and
is v
alid
ated
by
follo
win
g st
rict
pro
cess
es.
Lear
n m
ore
abou
t SEL
cyb
erse
curi
ty a
t ww
w.s
elin
c.co
m/c
yber
secu
rity
.
WIT
H H
IGH
REL
IAB
ILIT
Y A
ND
NO
LIC
ENSI
NG
, SU
PPO
RT,
OR
SU
BSC
RIP
TIO
N C
OST
S, S
EL C
YBER
SECU
RIT
Y SO
LUTI
ON
S A
RE
AN
EA
SY C
HO
ICE.
MEE
T YO
UR
CYB
ERSE
CUR
ITY
GO
ALS
WIT
H S
TRO
NG
A
CCES
S CO
NTR
OL
FRO
M S
EL
KN
OW
ALL
CO
MM
UN
ICAT
ION
S PA
THS
TO
YOU
R A
SSET
S M
ake
sure
to in
clud
e pa
ths
that
are
acc
essi
ble
loca
lly,
such
as
a th
umb
driv
e. D
raw
a p
ictu
re!
·SC
AD
A
·EM
S
·En
gine
erin
g ac
cess
·M
aint
enan
ce
·Te
leph
one
lines
·W
irel
ess
·In
tern
et
·Sy
stem
inte
rcon
nect
ions
and
bri
dges
USE
AN
D M
AN
AG
E ST
RO
NG
PA
SSW
OR
DS
SEL
equi
pmen
t mak
es th
is e
asy:
you
can
use
vir
tual
ly
all p
rint
able
ASC
II ch
arac
ters
. Use
a p
assw
ord
man
ager
, su
ch a
s K
eyP
ass®
or
Last
pass
®, t
o ge
nera
te lo
ng,
com
plex
pas
swor
ds fo
r ea
ch u
niqu
e lo
gin
you
have
. St
reng
then
a p
assw
ord,
like
the
one
belo
w, w
ith a
few
ch
ange
s:
Wea
k: W
ebst
er
Str
ong:
W3b
$Ter
$d1C
t10n
@ry
·D
o no
t use
def
ault
pas
swor
ds
·C
hang
e th
em p
erio
dica
lly
·C
hang
e th
em w
hen
peop
le le
ave
·U
se d
iffer
ent o
nes
in d
iffer
ent r
egio
ns
·C
ontr
ol th
em
SEC
UR
E CO
MM
UN
ICAT
ION
S W
ITH
EN
CR
YPTI
ON
A
ND
AU
THEN
TICA
TIO
N T
OO
LS ·
Wir
e, fi
ber,
and
radi
o
·SC
AD
A, e
ngin
eeri
ng a
cces
s, m
aint
enan
ce, a
nd
info
rmat
iona
l dat
a (b
ulk,
vid
eo, e
tc.)
PR
ACT
ICE
A “
NEE
D-T
O-K
NO
W”
PO
LICY
, CO
MPA
RTM
ENTA
LIZE
KN
OW
LED
GE,
AN
D G
UA
RD
YO
UR
ACC
ESS
TOO
LS
Kee
p yo
ur d
esig
ns s
afe,
and
lim
it ac
cess
to s
yste
m
deta
ils to
thos
e w
ho r
eally
nee
d to
kno
w to
do
thei
r jo
b.
Be
espe
cial
ly c
aref
ul to
pro
tect
:
·C
ompu
ters
·P
assw
ords
·So
ftw
are
·In
stru
ctio
n m
anua
ls
·En
cryp
tion
equi
pmen
t and
key
s
FOR
KEY
ASS
ETS,
HAV
E M
OR
E TH
AN
ON
E (S
ECU
RE!
) CO
MM
UN
ICAT
ION
S PA
TH ·
Min
imiz
e th
e im
pact
of d
enia
l-of
-ser
vice
att
acks
·Se
nd s
ecur
ity a
larm
s th
roug
h a
seco
nd p
ath
TAK
E A
CTIO
N N
OW
D
on’t
wai
t for
a g
over
nmen
t man
date
—en
sure
that
you
r sy
stem
is r
eady
now
. The
re a
re p
ract
ical
ste
ps y
ou c
an
take
toda
y to
pre
pare
you
r te
am a
nd p
reve
nt a
n ev
ent
from
hap
peni
ng in
the
first
pla
ce.
REV
IEW
LO
G F
ILES
ON
FIR
EWA
LLS,
ALA
RM
S,
AN
D A
CCES
S A
CTIV
ITY
DO
N’T
FO
RG
ET P
HYS
ICA
L SE
CU
RIT
Y
PR
ACT
ICE
“SEC
UR
ITY
IN D
EPTH
” ·
Phy
sica
l
·C
yber
·C
omm
unic
atio
ns
·Tr
aini
ng
·C
ultu
re
HAV
E A
N IN
CID
ENT
RES
PO
NSE
PLA
N R
EAD
Y A
HEA
D O
F TI
ME
So a
cyb
er e
vent
hap
pens
—no
w w
hat?
Dur
ing
the
even
t is
not
the
best
tim
e to
cre
ate
a pl
an a
nd tr
y it
out.
You
shou
ld h
ave
a cl
ear,
conc
ise,
and
wel
l-th
ough
t-ou
t pl
an in
pla
ce b
efor
ehan
d ab
out h
ow y
our
com
pany
will
re
spon
d to
a c
yber
inci
dent
.
TEN
TIP
S FO
R IM
PR
OVI
NG
TH
E SE
CUR
ITY
OF
YOU
R A
SSET
SED
MU
ND
O. S
CH
WEI
TZER
, III