Ichthyology: Phishing as a Science presented at CircleCityCon 2017

by Karla Burnett,

Summary : Many companies view phishing as a given: employees will click links and enter credentials, and we just need to be okay with that. Phishing prevention usually takes the form of training, and a warning to be careful when reading email.
But does phishing training actually work?
In this talk, we'll cover the psychology behind successful phishing campaigns, then walk through a series of attacks run against a Bay Area tech company. We'll cover how effective campaigns were built, including bypassing existing protections. Finally, we'll discuss evidence-based techniques to prevent, rather than just mitigate, credential phishing.