The Future Outcome of the Phishing Epidemic

The History & Future OfPhishing Today, spam makes up over half of all emails Today, 92% of malware is delivered via email malicious phishing attacks 250% are on the rise by Spam became phishing when attackers began adding malicious content How did the From Spam To Scam epidemic begin? The Origins Of Email MIT's Compatible Time-Sharing System 1965 Stored shared files and messages on a central disk Users logged in from remote terminals to access ARPANET Gets The @ ARPANET allowed users to send messages between different computers 1971 DOC Ray Tomlinson introduced the @ symbol to help target a specific recipient Queen Elizabeth II became the first head of state to send an email 1976 First Email Standard То DARPA finalized the first email From 1977 standard within ARPANET >> Message begins It was the first, Included fields for "To" and "From", and the ability to forward messages but now we lay it de Now pause with me a From Spam To Scam The Birth Of Spam 1 May 1978 1233-HDT DIGITAL WILL BE GIVING A PRODUCT PRESENTATION OF THE NENEST MEMBERS OF THE DECSYSTEM-20 PANILY, THE DECSYSTEM-2020, 20207, 2060, AND 2060T. THE DECSYSTEM-20 VAMILY OF COMPUTERS HAS EVOLVED FROM THE TENEX OPERATING SYSTEM AND THE DECSYSTEM-10 COMPUTER ARCHI- TECTURE. BOZR THE DECSYSTEM-2060T AND 2020T OPFER FULL ARPANET SUP- PORT UNDER THE TOPS-20 OPERATING SYSTEM, First Mass Email 1978 Gary Thuerk sent the first spam email to 397 ARPANET users THE DECSYSTEM-2060 IS AN UPWARD EXTENSION OF THE CURRENT DECSYSTEM 2040 AND 2050 FAMILY. THE DECSYSTEM-2020 IS A NEW LOW END MEMBER OF THE DECSYSTEM-20 FAMILY AND FULLY SOFTWARE COMPATIBLE WITH ALL OF THE OTHER DECSYSTEM-20 MODELS. The move was so unpopular that no one would try again WE INVITE YOU TO COME SEE THE 2020 AND HEAR ABOUT THE DECSYSTEM-20 PAMILY AT THE TWO PRODUCT PRESENTATIONS WE WILL BE GIVING IN CALI- FORNIA THIS MONTH. THE LOCATIONS WILL BE: for over a decade TUESDAY, MAY 9, 1978 - 2 PM erYATT HOUSE (NEAR THE L.A. AIRPORT) LO8 ANGELES, CA THURSDAY, MAY 11, 1978 - 2 PM DUNFEY'S ROYAL COACH SAN KATRO, CA (4 MILES SOUTH OF S.F. AIRPORT AT BAYSHORE, RT 101 AND RT 92) A 2020 WILL BE THERE FOR YOU TO VIEW. ALSO TERMINALS ON-LINE TO OTHER DECSYSTEM-20 SYSTRMS THROUGH THE ARPANET. IF YOU ARE UNABLE TO ATTEND, PLBASE FEEL FREE TO CONTACT THE NEAREST DEC OFFICE FOR MORE INFORMATION ABOUT THE EXXCITING DECSYSTEN-20 FAMILY. Email Becomes A Security Threat The original LPad 1988 "Spamming" was a prank started by players of multi-user dungeon (MUD) games MUDers would flood their rivals' accounts with junk email, crashing their systems and preventing rivals from playing www. i don't like spam! Richard Depew first referred to junk email as "spam" 1993 Referencing a Monty Python skit of the same name Grean Card Lottery 1994 Hay Be The Last Onei THE DRADLINE HAS BEEN AMNOUNCED. 2nd Attempt At Mass Marketing Spam "The Green Card Lottery is a completely legal progran giving away a certain allotaent of Green Carde to persons born in certain coun- telan. The lottery program van acheduled to contisue on a permanent banie. Howevrer, recently, Senator Alan J. Simpson introduced a bill into the U.8. Congreas which could end any future lotteries. THE 1994 LOTTERY IS BCHEDULED TO TAKE PLACE SOON, BUT IT MAY BE THE VERY 2 immigration lawyers sent a mass message advertising their services LAST ONE. 1994 PERBONS BORN IN NOST CONTRIES QUALIPY, MANY POR FIRST TIME. The only countrian NOT qualifying are: Maxiao, India, P.R. China, Taiwan, Philippines, North Kores, Canada, United Kingdon (exoept Northern Ireland), Jamaica, Doninican Republie, B1 salvador, and Laurence Canter & Martha Siegel later wrote a book defending the practice Lottery registration will place soon. 55,000 Green Carda will be given to those who regieter correctly. NO JOB IS RHQUIRED. THRRE IS A STRICT JUNE DEADLINE. TRE TIME TO START IS NOWII For the next FRES, infornation via aail, sand request to calavie- direct.com Because email was not designed to be secure, spam grew from a mere annoyance to a serious security threat The Big Phish You've Got Problems The Warez Community 4495 O802 0483 449 3306 7913 7594 2550 4417 8024 8605 3661 5528 9135 9716 4772 Random Credit Card Generators 1990s Used randomly generated credit card numbers to open AOL accounts cealo Inlal 01/24 5883 J. JACKSON Used hacked accounts to send even more phishing messages to the victim's contacts AOL introduced new security measures that stopped the use of randomly generated credit card numbers 1995 But Warez Had a New Scam Fake AOL Administrators AIM, please download the latest version here. AOL System Msg: Hello. The version of AIM you're Posed as AOL admins, requesting login credentials from other users using is going away as of March 15. To continue using AIM, please download the latest version here. Used hacked accounts to send even more phishing messages to victim's contacts The term "phishing" was coined on AOL message board "AOL for free?," alt.2600, January 28, 1996 "It used to be that you could make a fake account on 1996 AOL so long as you had a credit card generator. However, AOL became smart. Now they verify every card with a bank after it is typed in. Does anyone know of a way to get an account other than phishing?" - @mk590 НоТMaiL Offered the first webmail not tied 1996 to an ISP, using HTML formatting 1997 Paul Vixie creates the first blacklist of spam sites The ILOVEYOU Virus 45 million Windows PCs infected 2000 kindly check the attached LOVELETTER coming from me. First example of spam sending itself, leading to exponentially more victims Unsuspecting recipients opened the attachment and unleashed a worm LOVE-LETTER- FOR - YOU-TXT.vbs that overwrote image files and sent itself to all their Outlook contacts Sircam Virus W32.Sircam.Worm@mm Jon Doe 1 in 20 infected PCs lost critical operating system files 2001 Monday, July 23, 2001 11:11 PM Services People flashlight buttons Ability to change email subjects and file names made the virus harder to stop Hi! how are you? I'd like your advice on this file. Virus copied itself into an existing file and sent it to the victim's email contacts, while a 2nd file in the PC's recycling bin would write text until the hard drive filled Thanks. People flash- light buttons E.U. & U.S. pass laws banning direct marketing emails without prior consent from the recipient - Both have been largely ineffective 2002 proofpoint & mimecast 2002 Anti-spam security technology solutions were rapidly introduced to the market Early machine learning adapted to catch evolving language use in spam 2003 Number of spam emails exceeds legitimate email for the first time MiMail Computer Worm Hi! how are Domain spoofing made malicious emails appear to be from a trusted company Please see t Google Account 2003 attached lin to log in to Clicking an email link triggered a popup window, when recipients attempted to log in, their username and password were immediately sent to the hackers see see the security Username: Password: message O Stay signed in Sign in One version of the worm collected credit card data by pretending to be from Paypal 2004 Smishing, phishing through SMS messages, became yet another tactic of hackers John Kerry Fundraiser Make a Secure Online Contribution Likely supporters received phony fundraising email that appeared to come from the campaign 2004 Rather than supporting the presidential candidate, donations went to scammers with no connection to the campaign Submit Contribution Google Gmail (originally "Google Mail") released as limited, invite-only beta 2004 Mail BETA Anti-SPAM Programs started verifying senders to prevent domain spoofing 2005 Rustock Botnet 2006 Infected over a million computers before it was taken down in March 2011 Malware downloaded through spam email, and other methods Infected systems acted as a proxy server to send further spam emails, hijack search engine results, and prevent access to certain legitimate websites Since 2006, new technology has changed how we interact with email The Future Of Phishing Security In The Cloud Google Builds an Enterprise-Ready Collaboration Suite Google Apps For Your Domain brought GMail 2006 by Google Gmail released to the public - Google's big step towards building out its collaboration suite Google apps cloud-based communication to any domain 2007 Operation Phish Phry Attackers stole $1.5 million using phished login credentials and account details 2009 Targeted hundreds -or possibly thousands- of account Sign in holders at U.S. Banks Microsoft Moves To The Cloud Introduced Office 365 cloud services, Rebrands Windows Live Mail (formerly Hotmail) as Outlook.com 2011 DO Microsoft D5.Office 365 including Exchange email 2013 Target Data Breach 2013 FAZIO Hackers targeted employees at Target's HVAC vendor with malware-laced emails MECHANICAL Gained access to Target's system and stole payment data from 110M shoppers TARGET. 110M Shoppers data 2014 Avanan founded to address cloud-based email security with patented inline API technology Democratic National Committee Russian hackers sent phishing emails to Clinton campaign staff over 2 weeks 2016 A single employee was fooled into giving hackers her login credentials, allowing them to eventually access the entire network Booking.com Scam Booking.com 2018 Clients of the site were sent messages asking them to change their password Invoice Those who did received phony invoices asking for payment for planned holidays Sign in "Information technology and business are becoming inextricably interwoven. I don't think anybody can talk meaningfully about one without talking about the other" Bill Gates Office 365 Google G Suite (formerly Google Apps) had nearly 150 million users had over 1.5 billion users In 2018 150 million 1.50 Billion 1 in 4 are affected by the theft of data stored on the cloud Nearly 4.7 billion phishing emails Threats to cloud-security in Office 365 have increased by 63% since 2017 In 2019 90% of businesses are already using cloud hosted email or plan to start are senteveryday In 2018, the FBI receive nearly 50,000 reports of phishing and compromised email – costing a total of $1.8 billion Sources: avanan.com/about snopes.com/fact-check/mimail avanan.com/global-phish-report cofense.com/history-of-phishing brainyquote.com/quotes/bill_gates_173262 huffpost.com/entry/target-hackn_4775640 talosintelligence.com/reputation_center/email_rep Cloud collaboration requires a new kind of email security - Can you protect the entire suite? statista.com/statistics/432390/active-gmail-users comparitech.com/blog/information-security/smishing zdnet.com/article/sircam-worm-threatens-pc-damage statista.com/statistics/420391/spam-email-traffic-share blog.alertlogic.com/must-know-phishing-statistics-2018 idg.com/tools-for-marketers/2018-cloud-computing-survey petri.com/evolution-microsoft-collaboration-story-office-365 pandasecurity.com/en/security-info/32030/information/Sircam trendmicro.com/vinfo/us/threat-encyclopedia/malware/rustock content.time.com/time/business/article/0,8599,1933796,00.html guinnessworldrecords.com/world-records/oldest-electronic-spam Presented by: bizjournals.com/sanjose/stories/2003/07/21/story4.html?t=printable AVÄNAN mcafee.com/enterprise/en-us/solutions/Ip/cloud-security-report.html fireeye.com/blog/threat-research/2011/03/an-overview-of-rustock.html thesun.co.uk/money/6437309/hackers-target-booking-steal-thousands theguardian.com/technology/2016/mar/07/email-ray-tomlinson-history DEVELOPED BY NOWSOURCING archives.fbi.gov/archives/news/stories/2009/october/phishphry_100709 internetsociety.org/wp-content/uploads/2017/08/History20of20Spam.pdf zdnet.com/article/microsoft-office-365-now-has-120-million-business-users digitaltrends.com/computing/microsoft-security-massive-increase-phishing-scams enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf googlepress.blogspot.com/2006/08/google-launches-hosted-communications_28.html searchcloudsecurity.techtarget.com/tip/The-problems-with-cloud-based-email-security computerworld.com/article/2582864/sircam-worm-spreads--causing-corporate-aggravation.html resources.infosecinstitute.com/category/enterprise/phishing/phishing-definition-and-history/#gref washingtonpost.com/news/politics/wp/2018/07/13/timeline-how-russian-agents-allegedly-hacked-the-dnc-and-clintons-campaign