Despite the use of many good spam filters and email security gateways, malicious emails still get through. A good security awareness program can help users spot and report these often dangerous messages. Many incident response teams simply instruct users to delete these messages, drop them into a spam bucket or just do it for them. Some go a step further and block the senders. These are great first steps, but there is more that can be and should be done for certain types of messages.
For instance, if the message appears to come from a business partner or customer, it may be a spoof or it might indicate an actual compromised email account, in which case we can help our partners by notifying them. If the email is executive fraud, leveraging highly targeted phishing in an attempt to steal money or PII, there may be steps that can be to disrupt the attacker's infrastructure by reporting the issue to service providers.
What happens if an attacker spoofs your company as the sender and is targeting your customers? This presentation will examine some real-world examples in order to help you understand what email headers can tell you about the email's life cycle and dependencies and how you can leverage this data to enhance your security awareness program. From there we will use tools like Who Is to find out a lot about the who, what, when and where of these malicious messages. Sometimes it is a trail to nowhere, but sometimes it's not.
Keith Turpin is the Chief Information Security Officer (CISO) at Universal Weather and Aviation, a billion dollar, international aviation services company that operates 50 locations in 20 countries. He oversees all aspects of information security including strategy, policy, risk management, incidence response, vulnerability analysis, access management and security training. He also leads global IT infrastructure services including: Networking, Telecommunications, Server Infrastructure and Endpoint Management. Prior to Universal Weather and Aviation, Keith served as a cyber security Technical Fellow at The Boeing Company where he led Application Security Assessments, International IT Security Operations and Supply Chain Security. Keith has made several industry contributions including serving as a United States delegate to the International Standards Organization's (ISO) Cyber Security Sub-Committee, creating best practices as a contributor to the Open Trusted Technology Provider Framework (O-TTPF™), and leading the OWASP Secure Coding Practices project. Keith holds a MS in Computer Systems and a BS in Mechanical Engineering.
Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years' experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications.