EMAIL SPOOFING cyber security presentation.pptx
Shrutha4
133 views
12 slides
Sep 03, 2024
Slide 1 of 12
1
2
3
4
5
6
7
8
9
10
11
12
About This Presentation
cyber security
Slide Content
EMAIL SPOOFING INSTANCES Yashawanth Anchan KN Poorna M ShruthaKeerthiRaj Prasthuth Shetty WITH Presentation by:
Email spoofing is the creation of email messages with a forged sender address. Typically used to deceive recipients into thinking the email is from a trusted source. Can lead to phishing attacks, data breaches, financial loss, and reputational damage. What is Email Spoofing?
Forging Sender Address: Attackers manipulate the email header to fake the sender's address. Deceptive Content: Emails often contain misleading information or malicious links. Spoofed emails are sent to unsuspecting recipients. How Email Spoofing Works
Financial Loss: Direct monetary loss due to fraud. Data Breach: Unauthorized access to sensitive information. Reputational Damage: Loss of trust from customers and partners. Legal Implications: Potential lawsuits and regulatory penalties. Consequences of Email Spoofing
Technical Measures: SPF (Sender Policy Framework): Validates the sender's IP address. DKIM (DomainKeys Identified Mail): Verifies the message's integrity. DMARC (Domain-based Message Authentication, Reporting & Conformance): Aligns SPF and DKIM to prevent spoofing. User Awareness: Regular training on recognizing and handling suspicious emails. Incident Response Plan: Develop a plan for responding to email spoofing incidents. Prevention and Mitigation
Incident: Over a period of two years, cybercriminals used email spoofing to impersonate a Taiwanese hardware supplier, Quanta Computer, and trick employees at Google and Facebook into wiring payments for fake invoices. The attackers sent spoofed emails that appeared to be from legitimate Quanta employees, requesting payment for services rendered. Impact: Google and Facebook collectively lost over $100 million to the scam before it was discovered. The attacker behind the scheme was eventually caught and extradited to the United States to face charges. Google and Facebook Scams (2013-2015)
Incident: UCSF, a major research university, fell victim to a ransomware attack that started with an email spoofing campaign. Attackers used spoofed emails to trick employees into downloading malicious files, which then encrypted critical research data, including COVID-19 research. The attackers demanded a ransom to decrypt the data. Impact: UCSF ended up paying a ransom of $1.14 million to recover their files. The attack disrupted important research and raised concerns about the security of academic institutions, especially those involved in critical public health research. University of California, San Francisco (UCSF) Ransomware Attack (2020)
Incident: In a high-profile incident in July 2020, Twitter accounts of prominent individuals and companies, including Elon Musk, Bill Gates, and Apple, were hacked in a coordinated attack. The attackers used email spoofing as part of their initial social engineering efforts to gain access to Twitter's internal tools. Once inside, they sent out tweets from the compromised accounts promoting a Bitcoin scam. Impact: The scam resulted in the theft of over $100,000 in Bitcoin within a few hours. The incident highlighted the risks associated with social engineering and email spoofing, even within major tech companies, and led to increased scrutiny of Twitter's security practices The Bitcoin Scam on Twitter (2020)
Incident: Mattel, the toy manufacturing giant, fell victim to a BEC attack in 2015 when an employee received an email that appeared to be from the CEO. The email requested an urgent $3 million wire transfer to a new Chinese vendor. The transfer was authorized and completed, but the company later discovered it was a scam. Impact: Fortunately for Mattel, the Chinese bank was closed for a holiday when the fraud was discovered, allowing Mattel to reverse the transaction. However, the incident was a close call and led to tighter security measures within the company Mattel (2015)
Incident: Sony's PlayStation Network (PSN) was breached in 2011, leading to the theft of personal information from 77 million user accounts. The breach was partly facilitated by email spoofing and phishing attacks targeting Sony employees, which allowed attackers to gain access to the network. Impact: The breach forced Sony to shut down the PSN for several weeks, causing significant disruption to users and leading to substantial financial losses. Sony also faced legal action and was required to improve its cybersecurity measures The Sony PlayStation Network Breach (2011)
Incident: Snapchat was targeted by an email spoofing attack in 2016, where attackers impersonated the CEO and requested sensitive payroll information from the HR department. The HR employee, believing the email to be legitimate, sent over the payroll data of hundreds of current and former employees. Impact: The data breach exposed the personal information of Snapchat employees, including their Social Security numbers. Snapchat quickly notified the affected individuals and offered identity theft protection, but the incident raised awareness about the need for stronger internal security protocols. Snapchat (2016)
Email spoofing is a significant cyber threat with serious consequences. Encourage organizations and individuals to adopt best practices to prevent and mitigate spoofing attacks. Conclusion
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 133
- Slides 12
- Age 455 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
21 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views