SlideShare a Scribd company logo

Phishing Simulation By Shield Alliance

Prime Infoserv, profile picture
Prime Infoserv

The document discusses phishing and how human error allows cyber attacks to succeed. It notes that millions of phishing emails are sent daily, with 156 million sent each day. It only takes an average of 82 seconds for the first victim to be hooked after a phishing email is distributed. The document discusses types of phishing like spear phishing and outlines solutions like phishing simulations and security awareness training to help build human firewalls and reduce organizations' vulnerability to cyber attacks.

Technology
1 of 32
1
2
3
4
5
6
Most read
7
8
9
10
11
12
Most read
13
14
15
16
17
18
19
20
21
Most read
22
23
24
25
26
27
28
29
30
31
32
1 Introduction EC-Council Training & Certification Division Professional Workforce Development IIB Council Division of Business Technology and Enterprise Digital Transformation Training and Certification Body EC-Council University Creating Cybersecurity Leaders of Tomorrow EC-Council Global Services Division of Corporate Consulting & Advisory Services Hackers are Here. WHere are you? 1 Shield Alliance International Private Limited EC-Council group company providing Cybersecurity Products/Solutions like OhPhish
SHIELD ALLIANCE INTERNATIONAL LIMITED Competent Compliant Secure “Our lives are dedicated to the mitigation and remediation of the cyber plague that is menacing the world today.” Bishwajit Sutradhar Sales Lead –India & Saarc
HUMAN ARE BEING USED TO ATTACK © 2019 EC Council Global Services
Phishing
PHISHING MAIL “All Human Connected to internet Received Millions of Phishing Mail on daily basis ” Human is the gateway for Cyber attack!!
Phishing is a form of social engineering Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as natural disasters (e.g., Hurricane Katrina, Indonesian tsunami) epidemics and health scares (e.g., H1N1) economic concerns (e.g., IRS scams) major political elections What is Phishing?
PHISHING ATTACK “Out of millions of phishing mail into any Network it takes a click to be a Victim of Cyber Attack ” Human is the weakest Link into SYSTEM
156 million phishing emails are sent out every day Email users receive up to 20 phishing emails each month On average, it takes just 82 seconds from the time for a phishing email to be distributed and the first victim is hooked. FEW FACTS & FIGURE The global spear phishing protection market is expected to reach a valuation of US$1.8 Billion by 2025. In terms of revenue, the market is projected to expand at a CAGR of 9.6% during the forecast period from 2017 to 2025. 91% of reported data breaches resulted from phishing schemes within 30 minutes of a phishing attack, 20% of user accounts were compromised The average large company loses $4 million every year to phishing attacks
Spear phishing Clone phishing Whaling TYPES OF PHISHING MODES OF PHISHING Entice to Click Please give me your Credentials! Email Phishing IVR Response Capturing Voice Response Capturing Voice Phishing (Vishing) Please give me your Credentials! Do me a favour!Entice to Click SMS Phishing (SMShing) To open that Attachment or not? Conference call
Private and Confidential Cyber Attacks triggered through Phishing A new study has revealed that a large- sized company in India loses an average of 71,96,72,000 Rs/- each year due to cyberattacks, while a mid-sized firm loses an average of 7916392 Rs/- annually. ... In addition, cybersecurity attacks have resulted in job losses in 64 percent of organizations that have experienced breaches. Phishing
Private and Confidential Latest Phishing News
What is Vishing? Voice Phishing, commonly known as vishing, is the telephone equivalent of phishing. Like its email counterpart, vishing tricks users into revealing confidential information over the phone by posing as a trusted entity. Vishing scams can be very convincing because these callers are usually experts in their respective fields. The main reason why vishing scams are on the rise is because of how easily cybercriminals can execute these attacks with minimal risk of detection. Scammers often use caller ID spoofing to lend them credibility when they send out calls to potential victims. As a result, victims are compelled to pick up the call, especially if it appears to be coming from a legitimate source or from a number like their own.
THE SOLUTION “Building organizational memory by building subconscious competency and human firewall to protect the organization” EARLY WARNING SYSTEM
HOW CAN WE HELP? Design Simulation Campaign Initiate/Execute the Campaign Monitor the Campaign Analyze Report Remediate 1 3 4 5 2
12 KEY FEATURES
2 – 12: OUR ADVANTAGE  On-demand customization  Integration with existing systems  Simple, intuitive UI  Flexible & Time efficient  Single platform to conduct Phishing, Vishing and Smishing simulations  Complete DIY solution  Scalable  Management Dashboards & Executive Reporting Structure  Integrated with world class LMS  Pre-defined repository of templates.  24X7 support.
AGILE HOSTING MODEL The shortest delivery time, OPEX Model Cloud Solution A mixture of OPEX and CAPEX Hybrid Solution CAPEX model. On Premise Solution Shield Alliance gives flexibility to customers to choose the model of delivery based on their preferences. 1. OUR ADVANTAGE
Intelligence Gathering 15. CREATING THE HUMAN FIREWALL DefenseviaPhishingReporter Report User Cybersec Department Phishing Simulation report Reporting to Phishing Simulation adds to report. OhPhish shall gather intelligence related to potential (non-simulation) Phishing email(s) reported. Further, the email along with intelligence gathered shall be sent to respective information security/ incident response teams. EARLY WARNING SYSTEM: “OHPHISH” REPORTER
Department Wise Phishing link clicked Summary 5 4 4 2 1 2 1 4 0 1 3 3 0 2 0 0 1 2 3 4 5 6 Marketing Finance Sales System Support Admin Phishing Link Clicked Summary Total Employees Phishing Link Clicked Phishing Link Not Clicked Departments Total Employees Phishing Link Clicked Phishing Link Not Clicked Compliance % Marketing 5 2 3 60% Finance 4 1 3 75% Sales 4 4 0 0% System Support 2 0 2 100% Admin 1 1 0 0% Grand Total 16 8 16 50%
Overall Summary Employee Id Employee Name EmployeeMail Department Mail Opened Time Mail Clicked Time Phishing Link Clicked 1 User kousikster@gmail.com Admin Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 3:28 PM Yes 5 User souvikbanik92@gmail.com Sales Tue, Oct 29, 2019 3:25 PM Wed, Oct 30, 2019 4:11 PM Yes 2 User soumyadeb260@gmail.com Sales Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 5:27 PM Yes 3 User koustuv02@gmail.com Sales Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 4:36 PM Yes 7 User chanchalpatra89@gmail.com Marketing Thu, Oct 31, 2019 6:25 PM Thu, Oct 31, 2019 6:26 PM Yes 9 User tchakraborty28@gmail.com Marketing Tue, Oct 29, 2019 3:25 PM Wed, Oct 30, 2019 11:25 AM Yes 6 User sayantanbhattacharjee.04@gmail.co m Marketing Tue, Oct 29, 2019 3:25 PM Nil No 12 User mamata10momi@gmail.com Finance Tue, Oct 29, 2019 3:25 PM Nil No 10 User urmi.dasadhikari007@gmail.com Marketing Tue, Oct 29, 2019 3:25 PM Nil No 14 User anupam21@gmail.com Finance Tue, Oct 29, 2019 3:35 PM Nil No 11 User sanjoy633@gmail.com Finance Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 5:06 PM Yes 4 User rishinbanerjee2013@gmail.com Sales Tue, Oct 29, 2019 4:07 PM Tue, Oct 29, 2019 4:09 PM Yes 15 User ani.cs2008@gmail.com System Support Tue, Oct 29, 2019 3:25 PM Nil No 8 User hi92deependra@gmail.com Marketing Tue, Oct 29, 2019 3:25 PM Nil No 13 User dipankar.dipu.99@gmail.com Finance Tue, Oct 29, 2019 3:25 PM Nil No 16 User sourav.mitra@live.com System Support Nil Nil No
Remediation through Security Awareness Training Awareness Training Dashboard 4 Steps To Complete Awareness Training Sample Training Videos Phishing Spear Phishing SMSshing USB Baiting
LMS - Security Awareness Training A world class platform to provide extraordinary security awareness training content. E-leaning gives organizations an access to plethora of videos, interactive cyber security awareness contents and pre- designed module to select from or create their own security awareness training for their employees. Kwizzer is a part of gamification that brings fun, interaction and learning to users who opt or have been assigned to play security awareness quizzes. LearningManagementSystem
Learning Management System KwizzerE-learning  IeL Premium Videos • IeL Premium Micro-Videos • IeL long Videos with Quiz  Shield Alliance Micro Videos  CSCU Videos  Shield Alliance e-learning Module  Practice Mode Quizzes  Challenge Mode Quizzes  Quiz Master Mode
Microsoft O365 Onboarding of Users  Auto-delivery of training reports to Admin  Branch wise Reports  Designation wise Reports  Department wise Reports Detailed Reporting  Executive Report  Management Dashboard Leader board 01 02 03 04 05 Custom Alerts G-Suite Active Directory CSV/XLS file upload Manual Entry Microsoft O365 Authentication of Users G-Suite Active Directory Simple Login and Password  Training Reminders to users LMS: E-Learning Key Features
LMS: Kwizzer Key Features User Onboarding Detailed Reporting Custom Alerts Authentication of User Leader board 01 02 03 04 05  Auto-delivery of training reports to Admin  Branch wise Reports  Designation wise Reports  Department wise Reports  In-app notification for Quiz Master Mode  Auto e-mail notification for Quiz Master Mode  Pending Quiz reminders to users  Leader board for Admin with top 3 scorers highlighted  User score and top 3 scorers
Learning Management System User Certification  Customizable Template  Can replace/add logo(s)  e-Certificate
Training Content Premium Security Awareness  Security Awareness Essentials  Security Awareness - Strongest Link  Security Awareness Essentials  Security Awareness – A Day in the Life  Working Remotely  Physical Security  Password Mgmt  Cloud Security  IoT/Home Security  Security Awareness for the Home  Introduction into Insider Threats  Protecting Against Malicious Insiders  Incident Reporting  Social Media BYOD/Mobile Security  Protecting Mobile Data and Devices Phishing Awareness  Phishing  Phishing Defense Essentials  Email & Instant Messaging Security Social Engineering  Social Engineering (Advanced) Ransomware  Ransomware: How to Defend Yourself Malware  The Malware Threat  Preventing Malware: Mobile Devices Security Awareness for Executives  Security Awareness for Executives  Security Awareness for Managers Power User Training  Baseline Information Security Training for IT Professionals  OWASP Top 10 Web Application Vulnerabilities Page 1
Compliance  HIPAA/HITECH Privacy for Business Associates  HIPAA/HITECH Privacy for Covered Entities  PCI Essentials for Account Data Handlers and Supervisors - DSS 3.2  PCI Requirements Overview for IT Professionals - DSS 3.2  Privacy and Data Protection  Preventing Bullying in the Workplace  Preventing Workplace Violence for Supervisors  Active Shooter  GDPR: How to Comply With the GDPR in the US  Phishing Defense Best Practices  Before You Post  Living Mobile Secure Training Content Premium Compliance  Password Strong  The Fake App Trap  Fake News  Home Cybersecurity  Evil Twin  Home Invasion: The Internet of Terrors?  (Defending Against Ransomware)  Tales From CPU City™ (Episode 1) – Cryptojacking  Tales From CPU City™ (Episode 2) - Tailgating  Protecting Against Spear Phishers  The Business Email Compromise  SMiShed!  How to Defeat Social Engineers  The In-Personator: A Social Engineering Threat  USB Baiting: Don't Take the Bait Page 2
Training Content  Module 1.1 - Data Digital Building Blocks (Done)  Module 1.2 - Importance of data in the Information age  Module 1.3 - Threats to Data  Module 1.4 - Data Security  Module 1.5 - Elements of Security  Module 1.6 - Implementing Security  Module 2.1 - Securing Operating System  Module 2.2 - Guidelines to Secure Windows 10  Module 2.3 - Guidelines to MAC OS X Security  Module 3.1 - What is Malware  Module 3.2 - What is Anti virus  Module 3.3 - Kaspersky 3.0  Module 3.4 - Avast Anti virus CSCU Standard CSCU  Module 4.1 - Understanding web browser concepts  Module 4.2 - What is Instant Messaging  Module 4.3 - Child online Safety  Module 5.1 - Introduction to Social Networking sites  Module 5.2 - Geotagging  Module 5.3 - Social media threat to minors  Module 5.4 - Social Networking Sites Facebook  Module 5.5 - Social Networking Sites Twitter  Module 6.1 - Introduction to Email  Module 6.2 - Email Security.mov  Module 6.3 - Email Security Procedures  Module 6.4 - Encryption  Module 6.5 - Email Security Tools Page 3
Training Content  Module 7.1 - Securing Mobile Devices  Module 7.2 - Understanding Mobile Device Threats  Module 7.3 - Understanding Various Mobile Security Procedures  Module 7.4 - Understanding how to secure IOS Devices  Module 7.5 - Understanding how to secure Android Devices  Module 7.6 - Understanding how to secure Windows Phone Devices  Module 7.7 - Mobile Phone and Bluetooth Security  Module 8.1 - The Concept of Cloud  Module 8.2 - Threats to Cloud Security  Module 8.3 - Cloud Privacy Issues & Choosing service provider CSCU Standard CSCU  Module 9.1 - Understanding Various Networking Concepts  Module 9.2 - Understanding Setting Up a Wireless Network  Module 9.3 - Understanding Threats to Wireless Network Security and Countermeasures  Module 10.1 - Data Backup Concepts  Module 10.2 - Types of Data Backup  Module 10.3 - Windows 10 Backup and Restore Procedures  Module 10.4 - MAC OS X Backup and Restore Procedures  Module 10.5 - Understanding Safe Data Destruction Page 4
CORPORATE HISTORY ORGANIZATIONS THAT USE(D) OUR SOLUTION Security Awareness & Phishing Simulations using OhPhish Trainings
THANK YOU Competent Compliant Secure

More Related Content

PPTX
Email Phishing Test Simulation, Educating the Users
Netpluz Asia Pte Ltd
 
PPTX
Cyber security
Satbharai Sethar
 
PDF
Cybersecurity and its oppoutinities
LAVANS2
 
PPTX
Social Engineering
n|u - The Open Security Community
 
PPTX
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
Intellipaat
 
PPTX
ZERO-TRUST ARCHITECHTURE IN CYBER SECURITY
uu232003
 
PPTX
Risk Management Approach to Cyber Security
Ernest Staats
 
PPT
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Email Phishing Test Simulation, Educating the Users
Netpluz Asia Pte Ltd
 
Cyber security
Satbharai Sethar
 
Cybersecurity and its oppoutinities
LAVANS2
 
Social Engineering
n|u - The Open Security Community
 
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
Intellipaat
 
ZERO-TRUST ARCHITECHTURE IN CYBER SECURITY
uu232003
 
Risk Management Approach to Cyber Security
Ernest Staats
 
Phishing: Swiming with the sharks
Nalneesh Gaur
 

What's hot (20)

PPTX
Cyber Security roadmap.pptx
SandeepK707540
 
PDF
Cyber Threat Intelligence: Who is Targeting your Information?
Control Risks
 
PDF
CrowdStrike Investor Briefing_April 2022.pdf
RyanWhittaker16
 
PPSX
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
PPTX
PPT-Security-for-Management.pptx
RSAArcher
 
PPSX
Security Awareness Training
William Mann
 
PDF
Social engineering
ankushmohanty
 
PPTX
Cyber security & awareness
Rishab garg
 
PPTX
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
PPTX
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
PPT
IBM AppScan - the total software security solution
hearme limited company
 
PPSX
Cyber security awareness presentation
Ashokkumar Gnanasekar
 
PPTX
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ulf Mattsson
 
PDF
Cybersecurity Awareness Training Presentation v1.1
DallasHaselhorst
 
PPTX
The Six Stages of Incident Response
Darren Pauli
 
PPTX
Types Of Computer Crime
Alexander Zhuravlev
 
PPTX
CyberSecurity.pptx
PranavRaj96
 
PDF
Cybersecurity tips for employees
Priscila Bernardes
 
PDF
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
PDF
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
Cyber Security roadmap.pptx
SandeepK707540
 
Cyber Threat Intelligence: Who is Targeting your Information?
Control Risks
 
CrowdStrike Investor Briefing_April 2022.pdf
RyanWhittaker16
 
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
PPT-Security-for-Management.pptx
RSAArcher
 
Security Awareness Training
William Mann
 
Social engineering
ankushmohanty
 
Cyber security & awareness
Rishab garg
 
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
IBM AppScan - the total software security solution
hearme limited company
 
Cyber security awareness presentation
Ashokkumar Gnanasekar
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ulf Mattsson
 
Cybersecurity Awareness Training Presentation v1.1
DallasHaselhorst
 
The Six Stages of Incident Response
Darren Pauli
 
Types Of Computer Crime
Alexander Zhuravlev
 
CyberSecurity.pptx
PranavRaj96
 
Cybersecurity tips for employees
Priscila Bernardes
 
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
Ad

Similar to Phishing Simulation By Shield Alliance (20)

PDF
Infosec IQ - Anti-Phishing & Security Awareness Training
David Alderman
 
PPT
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
Jason Hong
 
PPTX
How to Create a Security-Aware Culture in Your Company
David McHale
 
PDF
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
IRJET Journal
 
PPTX
Keepnet Labs. Cybersecurity Awareness 5min. Presentation
Keepnet Labs.
 
PDF
Information Security Awareness
Net at Work
 
PPTX
Paper ID 43 Widia Febriyani ppt conference.pptx
feywidia
 
PPT
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...
Jason Hong
 
PPT
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Jason Hong
 
PPT
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Jason Hong
 
PPTX
Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
SecureData Europe
 
PPT
Teaching Johnny Not to Fall for Phish, for ISSA 2011 in Pittsburgh on Feb2011
Jason Hong
 
PPTX
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 
PPT
Teaching Johnny Not to Fall for Phish, for ISSA 2010 on May 2010
Jason Hong
 
PPTX
Aware Demo Guide For Cyber Security program
sudsdeep
 
PPTX
Dont take the bait Webinar Deck English Version
mrrakosa
 
PDF
PHISHING PROTECTION
Sylvain Martinez
 
PDF
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
centralohioissa
 
PDF
phishing facts be aware and do not take the bait
ssuser64f8f8
 
PDF
How Can You Prevent Phishing | Digitdefence
Rosy G
 
Infosec IQ - Anti-Phishing & Security Awareness Training
David Alderman
 
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
Jason Hong
 
How to Create a Security-Aware Culture in Your Company
David McHale
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
IRJET Journal
 
Keepnet Labs. Cybersecurity Awareness 5min. Presentation
Keepnet Labs.
 
Information Security Awareness
Net at Work
 
Paper ID 43 Widia Febriyani ppt conference.pptx
feywidia
 
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...
Jason Hong
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Jason Hong
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Jason Hong
 
Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
SecureData Europe
 
Teaching Johnny Not to Fall for Phish, for ISSA 2011 in Pittsburgh on Feb2011
Jason Hong
 
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 
Teaching Johnny Not to Fall for Phish, for ISSA 2010 on May 2010
Jason Hong
 
Aware Demo Guide For Cyber Security program
sudsdeep
 
Dont take the bait Webinar Deck English Version
mrrakosa
 
PHISHING PROTECTION
Sylvain Martinez
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
centralohioissa
 
phishing facts be aware and do not take the bait
ssuser64f8f8
 
How Can You Prevent Phishing | Digitdefence
Rosy G
 
Ad

More from Prime Infoserv (20)

PDF
Face Recognition under COVID19 crisis
Prime Infoserv
 
PDF
Face Chk - Face Recognition
Prime Infoserv
 
PDF
Data Protection and E-contracting
Prime Infoserv
 
PDF
Remote Workforces Secure by Barracuda
Prime Infoserv
 
PDF
Trend micro research covid19 threat brief summary 27 mar
Prime Infoserv
 
PPTX
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Prime Infoserv
 
PDF
IBM Qradar & resilient
Prime Infoserv
 
PDF
DLP solution - InDefend in WFH Situations
Prime Infoserv
 
PDF
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 
PDF
Endpoint Detection & Response - FireEye
Prime Infoserv
 
PPTX
Corporate Presentation - Netmagic
Prime Infoserv
 
PDF
Teamwork with Microsoft Teams
Prime Infoserv
 
PDF
Microsoft Teams-flyer
Prime Infoserv
 
PDF
Windows Virtual Desktop Customer benefits
Prime Infoserv
 
PDF
Email Security – Everyone is a Target
Prime Infoserv
 
PDF
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
PDF
BCM Webinar presentation
Prime Infoserv
 
PDF
FireEye Portfolio
Prime Infoserv
 
PDF
PaloAlto Enterprise Security Solution
Prime Infoserv
 
PDF
FireEye Solutions
Prime Infoserv
 
Face Recognition under COVID19 crisis
Prime Infoserv
 
Face Chk - Face Recognition
Prime Infoserv
 
Data Protection and E-contracting
Prime Infoserv
 
Remote Workforces Secure by Barracuda
Prime Infoserv
 
Trend micro research covid19 threat brief summary 27 mar
Prime Infoserv
 
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Prime Infoserv
 
IBM Qradar & resilient
Prime Infoserv
 
DLP solution - InDefend in WFH Situations
Prime Infoserv
 
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 
Endpoint Detection & Response - FireEye
Prime Infoserv
 
Corporate Presentation - Netmagic
Prime Infoserv
 
Teamwork with Microsoft Teams
Prime Infoserv
 
Microsoft Teams-flyer
Prime Infoserv
 
Windows Virtual Desktop Customer benefits
Prime Infoserv
 
Email Security – Everyone is a Target
Prime Infoserv
 
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
BCM Webinar presentation
Prime Infoserv
 
FireEye Portfolio
Prime Infoserv
 
PaloAlto Enterprise Security Solution
Prime Infoserv
 
FireEye Solutions
Prime Infoserv
 

Recently uploaded (20)

PDF
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
August Patch Tuesday
Ivanti
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
What is a Computer? Input Devices /output devices
GulJan8
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
August Patch Tuesday
Ivanti
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 

Phishing Simulation By Shield Alliance

  • 1. 1 Introduction EC-Council Training & Certification Division Professional Workforce Development IIB Council Division of Business Technology and Enterprise Digital Transformation Training and Certification Body EC-Council University Creating Cybersecurity Leaders of Tomorrow EC-Council Global Services Division of Corporate Consulting & Advisory Services Hackers are Here. WHere are you? 1 Shield Alliance International Private Limited EC-Council group company providing Cybersecurity Products/Solutions like OhPhish
  • 2. SHIELD ALLIANCE INTERNATIONAL LIMITED Competent Compliant Secure “Our lives are dedicated to the mitigation and remediation of the cyber plague that is menacing the world today.” Bishwajit Sutradhar Sales Lead –India & Saarc
  • 3. HUMAN ARE BEING USED TO ATTACK © 2019 EC Council Global Services
  • 5. PHISHING MAIL “All Human Connected to internet Received Millions of Phishing Mail on daily basis ” Human is the gateway for Cyber attack!!
  • 6. Phishing is a form of social engineering Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as natural disasters (e.g., Hurricane Katrina, Indonesian tsunami) epidemics and health scares (e.g., H1N1) economic concerns (e.g., IRS scams) major political elections What is Phishing?
  • 7. PHISHING ATTACK “Out of millions of phishing mail into any Network it takes a click to be a Victim of Cyber Attack ” Human is the weakest Link into SYSTEM
  • 8. 156 million phishing emails are sent out every day Email users receive up to 20 phishing emails each month On average, it takes just 82 seconds from the time for a phishing email to be distributed and the first victim is hooked. FEW FACTS & FIGURE The global spear phishing protection market is expected to reach a valuation of US$1.8 Billion by 2025. In terms of revenue, the market is projected to expand at a CAGR of 9.6% during the forecast period from 2017 to 2025. 91% of reported data breaches resulted from phishing schemes within 30 minutes of a phishing attack, 20% of user accounts were compromised The average large company loses $4 million every year to phishing attacks
  • 9. Spear phishing Clone phishing Whaling TYPES OF PHISHING MODES OF PHISHING Entice to Click Please give me your Credentials! Email Phishing IVR Response Capturing Voice Response Capturing Voice Phishing (Vishing) Please give me your Credentials! Do me a favour!Entice to Click SMS Phishing (SMShing) To open that Attachment or not? Conference call
  • 10. Private and Confidential Cyber Attacks triggered through Phishing A new study has revealed that a large- sized company in India loses an average of 71,96,72,000 Rs/- each year due to cyberattacks, while a mid-sized firm loses an average of 7916392 Rs/- annually. ... In addition, cybersecurity attacks have resulted in job losses in 64 percent of organizations that have experienced breaches. Phishing
  • 12. What is Vishing? Voice Phishing, commonly known as vishing, is the telephone equivalent of phishing. Like its email counterpart, vishing tricks users into revealing confidential information over the phone by posing as a trusted entity. Vishing scams can be very convincing because these callers are usually experts in their respective fields. The main reason why vishing scams are on the rise is because of how easily cybercriminals can execute these attacks with minimal risk of detection. Scammers often use caller ID spoofing to lend them credibility when they send out calls to potential victims. As a result, victims are compelled to pick up the call, especially if it appears to be coming from a legitimate source or from a number like their own.
  • 13. THE SOLUTION “Building organizational memory by building subconscious competency and human firewall to protect the organization” EARLY WARNING SYSTEM
  • 14. HOW CAN WE HELP? Design Simulation Campaign Initiate/Execute the Campaign Monitor the Campaign Analyze Report Remediate 1 3 4 5 2
  • 16. 2 – 12: OUR ADVANTAGE  On-demand customization  Integration with existing systems  Simple, intuitive UI  Flexible & Time efficient  Single platform to conduct Phishing, Vishing and Smishing simulations  Complete DIY solution  Scalable  Management Dashboards & Executive Reporting Structure  Integrated with world class LMS  Pre-defined repository of templates.  24X7 support.
  • 17. AGILE HOSTING MODEL The shortest delivery time, OPEX Model Cloud Solution A mixture of OPEX and CAPEX Hybrid Solution CAPEX model. On Premise Solution Shield Alliance gives flexibility to customers to choose the model of delivery based on their preferences. 1. OUR ADVANTAGE
  • 18. Intelligence Gathering 15. CREATING THE HUMAN FIREWALL DefenseviaPhishingReporter Report User Cybersec Department Phishing Simulation report Reporting to Phishing Simulation adds to report. OhPhish shall gather intelligence related to potential (non-simulation) Phishing email(s) reported. Further, the email along with intelligence gathered shall be sent to respective information security/ incident response teams. EARLY WARNING SYSTEM: “OHPHISH” REPORTER
  • 19. Department Wise Phishing link clicked Summary 5 4 4 2 1 2 1 4 0 1 3 3 0 2 0 0 1 2 3 4 5 6 Marketing Finance Sales System Support Admin Phishing Link Clicked Summary Total Employees Phishing Link Clicked Phishing Link Not Clicked Departments Total Employees Phishing Link Clicked Phishing Link Not Clicked Compliance % Marketing 5 2 3 60% Finance 4 1 3 75% Sales 4 4 0 0% System Support 2 0 2 100% Admin 1 1 0 0% Grand Total 16 8 16 50%
  • 20. Overall Summary Employee Id Employee Name EmployeeMail Department Mail Opened Time Mail Clicked Time Phishing Link Clicked 1 User kousikster@gmail.com Admin Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 3:28 PM Yes 5 User souvikbanik92@gmail.com Sales Tue, Oct 29, 2019 3:25 PM Wed, Oct 30, 2019 4:11 PM Yes 2 User soumyadeb260@gmail.com Sales Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 5:27 PM Yes 3 User koustuv02@gmail.com Sales Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 4:36 PM Yes 7 User chanchalpatra89@gmail.com Marketing Thu, Oct 31, 2019 6:25 PM Thu, Oct 31, 2019 6:26 PM Yes 9 User tchakraborty28@gmail.com Marketing Tue, Oct 29, 2019 3:25 PM Wed, Oct 30, 2019 11:25 AM Yes 6 User sayantanbhattacharjee.04@gmail.co m Marketing Tue, Oct 29, 2019 3:25 PM Nil No 12 User mamata10momi@gmail.com Finance Tue, Oct 29, 2019 3:25 PM Nil No 10 User urmi.dasadhikari007@gmail.com Marketing Tue, Oct 29, 2019 3:25 PM Nil No 14 User anupam21@gmail.com Finance Tue, Oct 29, 2019 3:35 PM Nil No 11 User sanjoy633@gmail.com Finance Tue, Oct 29, 2019 3:25 PM Tue, Oct 29, 2019 5:06 PM Yes 4 User rishinbanerjee2013@gmail.com Sales Tue, Oct 29, 2019 4:07 PM Tue, Oct 29, 2019 4:09 PM Yes 15 User ani.cs2008@gmail.com System Support Tue, Oct 29, 2019 3:25 PM Nil No 8 User hi92deependra@gmail.com Marketing Tue, Oct 29, 2019 3:25 PM Nil No 13 User dipankar.dipu.99@gmail.com Finance Tue, Oct 29, 2019 3:25 PM Nil No 16 User sourav.mitra@live.com System Support Nil Nil No
  • 21. Remediation through Security Awareness Training Awareness Training Dashboard 4 Steps To Complete Awareness Training Sample Training Videos Phishing Spear Phishing SMSshing USB Baiting
  • 22. LMS - Security Awareness Training A world class platform to provide extraordinary security awareness training content. E-leaning gives organizations an access to plethora of videos, interactive cyber security awareness contents and pre- designed module to select from or create their own security awareness training for their employees. Kwizzer is a part of gamification that brings fun, interaction and learning to users who opt or have been assigned to play security awareness quizzes. LearningManagementSystem
  • 23. Learning Management System KwizzerE-learning  IeL Premium Videos • IeL Premium Micro-Videos • IeL long Videos with Quiz  Shield Alliance Micro Videos  CSCU Videos  Shield Alliance e-learning Module  Practice Mode Quizzes  Challenge Mode Quizzes  Quiz Master Mode
  • 24. Microsoft O365 Onboarding of Users  Auto-delivery of training reports to Admin  Branch wise Reports  Designation wise Reports  Department wise Reports Detailed Reporting  Executive Report  Management Dashboard Leader board 01 02 03 04 05 Custom Alerts G-Suite Active Directory CSV/XLS file upload Manual Entry Microsoft O365 Authentication of Users G-Suite Active Directory Simple Login and Password  Training Reminders to users LMS: E-Learning Key Features
  • 25. LMS: Kwizzer Key Features User Onboarding Detailed Reporting Custom Alerts Authentication of User Leader board 01 02 03 04 05  Auto-delivery of training reports to Admin  Branch wise Reports  Designation wise Reports  Department wise Reports  In-app notification for Quiz Master Mode  Auto e-mail notification for Quiz Master Mode  Pending Quiz reminders to users  Leader board for Admin with top 3 scorers highlighted  User score and top 3 scorers
  • 26. Learning Management System User Certification  Customizable Template  Can replace/add logo(s)  e-Certificate
  • 27. Training Content Premium Security Awareness  Security Awareness Essentials  Security Awareness - Strongest Link  Security Awareness Essentials  Security Awareness – A Day in the Life  Working Remotely  Physical Security  Password Mgmt  Cloud Security  IoT/Home Security  Security Awareness for the Home  Introduction into Insider Threats  Protecting Against Malicious Insiders  Incident Reporting  Social Media BYOD/Mobile Security  Protecting Mobile Data and Devices Phishing Awareness  Phishing  Phishing Defense Essentials  Email & Instant Messaging Security Social Engineering  Social Engineering (Advanced) Ransomware  Ransomware: How to Defend Yourself Malware  The Malware Threat  Preventing Malware: Mobile Devices Security Awareness for Executives  Security Awareness for Executives  Security Awareness for Managers Power User Training  Baseline Information Security Training for IT Professionals  OWASP Top 10 Web Application Vulnerabilities Page 1
  • 28. Compliance  HIPAA/HITECH Privacy for Business Associates  HIPAA/HITECH Privacy for Covered Entities  PCI Essentials for Account Data Handlers and Supervisors - DSS 3.2  PCI Requirements Overview for IT Professionals - DSS 3.2  Privacy and Data Protection  Preventing Bullying in the Workplace  Preventing Workplace Violence for Supervisors  Active Shooter  GDPR: How to Comply With the GDPR in the US  Phishing Defense Best Practices  Before You Post  Living Mobile Secure Training Content Premium Compliance  Password Strong  The Fake App Trap  Fake News  Home Cybersecurity  Evil Twin  Home Invasion: The Internet of Terrors?  (Defending Against Ransomware)  Tales From CPU City™ (Episode 1) – Cryptojacking  Tales From CPU City™ (Episode 2) - Tailgating  Protecting Against Spear Phishers  The Business Email Compromise  SMiShed!  How to Defeat Social Engineers  The In-Personator: A Social Engineering Threat  USB Baiting: Don't Take the Bait Page 2
  • 29. Training Content  Module 1.1 - Data Digital Building Blocks (Done)  Module 1.2 - Importance of data in the Information age  Module 1.3 - Threats to Data  Module 1.4 - Data Security  Module 1.5 - Elements of Security  Module 1.6 - Implementing Security  Module 2.1 - Securing Operating System  Module 2.2 - Guidelines to Secure Windows 10  Module 2.3 - Guidelines to MAC OS X Security  Module 3.1 - What is Malware  Module 3.2 - What is Anti virus  Module 3.3 - Kaspersky 3.0  Module 3.4 - Avast Anti virus CSCU Standard CSCU  Module 4.1 - Understanding web browser concepts  Module 4.2 - What is Instant Messaging  Module 4.3 - Child online Safety  Module 5.1 - Introduction to Social Networking sites  Module 5.2 - Geotagging  Module 5.3 - Social media threat to minors  Module 5.4 - Social Networking Sites Facebook  Module 5.5 - Social Networking Sites Twitter  Module 6.1 - Introduction to Email  Module 6.2 - Email Security.mov  Module 6.3 - Email Security Procedures  Module 6.4 - Encryption  Module 6.5 - Email Security Tools Page 3
  • 30. Training Content  Module 7.1 - Securing Mobile Devices  Module 7.2 - Understanding Mobile Device Threats  Module 7.3 - Understanding Various Mobile Security Procedures  Module 7.4 - Understanding how to secure IOS Devices  Module 7.5 - Understanding how to secure Android Devices  Module 7.6 - Understanding how to secure Windows Phone Devices  Module 7.7 - Mobile Phone and Bluetooth Security  Module 8.1 - The Concept of Cloud  Module 8.2 - Threats to Cloud Security  Module 8.3 - Cloud Privacy Issues & Choosing service provider CSCU Standard CSCU  Module 9.1 - Understanding Various Networking Concepts  Module 9.2 - Understanding Setting Up a Wireless Network  Module 9.3 - Understanding Threats to Wireless Network Security and Countermeasures  Module 10.1 - Data Backup Concepts  Module 10.2 - Types of Data Backup  Module 10.3 - Windows 10 Backup and Restore Procedures  Module 10.4 - MAC OS X Backup and Restore Procedures  Module 10.5 - Understanding Safe Data Destruction Page 4
  • 31. CORPORATE HISTORY ORGANIZATIONS THAT USE(D) OUR SOLUTION Security Awareness & Phishing Simulations using OhPhish Trainings