Phishing “ In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterized by attempts to fraudulently acquire.

Slides:



Advertisements
Similar presentations
How to protect yourself, your computer, and others on the internet
Advertisements

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Phishing Scams use spoofed s and websites as lures to prompt people to voluntarily hand over sensitive information Phishing s may contain.
Phishing “ In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterized by attempts to fraudulently acquire.
1 Identity Theft and Phishing: What You Need to Know.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.
Phishing, Pharming, and Spam Margaret StewartTuesday, Oct. 21, 2006.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Internet safety By Lydia Snowden.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber Crimes.
Day 3 Cybersafety Presented by FJUHSD Teacher Librarian.
P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.
IT security By Tilly Gerlack.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,
What is Identity Theft? How is it accomplished? How might it impact the victim? What can I do to protect myself? What is phishing? By Ellen Justice.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Behind the Machine: Anonymity and Free Speech Bill of Rights protects free speech But – there are still times when we do not want to be identified? Examples?
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.
Information Security Sharon Welna Information Security Officer.
Survey Scams Sam Roberts. What is a Survey Scam?  A scam where someone asks you to fill out a survey answering personal question, business questions,
About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.
To:Employee From: impersonated official company Message: Give us personal information here.
How Phishing Works Prof. Vipul Chudasama.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Topic 5: Basic Security.
Inappropriate Content Hackers Phishers Scammers Child Abusers Bullies.
What is Spam? d min.
Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
Any criminal action perpetrated primarily through the use of a computer.
PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.
ONLINE SECURITY Tips 1 Online Security Online Security Tips.
SCAMS and FRAUDS How to Recognize Them and Ways You Can Protect Yourself Presented by the Criminal Investigations Division, Morganton Department of Public.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
Managing Money Workshop The National Autistic Society AGM
Catching Phish. If I went fishing what would I be doing? On the Internet fishing (phishing) is similar! On the internet people might want to get your.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.
Learn how to protect yourself against common attacks
ISYM 540 Current Topics in Information System Management
Information Security and Privacy Pertaining to Phishing and Internet Scams Brian Corl COSC 316 Information Security and Privacy.
I S P S loss Prevention.
Phishing, what you should know
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Computer Security.
What is Phishing? Pronounced “Fishing”
Phishing “In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterized by attempts to fraudulently acquire.
Presentation transcript:

Phishing “ In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an or an instant message. The term phishing arises from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords. “ Copyright © 2008 by Helene G. Kershner

Phishing – In the Beginning In the early 1990s unethical AOL users created false accounts with “algorithmically generated credit card numbers — these accounts could last weeks or even months until new ones were required. –At this point in time AOL was a parallel service to the Internet –AOL eventually brought in measures in late 1995 to prevent this, so early AOL crackers resorted to phishing for legitimate AOL accounts.” Individuals involved in such measures were often those involved in illegal sale and distribution of boot leg software. Copyright © 2009 by Helene G. Kershner

Phishing – In the Beginning The phisher or cracker would “pose as an AOL staff member and send an instant message to a potential victim, asking the victim to reveal his or her password.” Stutz, Michael: “AOL: A Cracker's Paradise?”, Wired News, January 29, 1998.Stutz, MichaelAOL: A Cracker's Paradise?Wired News The phisher would use the … common technique of sending some kind of message to the unsuspecting AOL user asking to give “up sensitive information … include text such as "verify your account" or "confirm billing information". Once the victim had submitted his or her password, the attacker could then access the victim's account and use it for various criminal purposes, such as spamming.” Copyright © 2008 by Helene G. Kershner

Phishing – Moving on from AOL In 1997 AOL adjusted its security policies making it very difficult for such illegal activities to occur. As a result these activities migrated elsewhere on the Internet. Phishing is now unfortunately Everywhere! Losses from phishing in the US alone (businesses and individuals) are estimated in the billions of dollars annually and impact millions of people. Copyright © 2008 by Helene G. Kershner

Phishing Copyright © 2008 by Helene G. Kershner

Phishing Examples Copyright © 2008 by Helene G. Kershner

Fake sites that look real are called spoofed websites. Look for typos Copyright © 2008 by Helene G. Kershner

Phishing What is identity theft? – to-identity-theft-234.htmhttp:// to-identity-theft-234.htm – Copyright © 2009 by Helene G. Kershner

Phishing Examples s that say: Verify your account information You have just won ! If you fail to respond within 36 hours your account will be closed (very cute by Symantec) (home) (office) Copyright © 2008 by Helene G. Kershner

Subject: ACCOUNT MAINTENANCE From: CAMPUS WEB TECHNICAL SERVICE Reply-To: Date: 10/29/2008 3:50 Dear Buffalo User, A Computer Database Maintainance is currently going on. This Message is Very Important. We are very concerned with stopping the proliferation of spam. We have implemented Sender Address Verification (SAV) to ensure that we do not receive unwanted and to give you the assurance that your messages to Message Center have no chance of being filtered into a bulk mail folder. To help us re-set your password on our database prior to maintaining our database, you must reply to this and enter your Current User name ( ) and Password ( ). Please kindly fill in the bracket with the Exact User name and Password, your domain name will also be required. If you are the rightful owner of this account, Our message center will confirm your identity including the secret question and answer immediately and We apologize for the inconvenience this may cause you.We assure you more quality service at the end of this maintenance. The Buffalo Campus Web Software is a fast and light weight application to quickly and easily accessing your . Failure to submit your Username & Password will render your in-active from our database. Thank you for using Buffalo Web ! WEBMAIL TECHNICAL ADMIN Copyright © 2008 by Helene G. Kershner

All, Some CSE faculty and staff are wondering if this message is legitimate. In fact, it is spam designed to harvest and exploit your personal information. As a general rule, if you ever receive that asks for your password, it's malicious spam and you should ignore it. UBIT (and your bank, credit card company, mortgage holder, etc.) will never ask you for your password via . Other red flags in this message include: 1. The message purports to be from a UB database administrator, but it originates from an address outside the buffalo.edu domain. UBIT policy dictates that official correspondence must originate from addresses. 2. The message is poorly written and ungrammatical. UBIT personnel are usually pretty good about proofreading. 3. The message's content attempts to sound official and jargon-y but is ultimately without meaning or substance. Yours in healthy skepticism, Copyright © 2008 by Helene G. Kershner

Fraudulent Examples y_security/fraud/page/fraud_examples Copyright © 2009 by Helene G. Kershner

Phishing Copyright © 2008 by Helene G. Kershner

Phishing Not just an issue –MySpace Introduces Anti-Phishing measures Copyright © 2009 by Helene G. Kershner

Phishing How to avoid Phishing Scams Suspect any that asks for personal or financial information Don’t use links in web pages, IMs, or chats that you suspect or where you don’t know the sender. Avoid filling out forms that ask for personal or financial info Make sure you’re using a secure website when submitting credit card or other sensitive info from your web browser. Look for the security lock and –scam sites may not use these. –Check to see that the address the return quotes is the same thing as the website address Copyright © 2009 by Helene G. Kershner

Phishing How to avoid Phishing Scams Consider installing a fraud catching web browser tool bar to help protect you from known sites –IE 7 and FireFox 2 include such a feature –Earthlink ScamBlocker is such a tool Regularly check your online accounts, don’t leave such accounts untouched for months Regularly check your bank, credit card and debit account statements and check for illegal use –Issues with debit cards Keep your browser updated Report “phishing” por “Spoofed” s Copyright © 2009 by Helene G. Kershner

Phishing What can be done? –Educate users –Make pages more difficult to “spoof” –Anti-phishing software –“smart” - spam filters –Legislation –Industry/government/law enforcement working groups Copyright © 2008 by Helene G. Kershner

Behind the Machine: Phishing The FTC suggests If you get an or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Area codes can mislead. Some scammers send an that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice Over Internet Protocol technology, the area code you call does not reflect where the scammers really are. Copyright © 2008 by Helene G. Kershner

Behind the Machine: Phishing Don’t personal or financial information if requested by a message to you! Look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “ (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. Copyright © 2008 by Helene G. Kershner

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.