Aaron Higbee
April 21, 2005
Presentation Title: Phishing Attacks: A guide to self assessment
Presentation Details:
This is not another presentation about identifying phishing attacks and other scams. Phishing Attacks, a guide to self assessment aims to answer all the political and technical questions in planning and executing a phishing exercise for your own organization.
The audience will learn how to organize a phishing attack and leverage it into an exercise that will test user awareness and IT’s procedures to phishing incident response. Technical topics will include:
1.) How to word a compelling, believable phishing email scenario
2.) How to build the phishing web server
3.) How to mass mail the phishing scam to bypass potential mail filters
4.) How to safely collect the data of those who fall for the scam
The presentation will also cover the non-technical considerations that need to be thought of before and after the attack. If the phishing attack was planned right, the email and firewall team will be better prepared to respond to this threat, and more importantly, the recipient will gain valuable security awareness training that will help them at work and at home. With proper planning and execution, the victims actually thank you when it’s over.
About Aaron:
Aaron Higbee is a principal consultant for Foundstone, a division of McAfee. Prior to Foundstone, Aaron was a network abuse investigator for Earthlink Network and Roadrunner and has witnessed every type of Internet abuse since its inception. Aaron draws on his consulting experience building phishing exercises for Foundstone’s clients.