In the fall of 2013, Washington University in St. Louis was hit with a phishing attack targeted primarily at medical faculty. The criminals used the compromised credentials to change direct deposit bank account information to steal money. The university quickly made changes to defend against this threat and rethought the current incident response capabilities to better handle widespread attacks. In this presentation, we will walk through the incident to see how and why it was so successful and will discuss steps to detect and prevent these types of incidents.
OUTCOMES:
Understand how this criminal campaign worked from beginning to end * Learn what defenses can be put into place to disrupt the various phases of this type of attack * Be able to better defend against phishing attacks
