Phishing Rising to the challenge Amy Marasco Microsoft.

Slides:



Advertisements
Similar presentations
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Advertisements

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Line Efficiency     Percentage Month Today’s Date
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Norman SecureSurf Protect your users when surfing the Internet.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
Chapter 10: Authentication Guide to Computer Network Security.
STAY SAFE ONLINE. STAY SAFE ONLINE! PLEASE MAKE SURE YOU LOGIN AT THE CORRECT BANK URL / ADDRESS 1.NEVER LOGIN VIA LINKS 2.NEVER REVEAL YOUR PIN.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
A Claims Based Identity System Steve Plank Identity Architect Microsoft UK.
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
PREPARED BY: SYAIDATUL SYAZANA BT PAUZI INTRODUCTION What is the definition of Phishing Hacking.
Chapter 3: Security Basics Security+ Guide to Network Security Fundamentals Second Edition.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Topic 5: Basic Security.
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Web Services Security Patterns Alex Mackman CM Group Ltd
Access Control / Authenticity Michael Sheppard 11/10/10.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Configuring and Deploying Web Applications Lesson 7.
1.  Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web.
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
Extra Credit Presentation: Allegra Earl CSCI 101 T 3:30.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada.
Phishing & Pharming Methods and Safeguards Baber Aslam and Lei Wu.
WHAT IS IDENTITY THEFT?  Identity thieves take your personal information and use it to harm you in various ways, including these:  User names, passwords,
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Microsoft Windows 7 - Illustrated Unit G: Exploring the Internet with Microsoft Internet Explorer.
Kaspersky Small Office Security INTRODUCING New for 2014!
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Munix Bus WiFi Authentication, Log Management, Internet Security, Content Filter & VPN Service Internet Gateway & Business Intelligence
Windows Server 2008 R2 Oct 2009 Windows Server 2003
    Customer Profile: If you have tech savvy customers, having your site secured for mobile users is recommended. Business Needs: With the growing number.
Jan 2016 Solar Lunar Data.
Secure Software Confidentiality Integrity Data Security Authentication
Phishing, what you should know
Business mail account in yahoo
Q1 Jan Feb Mar ENTER TEXT HERE Notes
An Identity on the Internet
Computer Security.
Text for section 1 1 Text for section 2 2 Text for section 3 3
Text for section 1 1 Text for section 2 2 Text for section 3 3
Text for section 1 1 Text for section 2 2 Text for section 3 3
Text for section 1 1 Text for section 2 2 Text for section 3 3
Text for section 1 1 Text for section 2 2 Text for section 3 3
Text for section 1 1 Text for section 2 2 Text for section 3 3
Text for section 1 1 Text for section 2 2 Text for section 3 3
Text for section 1 1 Text for section 2 2 Text for section 3 3
Text for section 1 1 Text for section 2 2 Text for section 3 3
Text for section 1 1 Text for section 2 2 Text for section 3 3
Cybersecurity Simplified: Phishing
Employee Self-Service (ESS) Portal
Presentation transcript:

Phishing Rising to the challenge Amy Marasco Microsoft

How Phishing attacks work Branded message that looks like it comes from a familiar business Request you to login in to your account to validate account details URL that points to fake site, even though the text may look real. Fake site, branded to look just like the real one. Phishing site takes your username and password and then uses them to defraud you.

Threats to Online Safety The Internet was built without a way to know who and what you are connecting to Internet services have one-off “workarounds” Inadvertently taught people to be phished Greater use and greater value attract professional international criminal fringe Exploit weaknesses in patchwork Phishing and pharming at 1000% CAGR Missing an “Identity layer” No simplistic solution is realistic Most people re-use username and passwords on multiple sites

Phishing & Phraud New Phishing Sites by Month December 2004 – December 2005 Dec 04 Jan Feb Mar Apr MayJunJul Aug Sep Oct Nov Dec 05 7,197 4,630 4,367 5,242 5,259 4,564 4,280 3,326 2,854 2,870 2,625 2,560 1,707 Source:

Need Layered Defense Stop users clicking on URL’s in phishing Detect phishing sites and when possible prevent users clicking on them Work with the industry to move away from username and passwords as authentication mechanism

Improvements to Outlook 12 Improved junk filters No longer click on URL’s on s in the junk folder

Improvements in IE7 Phishing Filter: comprehensive anti-phishing service Warns if site exhibits suspicious behavior Blocks known phishing sites Instant protection via page scan and online service High Assurance Certs: accountability for secure sites Much higher bar for granting certificates Clear identification that site has stronger certificate Industry-wide initiative

InfoCard Simple user abstraction for digital identity For managing collections of claims For managing keys for sign-in and other uses Grounded in real-world metaphor of physical cards Government ID card, driver’s license, credit card, membership card, etc… Self-issued cards signed by user Managed cards signed by external authority Based on series of WS* specifications Shipping in WinFX Runs on Windows Vista, XP, and Server 2003 Implemented as protected subsystem

Summary This is an industry wide problem which we can only solve together. We need co-operation of all major sites to implement High Assurance Certificates and InfoCard

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.