This title slide introduces a presentation on "Phishing Attacks & Cyber Awareness." It is presented by Dixit Thummar, a Cyber Security Analyst.

PHISHING ATTACKS & CYBER AWARENESS

Presented by Dixit Thummar Cyber Security Analyst

Source: Presented by Dixit Thummar, Cyber Security Analyst

This introductory slide defines phishing as deceptive emails or links that steal sensitive data, citing over 300,000 attacks daily worldwide in 2023. It outlines goals to educate users on threats, prevent incidents, and empower proactive defenses.

Introduction

• Phishing: Deceptive emails/links stealing sensitive data
• 300,000+ attacks daily worldwide (2023 stats)
• Goals: Educate users on threats
• Goals: Prevent phishing incidents
• Goals: Empower proactive defenses

Source: Phishing Attacks & Cyber Awareness - Dixit Thummar, Cyber Security Analyst

Phishing involves fraudulent attempts to steal sensitive information by impersonating trusted organizations or individuals. It is delivered via email, SMS, or phone calls and exploits urgency, fear, or curiosity.

What Is Phishing?

• Fraudulent attempts to steal sensitive information
• Delivered via email, SMS, or phone calls
• Impersonates trusted organizations or individuals
• Exploits urgency, fear, or curiosity

Source: Phishing Attacks & Cyber Awareness

Hackers favor phishing for its low cost and high success rate, with 1 in 10 clicks succeeding. It bypasses technical defenses by exploiting human vulnerabilities and scales effectively for ransomware and BEC attacks.

Why Hackers Use Phishing

• Low cost, high success rate (1 in 10 clicks)
• Bypasses technical defenses
• Targets human vulnerabilities
• Scalable for ransomware & BEC

Source: Phishing Attacks & Cyber Awareness

This timeline slide outlines the phishing kill chain in five phases: Recon (target research via social media or breaches), Weaponize (crafting deceptive emails/SMS/sites), and Deliver (distribution via email, texts, or calls). It continues with Exploit (victim clicks or enters credentials) and Install & Actions (malware deployment for data theft or ransomware).

How Phishing Works (Kill Chain)

Phase 1: Recon: Target Research Attacker gathers intel on victims via social media, company sites, or data breaches for targeted attacks. Phase 2: Weaponize: Craft Lure Create deceptive email, SMS, or site with malicious links, attachments, or forms to trick users. Phase 3: Deliver: Email/SMS Distribute phishing payload through email, text messages, calls, or compromised legitimate services. Phase 4: Exploit: Victim Click Target interacts by clicking links, downloading files, or entering credentials, activating the exploit. Phase 5: Install & Actions: Malware Malware deploys on device; attacker steals data, deploys ransomware, or gains persistent access.

Source: Phishing Attacks & Cyber Awareness - Dixit Thummar

This slide overviews key phishing types, including mass email phishing, targeted spear phishing, and whaling aimed at executives. It also covers smishing via SMS, vishing over phone calls, pharming through DNS poisoning, and BEC for business fraud.

Types of Phishing (Overview)

• Email Phishing: Mass deceptive emails to many users.
• Spear Phishing: Targeted emails to specific individuals.
• Whaling: Spear phishing aimed at executives.
• Smishing: Phishing attacks via SMS/text messages.
• Vishing: Voice phishing over phone calls.
• Pharming: DNS poisoning to fake sites.
• BEC: Business Email Compromise for fraud.

Source: Phishing Attacks & Cyber Awareness by Dixit Thummar

This slide outlines key signs of email phishing, such as unexpected sender addresses, urgent or threatening language, suspicious links or attachments, poor grammar, and generic greetings. It advises hovering over links to verify legitimate URLs.

Email Phishing: Signs to Spot

• Unexpected or unknown sender addresses
• Urgent or threatening language demanding action
• Suspicious links or unexpected attachments
• Poor grammar, spelling, or formatting errors
• Generic greetings like 'Dear User' or 'Hello'
• Hover over links to verify legitimate URLs

Source: Dixit Thummar, Cyber Security Analyst

The slide details Smishing, where attackers send deceptive SMS alerts urging clicks to malware or phishing sites, advising users to verify senders and delete suspicious texts. It also covers Vishing, involving spoofed calls from scammers posing as authorities to extract info or money, recommending hanging up and independently verifying via official channels.

SMS (Smishing) & Voice (Vishing)

Source: Phishing Attacks & Cyber Awareness - Dixit Thummar, Cyber Security Analyst

This slide warns that phishers perfectly clone legitimate sites, easily obtain HTTPS certificates, and use typosquatting like paypa1.com to deceive users. It busts the padlock myth, urging careful verification of the full URL since HTTPS does not ensure safety.

Fake Websites & HTTPS Myths

• Phishers clone legitimate sites perfectly
• HTTPS ≠ safe: certificates are easy to obtain
• Typosquatting tricks like paypa1.com fool users
• Always verify the full URL carefully
• Bust the padlock myth: icon doesn't guarantee security

This slide details a BEC case study where Lithuanian scammers stole $100M from Google and Facebook (2013-2015) using fake vendor invoices. Key lessons: verify payments and implement 2FA.

Case Study: Google & Facebook BEC

!Image

• Lithuanian scammers stole $100M (2013-2015)
• Fake invoices posed as vendors
• Lessons: Verify payments, implement 2FA

Source: Business email compromise

Phishing leverages psychological principles like authority, scarcity, and reciprocity to manipulate victims into hasty actions. It applies Cialdini's persuasion techniques and exploits brain heuristics, underscoring that "humans are the weak link."

Psychology Behind Phishing

• Leverages authority: Obey trusted leaders unquestioningly.
• Creates scarcity: Urge action under time pressure.
• Invokes reciprocity: Repay favors from 'generous' sources.
• Applies Cialdini's persuasion principles.
• Exploits brain heuristics and shortcuts.
• "Humans are the weak link."

Source: Phishing Attacks & Cyber Awareness - Dixit Thummar

Phishing inflicts $4.5 billion in annual global losses (2023 estimate) and causes 36% of data breaches. Victim organizations face 90% reputation damage and 48 hours of average downtime per incident.

Impact of Phishing

• $4.5B: Annual Losses

2023 global estimate

• 36%: of Breaches

Phishing caused

• 90%: Reputation Damage

Victim organizations

• 48 hrs: Avg Downtime

Per incident Source: FBI IC3 2023, Verizon DBIR

90% of phishing attacks originate via email, with 83% succeeding through malicious link clicks. The average cost of a data breach is $4.45 million.

Key Statistics (Chart Data)

• 90%: Attacks Via Email

Majority of phishing attacks originate from email.

• 83%: Success with Malicious Links

Phishing emails succeed via link clicks.

• $4.45M: Average Breach Cost

Typical financial impact of a breach. Source: Verizon DBIR, FBI

This slide, titled "How to Identify Phishing (Checklist)," provides a bullet-point list of key detection steps. It advises verifying the sender, hovering over links to check URLs, scanning for grammar/spelling errors, confirming attachments, and pausing urgent requests for independent verification.

How to Identify Phishing (Checklist)

• Verify sender is known and trusted.
• Hover over links to check destination URL.
• Scan for grammar, spelling, or formatting errors.
• Confirm attachments are safe and expected.
• If urgent, pause and verify independently.

Source: Dixit Thummar, Cyber Security Analyst

Real emails use official sender domains, professional subject lines without urgency, matching hover links, and proper grammar/branding. Fake emails feature suspicious domains, alarming subjects with pressure tactics, unrelated hover URLs, and typos/poor design.

Real vs Fake Email (Summary)

| - Official sender domain (e.g., support@bank.com)

• Clear, professional subject line
• No urgency or threats
• Hover link matches domain
• Proper grammar and branding | - Mismatched or suspicious domain (e.g., bank-support.net)
• Vague, alarming subject (e.g., 'Account Issue!')
• Pressure tactics: 'Act now or lose access!'
• Hover reveals unrelated URL
• Typos, poor design |

Source: Dixit Thummar, Cyber Security Analyst

The slide "Personal Protection Strategies" outlines key cybersecurity practices: using unique passwords with a manager, enabling MFA everywhere, and installing updated antivirus software. It also emphasizes cultivating skepticism by verifying before acting and reporting suspicious activity immediately.

Personal Protection Strategies

• Use unique passwords with a password manager.
• Enable multi-factor authentication (MFA) everywhere.
• Install and update reputable antivirus software.
• Cultivate skepticism: verify before acting.
• Report suspicious activity immediately.

Organization-Level Controls outline enterprise-wide cybersecurity measures. Key recommendations include advanced email filters, phishing training, DMARC/SPF/DKIM protocols, SIEM monitoring, zero-trust architecture, and regular audits.

Organization-Level Controls

• Deploy advanced email filters and anti-phishing tools
• Run regular phishing training simulations
• Implement DMARC, SPF, and DKIM protocols
• Integrate SIEM for real-time threat monitoring
• Adopt zero-trust security architecture
• Conduct frequent security audits and reviews

Source: Dixit Thummar, Cyber Security Analyst

The "What To Do If Phished" agenda slide outlines five key response steps. They include disconnecting immediately from the internet, changing all passwords, scanning the device for malware, reporting the incident, and monitoring accounts closely.

What To Do If Phished

1. 1. Disconnect Immediately

Unplug from internet to stop malware or data exfiltration.

2. 2. Change All Passwords

Reset credentials for affected and linked accounts securely.

3. 3. Scan Your Device

Perform full antivirus/malware scan and update software.

4. 4. Report the Incident

Alert IT support, HR, and law enforcement authorities promptly.

5. 5. Monitor Accounts Closely

Watch financial statements and credit for unusual activity. Source: Dixit Thummar, Cyber Security Analyst

The slide "Key Learnings" emphasizes that phishing exploits trust, so always verify sources, prioritize education over tech alone, and combine tools with vigilance. It advises staying suspicious of urgent or unexpected communications as the best defense.

Key Learnings

• Phishing preys on trust: Always verify sources and requests.
• Prioritize education: Outperforms technology alone in prevention.
• Combine tools with awareness: Vigilance is your best defense.
• Stay suspicious: Question urgency and unexpected communications.

Source: Dixit Thummar, Cyber Security Analyst

The conclusion slide states that phishing is evolving and awareness serves as the key defense. It advises protecting yourself and your organization, ending with a Q&A invitation.

Conclusion

Phishing evolves; awareness is key defense.

Protect yourself & your organization. Q&A?

Source: Phishing Attacks & Cyber Awareness - Dixit Thummar, Cyber Security Analyst

This interactive slide, titled "Phishing IQ Quiz," features an image and prompts to spot phishing signs through true-or-false questions. It encourages audience engagement via polls, IQ tests, and quizzes to identify fakes.

Phishing IQ Quiz (Interactive)

!Image

• Spot phishing signs: True or False?
• Interactive polls: Vote now!
• Test your IQ: Engage audience
• Identify fakes: Quiz questions

Source: Wikipedia

The "Password Fortress (Interactive)" slide features an interactive demo for building strong passwords, complete with a quiz that tests strength instantly. It also includes a password generator with pro tips and fortress icons to visualize security levels.

Password Fortress (Interactive)

!Image

• Interactive demo to build strong passwords
• Quiz tests your password strength instantly
• Password generator with pro tips
• Fortress icons visualize security levels

Source: Wikipedia