Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

Mod106-TargetedAttacks-ESS-LiveAction

0 (0 Likes / 0 Dislikes)
>>Hey Simon, have you seen my lunch? >>No, I have not. But Marcus has a delicious looking turkey sandwich that he insisted he made himself for some reason. >>Did he now? >>He did. I wanted to thank you for reporting that phishing email you came across yesterday. It is often the case that cyber attacks are nothing more than opportunistic attempts at randomly targeting different people. But this phishing email was a unique attack that was sent to you specifically. >>Really? >>A similar email was sent to only three other employees, actually, and we caught those as well. Here, let me show you. As you can see, all of them appear to be coming from the Regional Manager, Donna Thorpe. >>Yeah, I saw that that was not her normal email signature. This email signature just says, “Sent from my iPhone.” >>Donna most definitely did not send this email. She does not even have an iPhone. [laughing] [reading aloud] >>Subject: URGENT. Linda, I am on the road this week and my work laptop just crashed. (Help desk is overnighting me a new one.) Can you email me the entire employee phone list? I need to contact some folks ASAP. Please reply to my personal email account, as I do not have access to my work email right now. >>It is a classic spear phishing email. >>A targeted attack? >>That is right. The attacker did their research. It is more than likely that they would know that Donna would be travelling. They chose four of her coworkers — probably identified you four through the website, LinkedIn, or other social media channels. And then they tailored this email pressuring each of you to ignore our security policies by sending sensitive information to a personal email account. >>Do you know why we were targeted? >>They probably only intended to use you as a stepping stone. Either they are trying to infiltrate our organization, or it could be a part of a more elaborate attack; the ultimate target might be one of our suppliers or our clients. Before they can leverage any attack, these cyber attackers first need to get a foothold. >>I am careful with what I share online, but it is creepy to think that they would have been doing research on me. >>Well, they chose the wrong target with you: you are one of our most security conscious employees. You recognized it as a spear phishing attempt because you know what to look for. >>I was suspicious right away. It is not something Donna would ask for, and it does not sound like her either. The tone is all wrong. Plus, the email is going overboard trying to create a sense of urgency. I also checked to see if the Reply email was really Ms. Thorpe’s actual work address. >>Quite right. And your suspicions were confirmed; the email address was a spoof. >>The From email looked to be legitimate, but it was just slightly off. I saw that if you click the Reply button… …I would actually be replying to a personal email account, and I have no idea who controls that account. That is why I called you right away. >>If only everyone were as conscientious as you, Linda, it would make my job a lot easier. Here, let me buy you lunch. >>Thanks, because apparently, I do not have any!

Video Details

Duration: 3 minutes and 15 seconds
Country:
Language: English
License: Dotsub - Standard License
Genre: None
Views: 5
Posted by: open on Dec 19, 2019

hd (3)

Caption and Translate

    Sign In/Register for Dotsub above to caption this video.