Human Factors in Security Phishing, Scam, Leaked Credentials

Slides:



Advertisements
Similar presentations
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Advertisements

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.
ISEC0511 Programming for Information System Security
WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.
KAIST Web Wallet: Preventing Phishing Attacks by Revealing User Intentions Min Wu, Robert C. Miller and Greg Little Symposium On Usable Privacy and Security.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Phishing: Trends and Countermeasures Blaine Wilson.
The spoofed . The spoofing The link appears as (i.e NOODLEBANK.com) But actually it links to
Awicaksi E-Commerce Security & Payment System E-Commerce.
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
Leveraging e-Delivery to Maximize e-Payments Jeff McKenzie - Vice President, Integrated Solutions Neopost USA.
A Quick Insight Paper about phishing attacks based on usability study Users required to classify websites as fraudulent/legitimate using security tools.
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
Security Analytics Thrust Anthony D. Joseph (UCB) Rachel Greenstadt (Drexel), Ling Huang (Intel), Dawn Song (UCB), Doug Tygar (UCB)
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
C AMPUS A PP S TORE By: Tuan Bui. Puzzle Campus services are scattered across many web pages that are difficult to find and navigate (especially on mobile.
Cybersecurity Test Review Introduction to Digital Technology.
Human Factors in Cyber Security: A Review for Research & Education P. Vigneswara Ilavarasan, PhD 1.
PRESENTED BY Raju. What is information security?  Information security is the process of protecting information. It protects its availability, privacy.
of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently work away from their desks.***
The Promise and the Pitfalls of Selling Direct Gareth Cuddy, Founder and CEO of Vearsa The IPG’s Digital and Marketing Quarterly September 17, 2015.
Defending against Sybil Devices in Crowdsourced Mapping Services Gang Wang, Bolun Wang, Tianyi Wang, Ana Nika, Haitao Zheng, Ben Y. Zhao UC Santa Barbara.
Unit 4 Protecting Your Information Section C. Chapter 1, Slide 2Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting.
Proactive Incident Response
Phishing, Spear Phishing, and what to do about it.
Bringing the benefit of Technology Enabled Care to the wider community
presented by: Lingzi Hong
Mobile App – For iOS and Android Devices
Digital Inclusion Councillor Mark Watson
Lesson 3 Safe Computing.
Understanding the Threats of and Defenses Against Cyber Warfare
Machine Learning for Cloud Security
Security managed from the cloud.
Fix yahoo error code 1032 Call Toll-free Number
The utility belt for managing security and compliance in Office 365
ADVANCED PERSISTENT THREATS (APTs) - Simulation
What Is Tapestry? An Online learning journal system.
Mobile Banking What can it do for you?.
Presented by: Brendan Walsh Manager, Security and Access Management
Cybersecurity Awareness
Combining the best of Audit and Penetration Testing
Multifactor Authentication & First Time Login
Strong Security for Your Weak Link:
Defending against Sybil Devices in Crowdsourced Mapping Services
Human-Computable Passwords
A New Phishing Detection Approach
Home Internet Vulnerabilities
Navigating Security Seas in a Small Ship with a Limited Crew
E-Commerce Security and Fraud Issues and Protections
Introduction to Computers
Real World Advanced Threat Protection
Advanced Penetration testing
Tracking People: Technical Challenges
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Teaching you NOT to fall for Phish
Practical tips to defend your business from cyber attacks
Qiyu chen, Xiaomin Dong, Chenhui Lai, Xinteng Chen, Vittorio DiPentino
4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Cybersecurity EXERCISE (CE) ATD Scenario questions
Adversarial Learning for Security System
Intrusion.
Computer Aided Design Design + Technology
Dark Web Domain Status Report
Wireless Spoofing Attacks on Mobile Devices
This presentation document has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational.
Threat Landscape Update
When Machine Learning Meets Security – Secure ML or Use ML to Secure sth.? ECE 693.
Cybersecurity Simplified: Phishing
Presentation transcript:

Human Factors in Security Phishing, Scam, Leaked Credentials Phishing and spoofing Why email spoofing is still possible? How could spoofing/phishing emails penetrate the current defense? How to build robust and usable phishing detection and alert systems Measurement + User study Poor defense: SPF/DKIM/DMARC, 4%~48% adoption rate Spoofing indicators are largely missing Mobile phishing is even more serious Gmail

Human Factors in Security (Cont.) Phishing, Scam, Leaked Credentials Understanding the persistent threat from leaked credentials How often do users reuse or modify passwords across services? How quickly do users change the reused (leaked) passwords? Are modified passwords predicable? Empirical approach instead of user studies Data-driven: 28M users, 62M passwords, 107 services 52% of users reused or modified passwords across services Email and shopping passwords mostly reused Guessing algorithm: 16 Million passwords cracked in < 10 guesses

Adversarial Machine Learning in the physical domain Stop Sign Fool a machine learning system is relatively easy Most work focuses on the “digital domain” Machine learning cannot (does not) reason like human New challenges in the physical domain Various sources of errors make the attack more difficult View angle, distance, quantization, resolution Attacks require training data from the physical world, expensive Can we model the differences between digital and physical world? How to defend against adversarial attacks? Yield Sign + =

Other Projects GPS spoofing to attack mobile navigation systems (self-driving car) In preparation Crowdsourcing social media data to detect security events CIKM 2017 Mobile deep links to hijack web-to-mobile communications USENIX Security 2017 Detecting collusion between mobile apps Asia CCS 2017, MoST 2017 The social aspects of mobile payments ICWMS 2017, GROUP 2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.