Teaching you NOT to fall for Phish

Slides:



Advertisements
Similar presentations
Norman M. Sadeh, Ph.D. Smart Phone Security & Privacy: What Should We Teach Our Users …and How? Professor, School of Computer Science Director, Mobile.
Advertisements

Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.
Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
Internet Phishing Not the kind of Fishing you are used to.
Internet Security Awareness Presenter: Royce Wilkerson.
Ethical Hacking by Shivam.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Course Overview January 16, 2007.
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Discovering Computers 2010
How It Applies In A Virtual World
INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.
Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.
P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.
Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,
 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.
Phishing: Trends and Countermeasures Blaine Wilson.
How Phishing Works Prof. Vipul Chudasama.
The spoofed . The spoofing The link appears as (i.e NOODLEBANK.com) But actually it links to
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
A Quick Insight Paper about phishing attacks based on usability study Users required to classify websites as fraudulent/legitimate using security tools.
C MU U sable P rivacy and S ecurity Laboratory Protecting People from Phishing: The Design and Evaluation of an Embedded Training.
An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson et. all Presented by Roy Ford.
ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,
1.  Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web.
The internet is a place of both useful and bad information. It has both good and bad side- and it’s all too easy for kids to stray into it. And no parents/guardian.
By: Micah Stevens Identity Theft in the World Today.
Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.
Which is better Avast Free Edition or Avast Pro Version?
Business Process Compromise in Financial Institutes Kavya Kushnoor
Fraud Protection.
Cyber Security Zafar Sadik
Fraud protection.
how to prevent them from being successful
CYBER SECURITY PANDEMIC
To Know what Cyber crime is
System Access Authentication
Learn how to protect yourself against common attacks
ISYM 540 Current Topics in Information System Management
Internet Insecurity The was founded as a tool based on trust
Norton Antivirus Password Not Working Norton technical support phone number
Your Computer Wants To Ruin Your Life
Norton Antivirus Technical Support Number Norton toll free number
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
Cybersecurity Awareness
Risk of the Internet At Home
Cybercrime and YOU.
Information Security Session October 24, 2005
Phishing.
Strengthening Password-based Authentication
Course Overview January 16, 2007.
Internet Vocabulary Beth Felton McKelvey.
DATA BREACHES 6 4 , 9 3 There were…
Communicating in the IT Industry
Cybersecurity Simplified: Phishing
Presentation transcript:

Teaching you NOT to fall for Phish Carnegie Mellon Beth Cueni

Internet addiction People do get addicted to the Internet What are the signs?

Fighting Cybercrime http://www.nsf.gov/cise/csbytes/newsletter/vol1i12.html View these images. Only one is an actual web site. How can you tell?

Password Protection Number of Characters Possible Combinations Human Computer 1 36 3 minutes .000018 seconds 2 1,300 2 hours .00065 seconds 3 47,000 3 days .02 seconds 4 1,700,000 3 months 1 second 5 60,000,000 10 years 30 seconds 10 3,700,000,000,000,000 580 million years 59 years Possible characters A-Z and 0-9 Human discovery assumes 1 try every 10 seconds Computer discovery assumes one million tries per second Average time assumes the password would be discovered in approx half the time it would take to try all possible combinations

Characteristics of Phish scams Sense of urgency No specific person signs the email Links do not take you to a valid address Dear eBay member – they should know your name!

Phishing Works 73 millions US adults received more than 50 phishing emails each year in the year 2005 3.6 million adults lost 3.2 billion dollars in phishing attacks in 2007 Financial institutions and the military are also victims

Why phishing works Phishers take advantage of Internet users; trust in legitimate organizations Lack of computer and security knowledge People do not protect themselves

Anti-phishing strategies (What industry is doing) Silently eliminate the threat Find and take down the phishing sites Detect and delete phishing emails Warn users about the threat Anti phishing toolbars and web browsers feature (IE 7.0 and Firefox) Train users not to fall for attacks

Users education is challenging Users are not motivated to learn about security Security is a secondary task

Web Site Training Lab study – 28 non-expert computer users Evaluate 10 sites Take a break (read training material or play games) Evaluate 10 more sites People who read the training material identified phishing sites better

PhishGuru http://phishguru.org/ http://wombatsecurity.com/antiphishingphil YouTube http://www.youtube.com/watch?v=c1Es2qza1II http://cups.cs.cmu.edu/antiphishing_phil/

Students are most vulnerable Students more likely to fall for phish than staff 18-25 age group were consistently more vulnerable to phishing attacks

Wombat Security Purchased the Anti Phishing game from Carnegie Mellon and is now using it to train others

Play the game! http://cups.cs.cmu.edu/antiphishing_phil/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.