1 00:00:00,000 --> 00:00:00,890 Phishing. 2 00:00:00,890 --> 00:00:02,357 Now, I know you know what phishing is 3 00:00:02,357 --> 00:00:04,240 and I know we've talked about it before. 4 00:00:04,240 --> 00:00:06,110 I even gave you a demonstration of phishing. 5 00:00:06,110 --> 00:00:08,480 But we're going to cover it again really quickly 6 00:00:08,480 --> 00:00:10,550 so we can talk about the different types of phishing 7 00:00:10,550 --> 00:00:12,750 and how to sort them out on the exam. 8 00:00:12,750 --> 00:00:14,590 The first one is phishing. 9 00:00:14,590 --> 00:00:17,140 Phishing has become very commonplace. 10 00:00:17,140 --> 00:00:19,900 Basically, a victim is contacted by email, 11 00:00:19,900 --> 00:00:23,610 telephone, text message, or some other method posing 12 00:00:23,610 --> 00:00:25,580 as a legitimate organization. 13 00:00:25,580 --> 00:00:27,670 Now, when you see the word phishing on the exam, 14 00:00:27,670 --> 00:00:29,310 I want you to think of email 15 00:00:29,310 --> 00:00:31,380 because they have a distinct difference 16 00:00:31,380 --> 00:00:33,400 for telephone and text messages. 17 00:00:33,400 --> 00:00:34,960 Telephones are called vishing 18 00:00:34,960 --> 00:00:37,210 and text messages are called smishing. 19 00:00:37,210 --> 00:00:38,960 We'll cover those in a few moments. 20 00:00:38,960 --> 00:00:40,660 Now, with a phishing email, 21 00:00:40,660 --> 00:00:43,290 what they're trying to do is social engineer 22 00:00:43,290 --> 00:00:46,770 and lure somebody into providing sensitive information. 23 00:00:46,770 --> 00:00:49,250 Things like personal identifiable information, 24 00:00:49,250 --> 00:00:52,160 their first name, their last name, their job title, 25 00:00:52,160 --> 00:00:54,770 their phone number, maybe their social security number, 26 00:00:54,770 --> 00:00:56,070 or their date of birth. 27 00:00:56,070 --> 00:00:57,050 We might be trying to get things 28 00:00:57,050 --> 00:00:58,450 like their banking information, 29 00:00:58,450 --> 00:01:00,100 have them enter their credit card number 30 00:01:00,100 --> 00:01:03,430 or their bank account number or their password. 31 00:01:03,430 --> 00:01:05,310 All of this is stuff that can be gained 32 00:01:05,310 --> 00:01:06,800 through a phishing attack. 33 00:01:06,800 --> 00:01:09,220 Now, phishing is extremely popular 34 00:01:09,220 --> 00:01:12,160 because it works and it works often. 35 00:01:12,160 --> 00:01:14,510 So it's something that attackers use a lot 36 00:01:14,510 --> 00:01:17,930 and it can be a great entry point into the organization 37 00:01:17,930 --> 00:01:20,460 when you can't find other technical exploits. 38 00:01:20,460 --> 00:01:23,710 Now, what does phishing look like when you get these emails? 39 00:01:23,710 --> 00:01:25,320 Well, look at these two emails. 40 00:01:25,320 --> 00:01:26,930 How do you know which one is the real one 41 00:01:26,930 --> 00:01:28,039 and which one's the phish? 42 00:01:28,039 --> 00:01:30,360 Well, the one on the left is the phish 43 00:01:30,360 --> 00:01:31,430 and the way I know that 44 00:01:31,430 --> 00:01:33,410 is because the wording is a little bit off. 45 00:01:33,410 --> 00:01:34,880 They're trying to use scare tactics. 46 00:01:34,880 --> 00:01:37,877 Notice they say "we've noticed a huge debit has been taken 47 00:01:37,877 --> 00:01:39,400 "from your account over the weekend." 48 00:01:39,400 --> 00:01:40,920 And so you might go, oh, no, quick! 49 00:01:40,920 --> 00:01:42,430 I have to click on this link 50 00:01:42,430 --> 00:01:44,320 and look at my Bank of America account, 51 00:01:44,320 --> 00:01:46,810 put in my username and password, and guess what? 52 00:01:46,810 --> 00:01:48,690 You just gave them your username and password 53 00:01:48,690 --> 00:01:49,940 to your bank account. 54 00:01:49,940 --> 00:01:50,800 Now, in my case, 55 00:01:50,800 --> 00:01:52,070 I know the one on the left is a fake 56 00:01:52,070 --> 00:01:53,680 because I don't use Bank of America, 57 00:01:53,680 --> 00:01:56,440 so there's no way that my Bank of America account 58 00:01:56,440 --> 00:01:57,680 could have had a large debit, 59 00:01:57,680 --> 00:01:59,690 'cause I don't have one of those accounts. 60 00:01:59,690 --> 00:02:00,523 Now, the one on the right, 61 00:02:00,523 --> 00:02:03,870 this is a real email that I came from Bank of America. 62 00:02:03,870 --> 00:02:06,010 You'll notice that it came from a trusted sender. 63 00:02:06,010 --> 00:02:08,490 It was actually digitally signed by the corporation. 64 00:02:08,490 --> 00:02:11,064 The English is very fluid and very natural. 65 00:02:11,064 --> 00:02:13,340 But, again, I wouldn't necessarily want to click 66 00:02:13,340 --> 00:02:14,820 that online verification button 67 00:02:14,820 --> 00:02:16,972 because how do you really, really know 68 00:02:16,972 --> 00:02:19,860 that the organization itself hasn't been attacked. 69 00:02:19,860 --> 00:02:22,240 So the best practice to prevent phishing 70 00:02:22,240 --> 00:02:24,890 is simply don't click on any links in emails. 71 00:02:24,890 --> 00:02:26,240 If Bank of America has an issue 72 00:02:26,240 --> 00:02:27,236 and I get one of these emails, 73 00:02:27,236 --> 00:02:30,560 what I would do is go directly to Bank of America's website 74 00:02:30,560 --> 00:02:32,900 and log into my account to see it directly. 75 00:02:32,900 --> 00:02:35,230 I'm not going to click on one of these links in the email. 76 00:02:35,230 --> 00:02:37,100 So that's the idea of phishing. 77 00:02:37,100 --> 00:02:41,020 Now, spear phishing takes that and individualizes it. 78 00:02:41,020 --> 00:02:43,730 So with the last example, they use Bank of America. 79 00:02:43,730 --> 00:02:44,563 Why? 80 00:02:44,563 --> 00:02:46,700 Because millions and millions of Americans 81 00:02:46,700 --> 00:02:48,340 use Bank of America as their bank 82 00:02:48,340 --> 00:02:51,280 and so if I send that out to just random email addresses, 83 00:02:51,280 --> 00:02:52,840 chances are some of those people 84 00:02:52,840 --> 00:02:54,430 are Bank of America customers. 85 00:02:54,430 --> 00:02:55,630 Well, with spear phishing, 86 00:02:55,630 --> 00:02:58,120 I really want to focus on creating a message tailored 87 00:02:58,120 --> 00:02:59,793 to a specific person. 88 00:02:59,793 --> 00:03:02,810 So, for example, if somebody was targeting me, 89 00:03:02,810 --> 00:03:04,508 they may want to send me an email 90 00:03:04,508 --> 00:03:07,110 asking if I wanted to do some sort of a business deal 91 00:03:07,110 --> 00:03:08,600 that has to do with online training, 92 00:03:08,600 --> 00:03:10,550 'cause that's the business I'm in. 93 00:03:10,550 --> 00:03:14,129 Or maybe if I'm dealing with a CEO or a secretary 94 00:03:14,129 --> 00:03:15,770 or a business manager, 95 00:03:15,770 --> 00:03:18,220 I can craft an email that looks specific 96 00:03:18,220 --> 00:03:19,450 to that organization 97 00:03:19,450 --> 00:03:21,090 and something that they're going to want to open 98 00:03:21,090 --> 00:03:22,840 or something they're going to want to click on. 99 00:03:22,840 --> 00:03:24,640 It's very, very accurately targeted. 100 00:03:24,640 --> 00:03:26,260 It's laser-focused. 101 00:03:26,260 --> 00:03:27,940 Just like when you go spear fishing, 102 00:03:27,940 --> 00:03:31,430 you're trying to take your spear and get through one fish. 103 00:03:31,430 --> 00:03:33,950 With phishing, we're trying to cast a wide net 104 00:03:33,950 --> 00:03:35,830 with the hopes that if we drag an area, 105 00:03:35,830 --> 00:03:38,810 we catch a lot of fish or, in our case, a lot on victims. 106 00:03:38,810 --> 00:03:40,880 So spear phishing, going after one 107 00:03:40,880 --> 00:03:42,480 or just a couple of people. 108 00:03:42,480 --> 00:03:45,145 Phishing, you're going after huge amounts of people. 109 00:03:45,145 --> 00:03:48,020 Now, whaling. What does wailing do? 110 00:03:48,020 --> 00:03:50,130 Well, whaling is focused on spear phishing, 111 00:03:50,130 --> 00:03:53,450 but specifically at a high-level executive. 112 00:03:53,450 --> 00:03:56,090 So these are your CEOs, your CFOs, 113 00:03:56,090 --> 00:04:01,090 your CIOs, your CSOs, or other chief-level executives. 114 00:04:01,400 --> 00:04:02,700 Why do they go after whaling? 115 00:04:02,700 --> 00:04:04,920 Because they're big targets. 116 00:04:04,920 --> 00:04:06,740 Just like if I wanted to go after somebody 117 00:04:06,740 --> 00:04:09,020 and I'm trying to do some kind of a financial scam, 118 00:04:09,020 --> 00:04:11,180 I would look for somebody who's got a big bank account. 119 00:04:11,180 --> 00:04:13,460 Well, the CEO probably has a big bank account. 120 00:04:13,460 --> 00:04:16,740 The other thing is a lot of these senior executives 121 00:04:16,740 --> 00:04:18,820 tend to be a little bit lax on security 122 00:04:18,820 --> 00:04:20,290 because they tend to be older 123 00:04:20,290 --> 00:04:22,750 and not as comfortable with technology. 124 00:04:22,750 --> 00:04:24,480 And so if you're going after some of these people, 125 00:04:24,480 --> 00:04:27,100 it may be easier to get them to click on a link 126 00:04:27,100 --> 00:04:29,320 or do something that is just not intelligent 127 00:04:29,320 --> 00:04:30,920 when it comes to computer security. 128 00:04:30,920 --> 00:04:32,430 And so this is another way 129 00:04:32,430 --> 00:04:35,020 and another thing that you can do as part of your attacks 130 00:04:35,020 --> 00:04:36,910 is going after those high-value people. 131 00:04:36,910 --> 00:04:39,210 So, again, phishing, very large. 132 00:04:39,210 --> 00:04:41,130 Spear phishing, one or two people. 133 00:04:41,130 --> 00:04:44,628 Whaling, spear phishing directed at senior executives. 134 00:04:44,628 --> 00:04:47,350 Now, the next thing we want to look at is smishing, 135 00:04:47,350 --> 00:04:49,380 or SMS phishing. 136 00:04:49,380 --> 00:04:51,220 This is short message service. 137 00:04:51,220 --> 00:04:52,630 It's text messages. 138 00:04:52,630 --> 00:04:54,190 People have left the email world 139 00:04:54,190 --> 00:04:55,700 and they live on their phones, 140 00:04:55,700 --> 00:04:58,220 so you may get a phish that comes over a text message, 141 00:04:58,220 --> 00:04:59,307 something like this: 142 00:04:59,307 --> 00:05:00,950 "Hey Paul, this is what I was mentioning when we met" 143 00:05:00,950 --> 00:05:03,080 and they send you some sort of a Bitly link 144 00:05:03,080 --> 00:05:05,530 or, in this case, the tapr.ml link. 145 00:05:05,530 --> 00:05:06,450 And when you click on that, 146 00:05:06,450 --> 00:05:09,420 it takes you to a website that may look legitimate 147 00:05:09,420 --> 00:05:11,470 and you start putting in username, password, 148 00:05:11,470 --> 00:05:12,860 or other information. 149 00:05:12,860 --> 00:05:16,080 So, again, because smartphones are so ubiquitous in society 150 00:05:16,080 --> 00:05:17,710 that everybody has one in their pocket, 151 00:05:17,710 --> 00:05:19,550 you can get this text, you click the link, 152 00:05:19,550 --> 00:05:21,770 it opens up a web browser on your smartphone, 153 00:05:21,770 --> 00:05:23,840 and now you're entering data that you shouldn't be. 154 00:05:23,840 --> 00:05:24,673 So this is another way 155 00:05:24,673 --> 00:05:26,400 that you can start targeting the organization. 156 00:05:26,400 --> 00:05:28,751 And this goes back to our information gathering earlier. 157 00:05:28,751 --> 00:05:30,740 If we know people's cell phones 158 00:05:30,740 --> 00:05:33,150 and we know who their name is and their position, 159 00:05:33,150 --> 00:05:34,700 we can start targeting them 160 00:05:34,700 --> 00:05:37,770 and even do spear phishing through text messages. 161 00:05:37,770 --> 00:05:40,620 Now vishing, this is voice phishing. 162 00:05:40,620 --> 00:05:43,367 Voice phishing is phishing that occurs over a telephone. 163 00:05:43,367 --> 00:05:45,930 So this would involve calling somebody up 164 00:05:45,930 --> 00:05:47,411 and pretending you're somebody else. 165 00:05:47,411 --> 00:05:48,580 If we try to do it, 166 00:05:48,580 --> 00:05:50,800 we're trying to trick somebody to go to a different website. 167 00:05:50,800 --> 00:05:52,900 That's known as pharming. 168 00:05:52,900 --> 00:05:55,620 All of these are underneath the big category 169 00:05:55,620 --> 00:05:57,300 of social engineering, 170 00:05:57,300 --> 00:05:58,840 because we're trying to trick a user 171 00:05:58,840 --> 00:06:00,318 into doing something for us, 172 00:06:00,318 --> 00:06:03,280 clicking on that link or giving us some information. 173 00:06:03,280 --> 00:06:05,840 Now, when you're looking at it on the exam, 174 00:06:05,840 --> 00:06:08,670 if they ask what is the act of tricking somebody 175 00:06:08,670 --> 00:06:11,769 or deceiving them, that would be social engineering. 176 00:06:11,769 --> 00:06:14,830 If they say tricking them through email, 177 00:06:14,830 --> 00:06:16,160 that would be phishing. 178 00:06:16,160 --> 00:06:19,090 Tricking them through text message, that would be smishing. 179 00:06:19,090 --> 00:06:22,102 Tricking them through voice messages, that would be vishing. 180 00:06:22,102 --> 00:06:24,820 Tricking them into going to bad websites, 181 00:06:24,820 --> 00:06:26,450 that would be pharming. 182 00:06:26,450 --> 00:06:28,560 And so if you keep those different categories straight 183 00:06:28,560 --> 00:06:30,973 in your head, you're going to do great on the exam.