PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

Slides:



Advertisements
Similar presentations
A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.
Advertisements

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Recommendations on the future of online GyroScope & Databse implementation.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.
  Cyberbullying can be as simple as continuing to send e- mail or text harassing someone who has said they want no further contact with the sender.
Internet Phishing Not the kind of Fishing you are used to.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.
Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Electronic Payment By: El Panda. What is an electronic payment? Electronic money (also known as e-currency, e-money, electronic cash, electronic currency,
1. The VeriSign brand2. Extended Validation SSL
Online Shopping Take Charge of Your Finances
© Family Economics & Financial Education –October 2007 – Consumer Protection Unit – Online Shopping Funded by a grant from Take Charge America, Inc. to.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.
Information Security Phishing Update CTC
AI&SS Administrative Group April, Meal Reimbursements. Invoices, Check Requests Year end deadlines for Accounting De-obligation of Accounts “Phishing”
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.
Internet Vulnerabilities & Criminal Activity Phishing, Nigerian 419’s, & High-Yield Investment Programs (HYIP) /31/2011.
ED526 INTERNET LITERACY FOR EDUCATORS PROJECT 1: RESEARCH PROJECT Bonnie Whisler.
PHISHING FINANCIAL THREATS ON THE INTERNET -Alisha Esshaki 8a.
Reliability & Desirability of Data
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
IT Banking Advantages and Disadvantages. Advantages IT banking is faster and more convenient for the user as they no longer are required to be at the.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.
About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.
Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details.
Phishing: Trends and Countermeasures Blaine Wilson.
How Phishing Works Prof. Vipul Chudasama.
McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.
A Matter of Your Personal Security Phishing. Beware of Phishing s Several employees received an that looked legitimate, as if it was being.
Topic 5: Basic Security.
An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson et. all Presented by Roy Ford.
Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015.
Internet safety By Kenan.  Viruses are written by malicious programmers who wish to cause problems for other computer users.  The primary source of.
This Guide is going to be about how to  attach files  create a signature  send to multiple recipients with using ‘Cc’ and ‘Bcc’  change the priority.
October is National CyberSecurity Awareness Month OIT and IT providers across campus are launching an awareness campaign to provide tips and resources.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
1.  Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web.
Phishing Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money)
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
Cybersecurity Test Review Introduction to Digital Technology.
PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.
Malicious Attacks By: Jamie Woznicki Rahul-Anaadi Kurl Alexander Kaufmann Curtis Songer Daniel Cardenas Rivero.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
Internet Security TEAMS March 18 th, ISP:Internet Service Provider.
 77.4% of the perpetrators are male.  50% live in one of the following states: California, New York, Florida, Texas, and Washington.  55.4% complainants.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.
Done by… Hanoof Al-Khaldi Information Assurance
Secure Software Confidentiality Integrity Data Security Authentication
Phishing is a form of social engineering that attempts to steal sensitive information.
Social Engineering Brock’s Cyber Security Awareness Committee
Spear Phishing Awareness
Presentation transcript:

PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

“PHISHING”  “Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.”  “Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.” The term “phishing” is a variant of fishing, probably influenced by phreaking, and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen. (10/16/2012)

TECHNIQUES  Phishing  Spear Phishing  Clone Phishing  Whaling  Link manipulation  Filter evasion  Website forgery  Phone phishing  Clone Phishing  Tab nabbing  Evil twins  Click-through syndrome

PHISHING SUCCESS Phishing is profitable with only a low level of success.  1% of 1% of a web site’s visitors being “phished” can be highly profitable!  8:51 PM, 10/16/2012, the “dashboard” for CA.GOV websites indicated 29,752 visitors.  Deceive 3 people an hour, and a phisher can score one or more of the following profitable items: Personal identity information Financial data Passwords & PIN numbers Drivers license, medical information, tax records.

TARGETS

STATISTICS

DEFENSE TRIFECTA Vouch for Website Certificate Authority TLS/SSL

PHISH OR NO PHISH?  The fastest growing Internet game sweeping the nation!

PHISH?

THIS IS THE PHISH!

GET A LOCK! What is the “threshold” used for a website to get an SSL certificate and a “LOCK?” The Ability to Pay.

EV CERTIFICATE  Focuses on website owner: Official paper trail that backs up your claim that you (1) Own that website, and (2) Own that IP/DNS name, and (3) you are a legal entity.  User: Offers visual cues for the users that the website employs an EV certificate.

WELLS FARGO

USAA

COMPARISON

EV SSL CERTS… Web browser Has built in Knowledge of EV CAs Third Party CA Web Site Certificate Auditing Entity Built-in knowledge (X.509 standard)

HOW TO IMPLEMENT EV SSL  Get the certificate from a reputable source.  Educate your users!! Get them to check the address bar.  Code your website cleanly!

PHISH TANK

QUESTIONS?  The end