Jay Schulman: Phishing with Asterisk PBX

Summary: "As many people are becoming more accustom to phishing attacks, standard website and e-mail phishing schemes are becoming harder to accomplish. This presentation breaks all of the phishing norms to present an effective, alternative phishing method from start to finish in 75 minutes using Linux and Asterisk, the open-source PBX platform. With an Asterisk installation, we’ll setup an account and build a telephone phishing platform most banks would fear. We’ll also show targeting techniques specific to large corporate environments and demonstrate basic Asterisk deception techniques. We’ll also discuss ways we can prepare for and potentially prevent these types of attacks. Jay Schulman is a Senior Manager at a Big 4 Advisory Firm focusing on Information Security and Privacy. Mr. Schulman has ten years of information security experience including positions in senior information security management and leadership. He is a former Business Information Security Officer for a top-five global financial services company. Mr. Schulman managed logical and physical security for a nationwide financial institution’s government payment processing platforms. This environment has been designated National Critical Infrastructure (NCI) by the United States Department of Homeland Security and handled approximately one trillion dollars per fiscal year on behalf of the US government. Mr. Schulman is currently a Certified Information Systems Security Professional (CISSP) and a member of the International Information Systems Security Controls Consortium (ISC2), Information Systems Audit & Control Association (ISACA) and the Information Systems Security Association (ISSA). He has spoken publicly on the issues of information security, risk management, and technology. Mr. Schulman holds a Bachelor of Sciences degree from the University of Illinois-Urbana Champaign."