presented by: Lingzi Hong

Slides:

Advertisements

Similar presentations

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Advertisements

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.

Cyber X-Force-SMS alert system for threats.

Social Phishing Tom N. Jagatic Nathaniel A. Johnson Markus Jakobsson Filippo Menczer Presenter: Ieng-Fat Lam Date: 2007/4/1.

Miscreant of Social Networks Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac.

Phishing – Read Behind The Lines Veljko Pejović

Phishing Conventional Aspects of Security Computational assumptions –E.g., existence of a one-way function, RSA assumption,

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.

Friends of Switzerland1 The Changing Landscape of Programming Technology Karl Lieberherr Northeastern University.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Invasive Browser Sniffing and Countermeasures Markus Jakobsson & Sid Stamm.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

The Significance and Evolution of End User Privacy Julie Earp College of Management North Carolina State University WISE 2010 Sponsored by TRUST June 21-24,

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

 Why is this important to you?  How do digital footprints connect with digital citizenship?  Does everyone have a digital footprint?

Web Attacks— Offense… The Whole Story Yuri & The Cheeseheads Mark Glubisz, Jason Kemble, Yuri Serdyuk, Kandyce Giordano.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Social Networking and Protecting Your Identity. Popular Social Networks Myspace Facebook Youtube Twitter.

Security fundamentals Topic 9 Securing internet messaging.

Company LOGO User Authentication Threat Modelling from User and Social Perspective “Defending the Weakest Link: Intrusion.

Privacy & Confidentiality in Internet Research Jeffrey M. Cohen, Ph.D. Associate Dean, Responsible Conduct of Research Weill Medical College of Cornell.

ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,

1.  Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web.

Cybersecurity Test Review Introduction to Digital Technology.

Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Safe Computing Practices. What is behind a cyber attack? 1.

Internet Security TEAMS March 18 th, ISP:Internet Service Provider.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

Social Impacts of IT: P6 By André Sammut. Social Impacts IT impacts our life both in good ways and bad ways. Multiplayer Games Social Networks Anti-social.

A Student’s Guide to Proper and Safe Web Behavior

IT Security Awareness Day October 19, 2016

Creating your online identity

Threat Modeling for Cloud Computing

Module: Software Engineering of Web Applications

Information Security, Theory and Practice.

Protecting What’s Yours: Your Identity

Network security threats

10CS835 Information Security

Big Picture How many ways can a system be attacked? What can we do about it?

Cross-Site Request Forgeries: Exploitation and Prevention

Five Unethical Uses of Computers

Security Threats Haunting the E-Commerce Industry. How Can Security Testing Help?

Risk of the Internet At Home

Information Security Session October 24, 2005

Starter What is identity theft?

CSCD 303 Essential Computer Security

Security Indicators and Warnings

HOW DO I KEEP MY COMPUTER SAFE?

Unit# 5: Internet and Worldwide Web

Teaching you NOT to fall for Phish

IT’S MIDNIGHT SOMEWHERE ON THE INTERNET….

CSCD 303 Essential Computer Security

ENDANGERED ANIMALS A RESEARCH PROJECT

Internet Safety – Social Media

The Internet: Encryption & Public Keys

Spear Phishing Awareness

Module 4 System and Application Security

Communicating in the IT Industry

Social Networking.

Digital Identity Digital Identity is the concept of adopting an online presence or networked identity in cyberspace by an individual or an organization.

Defencebyte THE PERFECT SECURITY FOR YOUR COMPUTER.

Presentation transcript:

presented by: Lingzi Hong Social Phishing presented by: Lingzi Hong

Research Question Question: How easily and effectively can a fisher exploit social network data found on the Internet to increase the yield of a phishing attack? Answer: Four times as likely to become victims!

Relative Work technical vulnerabilities: spear phishing or context aware phishing gain trust by history, preferences information personal information from public databases, websites, public records, etc. social vulnerabilities: 4. Emigh, A. Online identity theft: Phishing technology, chokepoints and countermeasures. ITTC Report on Online Identity Theft Technology and Countermeaures (Oct. 2005); www.anti-phishing.org/Phishing- dhs-report.pdf. 11.Jakobsson, M. and Myers, S. Phishing and Counter-Measures. John Wiley and Sons, 2006.

Experiment Procesure Data: crawl, parse, cross-correlating with IU’s address book database Subject: IU students aged 18 to 24 sampled to represent typical phishing victims experiment protocols

A: overall situation: first 12 hours, 70% successful authentication——-rapid takedown B: number of times authenticated or refreshed their credentials

Experiment Results control experiment gender effect

age effect and major effect Experiment Results age effect and major effect

comments and feedback about the experiment 440 posts, majority are supportive 30 complaints, 1.7% of the participants insights: ethical aspects of the study, better understanding of phishing victims, vulnerabilities and feelings following the attack.

comments and feedback about the experiment Anger: phishing not only has the potential monetary costs associated with identity theft, but also a significant psychological cost to victims. Denial: difficult to admit vulnerability, as a consequence many phishing attacks may go unreported.success rate underestimated. Misunderstanding of email. underestimation of dangers of publicly posted personal information

Discussion ethical ways to conduct experiments on social engineering attacks, help to design effective countermeasures. solutions: 1.digitally signed email 2.browser toolbar which alerts users of likely web spoofing attempts. 3. need for extensive educational campaigns about phishing and other security threats.

Questions Only requires University access, different from real phishing, students may not be alert to privacy release. Successful rate for both control group and social groups are very high. Other than age, gender, major, try to find other relations. e.g.. number of friends in social network, online activity, level of information literacy and vulnerability of phishing attack.