Fall 2011. 2 Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.

Slides:



Advertisements
Similar presentations
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Advertisements

Victoria ISD Common Sense Media Grade 6: Scams and schemes
What is Identity Theft, and how can you protect yourself from it?
1 Identity Theft and Phishing: What You Need to Know.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
What is identity theft, and how can you protect yourself from it?
DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations UNCLASSIFIED//FOUO Updated: 16 NOV 2006.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Scams & Schemes Common Sense Media.
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,
Presented by : Phishing Identity Theft Supervised by : Mr M. ABDELLAOUI Afaf DAHMANI Amal ATMANI Imane ALLAL.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
CCT355H5 F Presentation: Phishing November Jennifer Li.
About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details.
Phishing: Trends and Countermeasures Blaine Wilson.
How Phishing Works Prof. Vipul Chudasama.
SCAMS & SCHEMES PROTECTING YOUR IDENTITY. SCAMS WHAT IS A SCAM? ATTEMPT TO TRICK SOMEONE, USUALLY WITH THE INTENTION OF STEALING MONEY OR PRIVATE INFORMATION.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
A Matter of Your Personal Security Phishing. Beware of Phishing s Several employees received an that looked legitimate, as if it was being.
A Matter of Your Personal Security Phishing Revised 11/30/15.
DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations UNCLASSIFIED//FOUO Updated: 16 NOV 2006.
Activity 4 Catching Phish. Fishing If I went fishing what would I be doing? On the Internet fishing (phishing) is similar!
Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.
INTRODUCTION & QUESTIONS.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
Catching Phish. If I went fishing what would I be doing? On the Internet fishing (phishing) is similar! On the internet people might want to get your.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
 77.4% of the perpetrators are male.  50% live in one of the following states: California, New York, Florida, Texas, and Washington.  55.4% complainants.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
Spring 2013 SOLVE IT. An easy way to give out private information 2.
Objectives Define phishing and identify various types of phishing scams Recognize common baiting tactics used in phishing scams Examine real phishing messages.
Scams & Schemes Common Sense Media.
Phishing, identity theft, and more
how to prevent them from being successful
Learn how to protect yourself against common attacks
Digital Citizenship Middle School
Don’t get phished!, recognize the bait
Lesson 3 Safe Computing.
Information Security and Privacy Pertaining to Phishing and Internet Scams Brian Corl COSC 316 Information Security and Privacy.
Phishing, what you should know
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
How to Protect your Identity Online PIYUSH HARSH
Scams and Schemes.
Information Security Session October 24, 2005
Social Engineering Humans are often the weakest point in security
What is Phishing? Pronounced “Fishing”
Communicating in the IT Industry
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
Presentation transcript:

Fall 2011

2

Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity in an electronic communication Spear phishing – a phishing scam that targets a specific audience Scareware - tries to trick you into responding by using shock, anxiety or threats (“reply with your password now or we’ll shut down your account tomorrow”) Social engineering - manipulating or tricking people into divulging private information (as opposed to using technical hacking techniques) 3

4 Sends “There is a problem with your eBuy account” User clicks on link to password? User thinks it is ebuy.com, enters eBuy username and password. Password sent to bad guy

Phishing s can appear to come from legitimate institutions such as your bank, e-commerce site, credit card company, etc., but they really come from a criminal trying to steal information Web Site If you follow a link from an or from an untrustworthy web site, it may take you to a site clone that records your information before logging you into the real site IM With IM phishing, you will get an IM from someone claiming to be support for your IM provider, asking you for account information 5

Federal Trade Commission (FTC) tracks and reports on identity theft Affects more than 10 million people every year Annual cost to the economy of $50 billion. The Anti-Phishing Working Group Reports that the frequency of phishing attacks increases 24% every month. 6

7

8

9

10

A statement that there is a problem with the recipient’s account at a financial institution or other business. The asks the recipient to visit a web site to correct the problem, using a deceptive link in the . A statement that the recipient’s account is at risk, and offering to enroll the recipient in an anti-fraud program. 11

A fictitious invoice for merchandise, often offensive merchandise, that the recipient did not order, with a link to “cancel” the fake order. A fraudulent notice of an undesirable change made to the user’s account, with a link to “dispute” the unauthorized change. A claim that a new service is being rolled out at a financial institution, and offering the recipient, as a current member, a limited-time opportunity to get the service for free. 12

13

14

15 Credit: Collin Jackson

16 Phishing sent portraying Bank of America, Military Bank Entices the user to complete a survey and receive a $20 or $25 credit

Spear phishing scam received by Kansas State University in January

The malicious link in the scam took you to an exact replicaof Kansas State’s single sign-on web page, hosted on a server in the Netherlands,that will steal their eID and password if they enter it and click “Sign in”. 18

Generic Greeting Fake Sender’s Address False Sense of Urgency Fake Web Links. Deceptive Web Links. is requiring that you follow a link to sign up for a great deal, or to log in and verify your account status, or encourages you to view/read an attachment. Misspellings and Bad Grammar 19

Characteristics of scam Poor grammar and spelling The “Reply-to:” or “From:” address is unfamiliar Uses unfamiliar or inappropriate terms (like “send your account information to the MAIL CONTROL UNIT”) It asks for private information like a password or account number, or tries to get you to click on a link that takes you to a web form that asks for the info The message contains a link where the displayed address differs from the actual web address Does not provide explicit contact information (name, address, and phone #, or a website) for you to verify the communication. Good example is spear phishing scam that tries to steal your password and is signed only by “Webmail administrator” 20

Create a bank page advertising an interest rate slightly higher than any real bank; ask users for their credentials to initiate money transfer Some victims provided their bank account numbers to “Flintstone National Bank” of “Bedrock, Colorado” Exploit social network Spoof an from a Facebook or MySpace friend In a West Point experiment, 80% of cadets were deceived into following an embedded link regarding their grade report from a fictitious colonel 21

Reconstructed the social network by crawling sites like Facebook, MySpace, LinkedIn, Friendster Sent 921 Indiana University students a spoofed that appeared to come from their friend redirected to a spoofed site inviting the user to enter his/her secure university credentials Domain name clearly distinct from indiana.edu 72% of students entered their real credentials into the spoofed site (most within first 12 hrs) Males more likely to do this if is from a female 22

DON’T CLICK THE LINK Type the site name in your browser (such as Never send sensitive account information by e- mail Account numbers, SSN, passwords Never give any password out to anyone Verify any person who contacts you (phone or ). If someone calls you on a sensitive topic, thank them, hang up and call them back using a number that you know is correct, like from your credit card or statement. 23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.