Overview
Explore the science of phishing in this 28-minute conference talk by Karla Burnett at NorthSec. Delve into the psychology behind phishing attacks and examine real-world case studies from a Bay Area tech company. Learn about conversion rates for various attacks and discover how existing protections were circumvented. Gain insights into recent technological advancements in phishing prevention and acquire evidence-based techniques to prevent credential phishing, rather than just mitigating its effects. Cover topics such as the psychology of phishing, attack vectors, domain protections, SMS 2FA, phishing training effectiveness, cryptographic authentication, and limitations of current prevention methods. Equip yourself with valuable knowledge to enhance your organization's defense against sophisticated phishing attempts.
Syllabus
Introduction
What is phishing
Psychology of phishing
System 1 vs System 2
Attack vectors
Credentialbased phishing
Realworld examples
Domain protections
Phishing examples
Plain text vs HTML
Phishing pages
SMS 2FA
Phishing Training
Depressing Industry State
Whats the Point
Cryptographic Authentication
U2F
SSO
Limitations
Google Docs
Conclusion
Taught by
NorthSec