The migration to working from home has forced many security teams to drastically change their defensive strategies to protect end users. In response, threat actors have become more devious, more targeted, and more highly motivated to compromise your sensitive data.   

Attackers are working harder than ever, using new methods and new bait to lure and hook their victims. You’ll learn from the most recent real-world examples of phishing attacks seen by Proofpoint, which utilize Microsoft office collaboration tools and OAuth permissions, TOAD (telephone-oriented attack delivery) methods, text messages, PhaaS supply chains and others. By understanding the way phishers operate, you’ll be better prepared to recognize and combat attacks when they occur in your organization. 

In the first session, we will discuss: 

• How phishing has evolved in the last several years 
• Modern phishing techniques including BEC/EAC, advanced social engineering, and more 
• Recent examples of phishing attacks seen in the wild 
• Phishing trends to watch out for in the future 

As you learned in our first session, phishing emails come in a variety of forms and flavors, with advanced features designed to bypass even the most cutting-edge security solutions. It’s no surprise then, that phishing attacks like business email compromise are incredibly costly, accounting for more than $2.4B in losses last year alone¹.  

Modern threat actors have created entire platforms in hopes of completing a single successful attack. To protect your users and secure all your organization’s potential threat vectors, you need a platform of your own. 

Building a layered security approach with multiple attack stop-gaps and fail-safes is especially crucial to stopping phish. Learn how phishing attacks rely on, and take advantage of various technologies employed by your end users, and how to implement more adaptive controls to reduce your overall attack exposure.  

In the second session, we will discuss: 

• How a phishing attack can move through your network 
• Identifying phishing vulnerabilities within your security infrastructure 
• Why and how to build a layered security approach against phishing 

¹Federal Bureau of Investigations (FBI). “Internet Crime Report 2021.” 2021. 

People are the primary target of cybercriminals. And it only takes one person to fall for phishing to incite significant financial loss or a severe data breach. To fight phishing, you need to empower users with the right knowledge and tools, so they can become a strong last line of defense.  

While 73% of organizations conduct formal security awareness training, only 53% of working adults know what the term “phishing” means¹. Organizations struggle to improve users’ learning retention and detection efficacy with their current security awareness programs. 

In the third and final session, we will discuss: 

• How phishing has impacted various industries 
• The challenges with security awareness training 
• Best practices for educating your end users 
• How to measure behavior change 

¹(Proofpoint, Inc.). “2022 State of the Phish.” 2022.