3rd Annual Cybersecurity Awareness Conference
October 22, 2021 - Virtual Only
Virtual Workshop 10/22 2-3:30pm
Topic: Phishing and Spoofed Email Investigations
Register here.
Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details, by disguising oneself as a trustworthy entity in an email. Email spoofing is the creation of email messages with a forged sender address. It is the fabrication of an email header in the hopes of duping the recipient into thinking the email originated from someone or somewhere other than the intended source.
The main purpose of most phishing emails today is to deliver, directly or indirectly, some form of ransomware. Namely, phishing emails may have malicious attachments including some hidden macros (programs). Hidden macros may download other trojans/malware. Trojans may provide remote control to the attackers. Attackers may access, read, modify, steal, publish or encrypt your data to demand ransom. Also, attackers can use your computer to conduct another attack on another system. Last and the biggest issue is that attackers can move laterally in the network to access the organization's database to steal valuable data.
Many hacking activities may also start with a spoofed email. People can share sensitive information or obey some orders by assuming the email comes from their manager or CEOs. It might be devastating in a company or a governmental organization.
Nowadays, higher education departments, especially student accounts are under attack with spoofed and phishing emails. We will also discuss business email compromise and weaponized compromised email accounts.
Last, attendees will experience real spoofed and phishing email investigations including email header analysis and IP address investigation.
The goal of this presentation is to give more insight to the end-users with phishing email awareness and getting cybersecurity enthusiasts to be familiar with phishing email investigations.
