The Future of Phishing - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

The Future of Phishing

Description:

(e.g., political contributions) Delivery (There is nowhere to hide) Email ... Plan for political campaign, requisition for troops/materials, patent ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 8
Provided by: tg153
Category:
Tags: future | phishing

less

Transcript and Presenter's Notes

Title: The Future of Phishing


1
The Future of Phishing
  • Markus Jakobsson
  • www.markus-jakobsson.com

2
Spear phishing / context awareness(infer or
impose context)
  • Probability of takedown increases with number of
    target users, and sloppiness of attack.
  • Arbitrary banks vs. actual banks
  • (see demo at www.browser-recon.info)
  • Mothers maiden names
  • (Griffith Jakobsson)
  • Social phishing
  • (more on www.indiana.edu/phishing/)
  • New frontier geographic relevance
  • (e.g., political contributions)

3
Delivery(There is nowhere to hide)
  • Email and IM, telephony, faxes
  • Compromise a VoIP supernode, a router, or just do
    what telemarketers do.
  • Rogue captive portals great pharming, great
    man-in-the-middle attacks.
  • Social propagation of malware
  • (www.verybigad.com vs www.bigad.com.au)

4
Who will phish and why?
  • Phishing a tool to get information!
  • Plan for political campaign, requisition for
    troops/materials, patent application, answers to
    homework assignments,
  • Phishing by governments, corporations, hackers,
    journalists, one-man terror organizations,
    toolkit owners

5
How do we assess the threat?
  • Surveys, such as Gartner - overestimate and
    underestimate at the same time!
  • Tests, such as Phishing IQ tests - can obtain any
    result we want to exhibit!
  • Honeypots - be an accomplice or obtain an
    underestimate
  • Experiments - can be ethical and accurate

6
Good and bad protections
  • Law understand what data not to make public
    determine due diligence
  • Technical Leak-free client software, pharming
    avoidance, machine identification, mutual
    authentication, spam phish filters,
    blacklisting
  • - Educational Tell people what to do and not to
    do.

7
Want to learn more?
  • Mitnick Simon The Art of Deception (Wiley)
  • Jakobsson Myers Phishing and Anti-phishing
    (Wiley, mid 06)
  • or email me at
  • phishing_at_markus-jakobsson.com
Write a Comment
User Comments (0)
About PowerShow.com