Believe it or not, a higher percentage of religious sites have been compromised with malware than adult websites. Organizations of all kinds are at risk as are everyday internet users, but there are simple steps to take to avoid being duped and stay safe online.

1. Security Awareness Training
Would You Get Duped by Attackers?
Kevin Haley
Director, Symantec Security Technology And Response
@kphaley

2. Symantec’s Security Awareness Quiz
How well will you do?
2

3. Which Website is More Dangerous?
A B
3

4. Most Harmful Websites by Categories
• Websites with poor security become easy targets for malware authors
• Any website you visit could potentially be infected with malware
4

5. Can Macs Get Infected by Malware?
5

6. Yes. Even Macs Get Infected.
In 2012, 500,000 Macs were infected by 1 threat. Flashback
• Malware can figure out what type of computer you use
• Then it infects you with the appropriate malware
6

7. Which is More Likely to Get Attacked?
A B
Small or Medium Large Organization
Organization
7

8. Which is More Likely to Get Attacked?
All sizes of organizations get attacked
Small or Medium Large Organization
Organization
8

9. Who is Most Likely to be Targeted in an Attack?
A B
Typical Employee CEO
9

10. Who is Most Likely to be Targeted in an Attack?
Both
Only 25% of targeted attacks directed at C-Level executives
10

11. Are You at Risk From This Website?
11

12. Do You See it Now?
12

13. Would You be Fooled by This?
How About by This?
twitter.dsdsdds.com/main/sessions-login/
If something seems wrong take a closer look
Attackers can’t fool all the people all the time
13

14. Double Click to Edit Following Text Areas;
Are You Expecting a Package? Subject, Date, Body
Window Title, From, To,
From: UPS Sent: Mon 6/4/2012 4:08 PM
To: Kevin Haley
Cc:
Subject: Unable to Deliver Package
Dan,
I have been a Weyerhaeuser shareholder since late 2008 and recently had the
opportunity to attend your Annual Shareholders’ Meeting at your headquarters. I spoke
to you briefly after your address and it was pleasure to hear from you about all of
Weyerhaeuser’s innovations.
I also never realized that Clint Eastwood was once an employee of the company – now it
makes sense why I like him so much!
I posted this picture from your address, I hope you like it.
14

15. Double Click to Edit Following Text Areas;
Did You Have Trouble LoggingSubject, Date, Body
Window Title, From, To,
Into Facebook?
From: Facebook Sent: Mon 6/4/2012 4:08 PM
To: Kevin Haley
Cc:
Subject: Login Problem
Dan,
I have been a Weyerhaeuser shareholder since late 2008 and recently had the
opportunity to attend your Annual Shareholders’ Meeting at your headquarters. I spoke
to you briefly after your address and it was pleasure to hear from you about all of
Weyerhaeuser’s innovations.
I also never realized that Clint Eastwood was once an employee of the company – now it
makes sense why I like him so much!
I posted this picture from your address, I hope you like it.
15

16. Double Click to Edit Following Text Areas;
Would Your Bank Really WantSubject, Date, Body
Window Title, From, To,
You to Click Here?
From: YourBank Sent: Mon 6/4/2012 4:08 PM
To: Kevin Haley
Cc:
Subject: Account Issue
Dan,
You can ensure your
I have been a Weyerhaeuser shareholder since late 2008 and recently had the
Your Bank
opportunity to attend your Annual Shareholders’ Meeting at your headquarters. I spoke
bank account is okay
to you briefly after your address and it was pleasure to hear from you about all of
Weyerhaeuser’s innovations.
I also never realized that Clint Eastwood was once an employee of the company – now it
makes sense why I like him so much!
I posted this picture from your address, I hope you like it.
16

17. Then Don’t Click!
17

18. How Likely is it That Someone Posted Your Pic Online?
18

19. How Likely is it That Someone Posted Your Pic Online?
Not Very
But it’s very likely that malware is
at the end of that link
19

20. This is All Social Engineering
That’s a fancy way of saying you’re being fooled
20

21. Which of These is a Real Person?
A B C
21

22. Which of These is a Real Person?
James Stavridis is the commander of NATO
He created his own Facebook page after he
found someone on Facebook pretending to
be him
A People may not be who they say they are
on the Internet
22

23. Which of These is Most Likely to be a Facebook Scam?
OMG! Profile Dislike
Videos Viewers Buttons
A B C
23

24. Which of These is Most Likely to be a Facebook Scam?
OMG! Profile Dislike
Videos Viewers Buttons
All of Them
24

25. Which of These is Most Likely to be a Facebook Scam?
Bad Guys Want to Get Us to Click to:
• Infect us with malware
• Make us take bogus surveys to:
• Gain information or
• Sign us up for premium SMS services
OMG!
• Send spam to us and our friends
Videos
OMG! Videos Get People to Click
25

26. Which of These is Most Likely to be a Facebook Scam?
Profile
Viewers
Bad guys know that people want to know
who viewed their Facebook page
26

27. Which of These is Most Likely to be a Facebook Scam?
Dislike
Buttons
Bad guys know that people want a
dislike button
27

28. Which of These is Most Likely to be a Facebook Scam?
OMG! Profile Dislike
Videos Viewers Buttons
They can’t give us these things, but they
can fool us into thinking they can
28

29. What Are Your Chances of Getting Your Lost Phone Back?
29

30. What Are Your Chances of Getting Your Lost Phone Back?
Source: Symantec’s “Project HoneyStick” research
http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=symantec-smartphone-honey-stick-project
30

31. What are the Chances of Your Work and Personal
Information Being Looked at?
31

32. What are the Chances of Your Work and Personal
Information Being Looked at?
Source: Symantec’s “Project HoneyStick” research
http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=symantec-smartphone-honey-stick-project
32

33. How Many New Pieces of Malware are Created Each Day?
A 1,000
B 100,000
C 1,000,000
33

34. How Many New Pieces of Malware are Created Each Day?
• 1 million+ new pieces of malware are created every day
• In 2011 we saw 403 million new pieces of malware
C 1,000,000
34

35. Why?
• Bad guys have tools to easily create and distribute new threats
• Some of these tool kits can create malware-on-demand
35

36. Does it Seem Pretty Bad Out There?
• Symantec and Norton have good tips on protecting yourself and
your business
• But … if you need it simplified, remember these 3 things …
36

37. You don’t have to give up
using the Internet…
There are ways to protect
yourself.
37

38. What your mother told you
is still true…
If something doesn’t seem
right, it probably isn’t.
38

39. Get help from experts…
We hope it’s from Symantec
and Norton.
39

40. Additional Resources
If You Are More Technical If You Are Less Technical
Internet Security Threat Report Norton Security Center
Symantec Security Response Norton Family Resources
Website
Advanced Persistent Threat
Website
Malicious Insider White Paper
Twitter.com/threatintel
40

41. Thank you!
Kevin Haley
@kphaley
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec
Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied,
are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
41