Phishing Definition: a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial.

Slides:



Advertisements
Similar presentations
How to protect yourself, your computer, and others on the internet
Advertisements

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Victoria ISD Common Sense Media Grade 6: Scams and schemes
SECURITY CHECK Protecting Your System and Yourself Source:
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
What is identity theft, and how can you protect yourself from it?
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Phishing, Pharming, and Spam Margaret StewartTuesday, Oct. 21, 2006.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Phishing on the Internet? Presented by Naveed Farooq Naveed Farooq Admin Nidokidos Network Make Money Online | Join Nidokidos Forum |
Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
George Mason University and SonicWALL The Phishing Ecosystem Analyzing the Dynamics for Maximum Defense Tuesday, April 11th 2006 – 2:45pm.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
CERN - IT Department CH-1211 Genève 23 Switzerland t Update on the underground economy and making profit on the black market Wojciech Lapka.
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Issues Raised by ICT.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent s.
Confidential On-line Banking Risks & Countermeasures By Vishal Salvi – CISO HDFC Bank IBA Banking Security Summit 2009.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Sushant Rao, Senior Product Manager Emerging Threats: Stop Spam, Virus, and Phishing Outbreaks through End-to-End Attack Monitoring.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
1 Getting A Hook On Phishing Laurie Werner Miami University Chuck Frank Northern Kentucky University.
Reliability & Desirability of Data
Scams & Schemes Common Sense Media.
IT security By Tilly Gerlack.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,
 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.
Phishing Webpage Detection Jau-Yuan Chen COMS E6125 WHIM March 24, 2009.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
CCT355H5 F Presentation: Phishing November Jennifer Li.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
How Phishing Works Prof. Vipul Chudasama.
SCAMS & SCHEMES PROTECTING YOUR IDENTITY. SCAMS WHAT IS A SCAM? ATTEMPT TO TRICK SOMEONE, USUALLY WITH THE INTENTION OF STEALING MONEY OR PRIVATE INFORMATION.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.
Inappropriate Content Hackers Phishers Scammers Child Abusers Bullies.
What is Spam? d min.
INTRODUCTION & QUESTIONS.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Unit 2 Assignment 1. Spyware Spyware is a software that gathers information about a person or site and uses it without you knowing. It can send your information.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Cybersecurity Test Review Introduction to Digital Technology.
Malicious Attacks By: Jamie Woznicki Rahul-Anaadi Kurl Alexander Kaufmann Curtis Songer Daniel Cardenas Rivero.
E-Commerce & Bank Security By: Mark Reed COSC 480.
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Dr. Harold Cothern, Educause/SonicWall, Hendra Harianto Tuty, Microsoft.
Safe Computing Practices. What is behind a cyber attack? 1.
Managing Money Workshop The National Autistic Society AGM
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
ISYM 540 Current Topics in Information System Management
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
What is Phishing? Pronounced “Fishing”
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
Presentation transcript:

Phishing Definition: a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials –Social engineering: Spoofed s Counterfeit websites Trick users into giving credentials –Technical subterfuge Install software that steals credentials directly Corrupt web navigation –Either to a counterfeit website –Or a proxy to the real site (man in the middle)

Numbers (Q1 – 2010) 85.2% of all is spam –Sources USA – 16% India – 7% Russia – 6% 0.68% of all has malicious content 0.57% of all has a link to a phishing site –Targets Germany – 11.6% Great Britain – 10.2% Japan – 7.7% Twain – 7.1% USA – 6.9% 67.34% of the phishing related websites are hosted in the USA

Numbers (Q1 – 2010) Number of: –Unique phishing s – 30,577 –Unique phishing websites – 29,879 –Brands hijacked – 298 Industries targeted –Payment services (Paypal) – 35.9% –Financial (Chase) – 37% –Gaming, social networks, online classified – 17.9% –Auction sites- 8.3%

Phishing Steps 1) Get an list –Google “ lists for sale” 2) Develop the attack –Create the Use logos, convincing language, urgency –Create the website Use look and feel of original website Ask for user id/password Ask for credit card/ssn numbers

Phishing Steps 3) Locate sites to host your website –Use many sites –Update DNS to have a very similar name to the original Chase.org, paypal.us.com, etc… Citibahk.com with a valid ssl certificate Paypal.com with a Cyrillic ‘a’ –Median uptime: 13 hours 42 minutes 4) Locate sender –Google ‘ sender’ –Usually use a botnet. Many infected computers that send s from a “command and control” computer Most phishers use their own botnet

Phishing Steps 5) Launch the attack –Maybe use “Fast Flux” –Image from Adrew Klein – Sonic Wall Sending Machines Phish Web Sites Receivers Mary Tomas Andy Tonia George John Frank Tim Herman Luann Ramona Evan Jan Scott Venkat Charlie Phil Elisa Dom Joe Lana June Chao Vadim Oliver

Phishing Steps 6)Collect –Example: 2,000,000 s sent 5% get to a real end user – 100,000 5% click on the link – 5,000 2% enter data into the site – 100 Average of $1,200 per incident or $120,000 Not bad for about 14 hours!!

Phishing Gangs David Levi – UK –6 people –$360,000 from 160 people –Arrested in 2006 USA and Egypt Gang –100 people –Egypt created websites and s –US side laundered the money Romanian Gang –70 people –$1,000,000 transferred from bank account to western union – Arrested May 2010

Phishing Gangs Largest current gang is Avalanche –2/3 of all phishing comes from this gang –4,272 attacks in the first quart of 2010 –1,624 domains are theirs –They have had a sudden decrease in phishing and have instead switched to malware phishing

Phishing Gangs Infrastructure Not just a individual –Creative department Create , website Come up with DNS names –Admin department Pay role Office space rent President, etc… –Money Launderer (Mule)

Money Laundering (the Mule) People create accounts on banks they are about to attack. –Transfer the stolen account/id from one account to the other. –Cash out. –Close the account “Make money at home” –Dad has money sent to his bank account –Dad then wires the money to another bank –Dad get 10% –Small amounts are transacted ~$3-5K

Money Laundering (the Mule) “Financial Operations Manager” job “Help young cancer patient transfer funds” “African finance minister” …

Phishing Ecosystem The Phisher $ Tools to the Trade The Malware Community list Sending Machines Hosting Sites & Web site Construct Launch Collect Account Info Credit Info Identity Info Logins & Passwords Phished information turned into Cash Phishing Kit DHA Site Crawlers Spyware Harvested Information $ $ Templates Sitecopy & wget Botnets Trojans Worms Keyloggers Hacks & Attacks “Real” Domain Names Image from Andrew Klein – Sonic Wall

Protect your company If your company sends s you are more vulnerable If you must send s –Put identifiable info in the Last 4 of credit card number Your name Account ending in… Address –Provide non- ways to verify –Use standard company domain names Do not use chase.offer.com, etc… –Avoid web page links

Protect your company Educate your clients –Tell them how you will communicate –What to look for in an Monitor new customers (they might be a mule) Report phishing to authorities

Protect yourself If you get an , DO NOT click on the link, copy and paste Is this someone I do business with? Was I expecting this ? Be aware of attachments. Keep your anti-virus software up to date!

Resources APWG – Aniti Phishing Working Group Kaspersky Labs Adrew Klein – Sonic Wall from the Secure IT conference in 2006