Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fall 2011. 2 Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.

Published byAngelica Fisher Modified over 8 years ago

Similar presentations

Presentation on theme: "Fall 2011. 2 Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity."— Presentation transcript:

1 Fall 2011

2 2

3 Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity in an electronic communication Spear phishing – a phishing scam that targets a specific audience Scareware - tries to trick you into responding by using shock, anxiety or threats (“reply with your password now or we’ll shut down your email account tomorrow”) Social engineering - manipulating or tricking people into divulging private information (as opposed to using technical hacking techniques) 3

4 4 Sends email: “There is a problem with your eBuy account” User clicks on email link to www.ebuj.com. password? User thinks it is ebuy.com, enters eBuy username and password. Password sent to bad guy

5 Email Phishing e-mails can appear to come from legitimate institutions such as your bank, e-commerce site, credit card company, etc., but they really come from a criminal trying to steal information Web Site If you follow a link from an email or from an untrustworthy web site, it may take you to a site clone that records your information before logging you into the real site IM With IM phishing, you will get an IM from someone claiming to be support for your IM provider, asking you for account information 5

6 Federal Trade Commission (FTC) tracks and reports on identity theft Affects more than 10 million people every year Annual cost to the economy of $50 billion. The Anti-Phishing Working Group Reports that the frequency of phishing attacks increases 24% every month. 6

7 7

8 8

9 9

10 10

11 A statement that there is a problem with the recipient’s account at a financial institution or other business. The email asks the recipient to visit a web site to correct the problem, using a deceptive link in the email. A statement that the recipient’s account is at risk, and offering to enroll the recipient in an anti-fraud program. 11

12 A fictitious invoice for merchandise, often offensive merchandise, that the recipient did not order, with a link to “cancel” the fake order. A fraudulent notice of an undesirable change made to the user’s account, with a link to “dispute” the unauthorized change. A claim that a new service is being rolled out at a financial institution, and offering the recipient, as a current member, a limited-time opportunity to get the service for free. 12

13 13

14 14

15 15 Credit: Collin Jackson

16 16 Phishing Email sent portraying Bank of America, Military Bank Entices the user to complete a survey and receive a $20 or $25 credit

17 Spear phishing scam received by Kansas State University in January 2010 17

18 The malicious link in the scam email took you to an exact replicaof Kansas State’s single sign-on web page, hosted on a server in the Netherlands,that will steal their eID and password if they enter it and click “Sign in”. 18

19 Generic Greeting Fake Sender’s Address False Sense of Urgency Fake Web Links. Deceptive Web Links. Email is requiring that you follow a link to sign up for a great deal, or to log in and verify your account status, or encourages you to view/read an attachment. Misspellings and Bad Grammar 19

20 Characteristics of scam email Poor grammar and spelling The “Reply-to:” or “From:” address is unfamiliar Uses unfamiliar or inappropriate terms (like “send your account information to the MAIL CONTROL UNIT”) It asks for private information like a password or account number, or tries to get you to click on a link that takes you to a web form that asks for the info The message contains a link where the displayed address differs from the actual web address Does not provide explicit contact information (name, address, and phone #, or a website) for you to verify the communication. Good example is spear phishing scam that tries to steal your password and is signed only by “Webmail administrator” 20

21 Create a bank page advertising an interest rate slightly higher than any real bank; ask users for their credentials to initiate money transfer Some victims provided their bank account numbers to “Flintstone National Bank” of “Bedrock, Colorado” Exploit social network Spoof an email from a Facebook or MySpace friend In a West Point experiment, 80% of cadets were deceived into following an embedded link regarding their grade report from a fictitious colonel 21

22 Reconstructed the social network by crawling sites like Facebook, MySpace, LinkedIn, Friendster Sent 921 Indiana University students a spoofed email that appeared to come from their friend Email redirected to a spoofed site inviting the user to enter his/her secure university credentials Domain name clearly distinct from indiana.edu 72% of students entered their real credentials into the spoofed site (most within first 12 hrs) Males more likely to do this if email is from a female 22

23 DON’T CLICK THE LINK Type the site name in your browser (such as www.paypal.com) Never send sensitive account information by e- mail Account numbers, SSN, passwords Never give any password out to anyone Verify any person who contacts you (phone or email). If someone calls you on a sensitive topic, thank them, hang up and call them back using a number that you know is correct, like from your credit card or statement. 23

Download ppt "Fall 2011. 2 Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity."

Similar presentations

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Victoria ISD Common Sense Media Grade 6: Scams and schemes

Victoria ISD Common Sense Media Grade 6: Scams and schemes
What is Identity Theft, and how can you protect yourself from it?

What is Identity Theft, and how can you protect yourself from it?
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations UNCLASSIFIED//FOUO Updated: 16 NOV 2006.

DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations UNCLASSIFIED//FOUO Updated: 16 NOV 2006.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Similar presentations

Ads by Google