phishing Archives - Jean-Christoph von Oertzen

Ethical considerations in phishing tests: to inform employees or not?

jean-christoph — Sat, 13 Jan 2024 12:25:55 +0000

TL;DR This article delves into the ethical considerations in phishing tests, highlighting the balance needed between conducting realistic simulations and maintaining fairness in cybersecurity training. This article explores the complexities of conducting phishing simulations in the workplace. Key takeaways include the importance of transparency in fostering a positive security culture, building trust through clear communication, […]

The post Ethical considerations in phishing tests: to inform employees or not? appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Implement DMARC the Right Way to Keep Phishing Attacks Out of Your Inbox

jean-christoph — Thu, 15 Jul 2021 19:10:52 +0000

My key takeaways DMARC uses SPF and/or DKIM In 2021 the National Defense Authorization Act says the Department of Homeland Security (DHS) must implement DMARC US wide there exists an RFC for "email from" SPF = receiving email server checks MAIL FROM address or the domain’s IP address in the HELO handshake against the sender’s […]

The post Webinar takeaway: Implement DMARC the Right Way to Keep Phishing Attacks Out of Your Inbox appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: Roger Grimes Teaches You Phishing Mitigation

jean-christoph — Wed, 12 May 2021 19:00:36 +0000

My key takeaways ~40 threats/day in 2020 to take care of top 3 initial breach root causes social engineering unpatched software (>90% Java) medium threat general mitigations policies tech. defenses security awareness training Also educate your vendors about your AUP include a phishing mitigation section in your AUP paying everybody $1000/year who doesn’t fall for […]

The post Webinar Takeaway: Roger Grimes Teaches You Phishing Mitigation appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: Why a Security Awareness Program Isn’t Enough to Secure Your Network

jean-christoph — Tue, 27 Apr 2021 18:25:53 +0000

My key takeaways Humans are the de-facto top choice for cybercriminals seeking to gain access into an organization. Security Awareness & frequent simulated social engineering testing is a proven method to reduce your organization’s phish prone percentage. The ideal situation for a cyber criminal or social engineer is to hijack the OODA loop by creating […]

The post Webinar Takeaway: Why a Security Awareness Program Isn’t Enough to Secure Your Network appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s

jean-christoph — Thu, 01 Apr 2021 18:17:02 +0000

My key takeaways Automation tools like Ansilble, terraform and docker can also create a evil environment eg for phishing Don’t put sensible tokens or passwords in ainsible config files but use a cloud password manager and pull the pass as variable into ainsible Best of phishing themes: give away 2 iPhones or check a link […]

The post Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s appeared first on Jean-Christoph von Oertzen.

WEBINAR TAKEAWAY: When the Bad Guys Hide in Plain Sight: Hacking Platforms You Know and Trust

jean-christoph — Wed, 09 Dec 2020 20:40:43 +0000

MY KEY TAKEAWAYS already 20 years ago, Kevin Mitnick testified before US Senate and highlighted social engineering and the need for training. Still today changing human behaviour is most times the weakest point. threat actors have almost unlimited time to do extensive research before an attack, so they are extremly good at buidling the trust […]

The post WEBINAR TAKEAWAY: When the Bad Guys Hide in Plain Sight: Hacking Platforms You Know and Trust appeared first on Jean-Christoph von Oertzen.