Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,

Slides:



Advertisements
Similar presentations
Phishing Scams How to Spot A Phising Scam? Kim Settle and Tara Moody CIS 2010 July 11, 2005.
Advertisements

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Victoria ISD Common Sense Media Grade 6: Scams and schemes
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
What is identity theft, and how can you protect yourself from it?
CSCD 303 Essential Computer Security Winter 2014 Lecture 3 - Social Engineering1 Phishing Reading: See links at end of lecture.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
A few simple steps, hints and tips to figure out if it is indeed fake. - By Emily Breuss.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
DO YOU LOVE FISHING “PHISHING” ? OR Global Wealth Management Group MORGAN STANLEY & SMITH BARNEY A term used to describe fraudulent attempts to steal.
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
How It Applies In A Virtual World
Security Issues: Phishing, Pharming, and Spam
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Safe Internet Use Mark Wheatley CSI Onsite
The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access to information and.
Staying Safe Online Keep your Information Secure.
Scams & Schemes Common Sense Media.
IT security By Tilly Gerlack.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
People use the internet more and more these days so it is very important that we make sure everyone is safe and knows what can happen and how to prevent.
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Presented by : Phishing Identity Theft Supervised by : Mr M. ABDELLAOUI Afaf DAHMANI Amal ATMANI Imane ALLAL.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
CCT355H5 F Presentation: Phishing November Jennifer Li.
Survey Scams Sam Roberts. What is a Survey Scam?  A scam where someone asks you to fill out a survey answering personal question, business questions,
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.
How Phishing Works Prof. Vipul Chudasama.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
What Does It Mean To You? Internet Security. 1.Use you to spread their worms and viruses. 2.Install spyware programs on your computer so they can monitor.
Scams and Schemes Essential Question: What is identity theft, and how can you protect yourself from it?
Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.
Unit 2 Assignment 1. Spyware Spyware is a software that gathers information about a person or site and uses it without you knowing. It can send your information.
Presented By: Jennifer Thayer, SPHR, SHRM-SCP.  Identify CyberCrime and Types  Identify Steps to Take to Prevent Identity Theft  Learn Tips and Tricks.
ONLINE SECURITY Tips 1 Online Security Online Security Tips.
Microsoft Windows 7 - Illustrated Unit G: Exploring the Internet with Microsoft Internet Explorer.
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Dr. Harold Cothern, Educause/SonicWall, Hendra Harianto Tuty, Microsoft.
Managing Money Workshop The National Autistic Society AGM
Catching Phish. If I went fishing what would I be doing? On the Internet fishing (phishing) is similar! On the internet people might want to get your.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Scams & Schemes Common Sense Media.
Done by… Hanoof Al-Khaldi Information Assurance
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.
Learn how to protect yourself against common attacks
Digital Citizenship Middle School
Don’t get phished!, recognize the bait
Phishing, what you should know
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
Information Security Session October 24, 2005
Protecting Your Identity:
CSCD 303 Essential Computer Security Fall 2017
What is Phishing? Pronounced “Fishing”
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
Presentation transcript:

Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation, some images from Anti- Phishing Workgroup’s Phishing Archive,Carnegie Mellon CyLab Dr. Harold L. “Bud” Cothern

Recognize Phishing Scams and Fraudulent s Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information. Con artists might send millions of fraudulent messages that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information.

Phreaking + Fishing = Phishing -Phreaking = making phone calls for free back in 70’s -Fishing = Use bait to lure the target Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low Techniques: Similar names ( for ), socialwww.ao1.comwww.aol.com engineering Phishing in 2001 Target: Ebayers and major banks Purpose: getting credit card numbers, accounts Threat level: medium Techniques: Same in 1995, keylogger Phishing in 2007 Target: Paypal, banks, ebay Purpose: bank accounts Threat level: high Techniques: browser vulnerabilities, link obfuscation History of Phishing

2,000,000 s are sent 5% get to the end user – 100,000 (APWG) 5% click on the phishing link – 5,000 (APWG) 2% enter data into the phishing site – 100 (Gartner) $1,200 from each person who enters data (FTC) Potential reward: $120,000 A bad day phishin’, beats a good day workin’ In 2005 David Levi made over $360,000 from 160 people using an eBay Phishing scam

Over 28,000 unique phishing attacks reported in Dec. 2006, about double the number from 2005 Estimates suggest phishing affected 2 million US citizens and cost businesses billions of dollars in 2005 Additional losses due to consumer fears Phishing: A Growing Problem

What Does a Phishing Scam Look Like? As scam artists become more sophisticated, so do their phishing messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.

Employ visual elements from target site DNS Tricks: – – –Unicode attacks JavaScript Attacks –Spoofed SSL lock Certificates –Phishers can acquire certificates for domains they own –Certificate authorities make mistakes Current Phishing Techniques

The following is an example of what a phishing scam message might look like: Example of a phishing e- mail message, including a deceptive URL address linking to a scam Web site. To make these phishing e- mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site.These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.

Socially aware attacks Mine social relationships from public data Phishing appears to arrive from someone known to the victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises Context-aware attacks “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!” Spear-Phishing: Improved Target Selection

Another Example:

But wait… WHOIS : Location: Korea, Republic Of Even bigger problem: I don’t have an account with US Bank! Images from Anti-Phishing Working Group’s Phishing Archive

Here are a few phrases to look for if you think an message is a phishing scam. "Verify your account." Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through . If you receive an from anyone asking you to update your credit card information, do not respond: this is a phishing scam. "If you don't respond within 48 hours, your account will be closed." These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing might even claim that your response is required because your account might have been compromised. How To Tell If An Message is Fraudulent

How To Tell If An Message is Fraudulent (cont’d) "Dear Valued Customer." Phishing messages are usually sent out in bulk and often do not contain your first or last name. "Click the link below to gain access to your account." HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site. Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign. Example of masked URL address

Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the URL " could appear instead as: How To Tell If An Message is Fraudulent (cont’d)

Never respond to an asking for personal information Always check the site to see if it is secure. Call the phone number if necessary Never click on the link on the . Retype the address in a new window Keep your browser updated Keep antivirus definitions updated Use a firewall P.S: Always shred your home documents before discarding them.

Phishing Filter ( _filter.mspx) helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites. Install up-to-date antivirus and antispyware software. Some phishing contains malicious or unwanted software (like keyloggers) that can track your activities or simply slow your computer. Numerous antivirus programs exist as well as comprehensive computer maintenance services like Norton Utilities. To help prevent spyware or other unwanted software, download Windows Defender. Install the Microsoft Phishing Filter Using Internet Explorer 7 or Windows Live Toolbar

Thank You For Your

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.