internet security training phishing - PowerPoint PPT Presentation

About This Presentation
Title:

internet security training phishing

Description:

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using fake bait in an attempt to catch a victim. – PowerPoint PPT presentation

Number of Views:216

less

Transcript and Presenter's Notes

Title: internet security training phishing


1
Phishing, Spoofing, Spamming and Security
2
Recognize Phishing Scams and Fraudulent E-mails
  • Phishing is a type of deception designed to
    steal your valuable personal data, such as credit
    card numbers, passwords, account data, or other
    information.
  • Con artists might send millions of fraudulent
    e-mail messages that appear to come from Web
    sites you trust, like your bank or credit card
    company, and request that you provide personal
    information.

3
History of Phishing
  • Phreaking Fishing Phishing
  • - Phreaking making phone calls for free back in
    70s
  • - Fishing Use bait to lure the target
  • Phishing in 1995
  • Target AOL users
  • Purpose getting account passwords for free time
  • Threat level low
  • Techniques Similar names ( www.ao1.com for
    www.aol.com ), social
  • engineering
  • Phishing in 2001
  • Target Ebayers and major banks
  • Purpose getting credit card numbers, accounts
  • Threat level medium
  • Techniques Same in 1995, keylogger
  • Phishing in 2007
  • Target Paypal, banks, ebay
  • Purpose bank accounts

4
A bad day phishin, beats a good day workin
  • 2,000,000 emails are sent
  • 5 get to the end user 100,000 (APWG)
  • 5 click on the phishing link 5,000 (APWG)
  • 2 enter data into the phishing site 100
    (Gartner)
  • 1,200 from each person who enters data (FTC)
  • Potential reward 120,000

In 2005 David Levi made over 360,000 from 160
people using an eBay Phishing scam
5
Phishing A Growing Problem
  • Over 28,000 unique phishing attacks reported in
    Dec. 2006, about double the number from 2005
  • Estimates suggest phishing affected 2 million US
    citizens and cost businesses billions of dollars
    in 2005
  • Additional losses due to consumer fears

6
What Does a Phishing Scam Look Like?
  • As scam artists become more sophisticated, so do
    their phishing e-mail messages and pop-up
    windows.
  • They often include official-looking logos from
    real organizations and other identifying
    information taken directly from legitimate Web
    sites.

7
Spear-Phishing Improved Target Selection
  • Socially aware attacks
  • Mine social relationships from public data
  • Phishing email appears to arrive from someone
    known to the victim
  • Use spoofed identity of trusted organization to
    gain trust
  • Urge victims to update or validate their account
  • Threaten to terminate the account if the victims
    not reply
  • Use gift or bonus as a bait
  • Security promises
  • Context-aware attacks
  • Your bid on eBay has won!
  • The books on your Amazon wish list are on sale!

8
But wait
WHOIS 210.104.211.21 Location Korea,
Republic Of
Even bigger problem I dont have an account
with US Bank!
Images from Anti-Phishing Working Groups
Phishing Archive
9
How To Tell If An E-mail Message is Fraudulent
  • Here are a few phrases to look for if you think
    an e-mail message is a phishing scam.
  • "Verify your account."?Businesses should not ask
    you to send passwords, login names, Social
    Security numbers, or other personal information
    through e-mail. If you receive an e-mail from
    anyone asking you to update your credit card
    information, do not respond this is a phishing
    scam.
  • "If you don't respond within 48 hours, your
    account will be closed."?These messages convey a
    sense of urgency so that you'll respond
    immediately without thinking.

10
How To Tell If An E-mail Message is Fraudulent
(contd)
  • "Dear Valued Customer."?Phishing e-mail messages
    are usually sent out in bulk and often do not
    contain your first or last name.
  • "Click the link below to gain access to your
    account."?HTML-formatted messages can contain
    links or forms that you can fill out just as
    you'd fill out a form on a Web site. ?The links
    that you are urged to click may contain all or
    part of a real company's name and are usually
    "masked," meaning that the link you see does not
    take you to that address but somewhere different,
    usually a phony Web site.?
  • Resting the mouse pointer on the link reveals
    the real Web address. The string of cryptic
    numbers looks nothing like the company's Web
    address, which is a suspicious sign.

11
How To Tell If An E-mail Message is Fraudulent
(contd)
Con artists also use Uniform Resource Locators
(URLs) that resemble the name of a well-known
company but are slightly altered by adding,
omitting, or transposing letters. For example,
the URL "www.microsoft.com" could appear instead
as? www.micosoft.com ? www.mircosoft.com
? www.verify-microsoft.com
12
  • Never respond to an email asking for personal
    information
  • Always check the site to see if it is secure.
    Call the phone number if necessary
  • Never click on the link on the email. Retype the
    address in a new window
  • Keep your browser updated
  • Keep antivirus definitions updated
  • Use a firewall

P.S Always shred your home documents before
discarding them.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "internet security training phishing" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!