Presentation is loading. Please wait.

Presentation is loading. Please wait.

presented by: Lingzi Hong

Published byPierce Harrell Modified over 6 years ago

Similar presentations

Presentation on theme: "presented by: Lingzi Hong"— Presentation transcript:

1 presented by: Lingzi Hong
Social Phishing presented by: Lingzi Hong

2 Research Question Question: How easily and effectively can a fisher exploit social network data found on the Internet to increase the yield of a phishing attack? Answer: Four times as likely to become victims!

3 Relative Work technical vulnerabilities: spear phishing or context aware phishing gain trust by history, preferences information personal information from public databases, websites, public records, etc. social vulnerabilities: 4. Emigh, A. Online identity theft: Phishing technology, chokepoints and countermeasures. ITTC Report on Online Identity Theft Technology and Countermeaures (Oct. 2005); dhs-report.pdf. 11.Jakobsson, M. and Myers, S. Phishing and Counter-Measures. John Wiley and Sons, 2006.

4

5 Experiment Procesure Data: crawl, parse, cross-correlating with IU’s address book database Subject: IU students aged 18 to 24 sampled to represent typical phishing victims experiment protocols

6 A: overall situation: first 12 hours, 70% successful authentication——-rapid takedown
B: number of times authenticated or refreshed their credentials

7 Experiment Results control experiment gender effect

8 age effect and major effect
Experiment Results age effect and major effect

9 comments and feedback about the experiment
440 posts, majority are supportive 30 complaints, 1.7% of the participants insights: ethical aspects of the study, better understanding of phishing victims, vulnerabilities and feelings following the attack.

10 comments and feedback about the experiment
Anger: phishing not only has the potential monetary costs associated with identity theft, but also a significant psychological cost to victims. Denial: difficult to admit vulnerability, as a consequence many phishing attacks may go unreported.success rate underestimated. Misunderstanding of . underestimation of dangers of publicly posted personal information

11 Discussion ethical ways to conduct experiments on social engineering attacks, help to design effective countermeasures. solutions: 1.digitally signed 2.browser toolbar which alerts users of likely web spoofing attempts. 3. need for extensive educational campaigns about phishing and other security threats.

12 Questions Only requires University access, different from real phishing, students may not be alert to privacy release. Successful rate for both control group and social groups are very high. Other than age, gender, major, try to find other relations. e.g.. number of friends in social network, online activity, level of information literacy and vulnerability of phishing attack.

Download ppt "presented by: Lingzi Hong"

Similar presentations

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer.

Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.

C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Social Phishing Tom N. Jagatic Nathaniel A. Johnson Markus Jakobsson Filippo Menczer Presenter: Ieng-Fat Lam Date: 2007/4/1.

Social Phishing Tom N. Jagatic Nathaniel A. Johnson Markus Jakobsson Filippo Menczer Presenter: Ieng-Fat Lam Date: 2007/4/1.
Miscreant of Social Networks Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac.

Miscreant of Social Networks Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Phishing Conventional Aspects of Security Computational assumptions –E.g., existence of a one-way function, RSA assumption,

Phishing Conventional Aspects of Security Computational assumptions –E.g., existence of a one-way function, RSA assumption,
INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
Friends of Switzerland1 The Changing Landscape of Programming Technology Karl Lieberherr Northeastern University.

Friends of Switzerland1 The Changing Landscape of Programming Technology Karl Lieberherr Northeastern University.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Towards A User-Centric Identity-Usage Monitoring System - ICIMP 2008 - Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.

Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
Invasive Browser Sniffing and Countermeasures Markus Jakobsson & Sid Stamm.

Invasive Browser Sniffing and Countermeasures Markus Jakobsson & Sid Stamm.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
The Significance and Evolution of End User Privacy Julie Earp College of Management North Carolina State University WISE 2010 Sponsored by TRUST June 21-24,

The Significance and Evolution of End User Privacy Julie Earp College of Management North Carolina State University WISE 2010 Sponsored by TRUST June 21-24,
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

Similar presentations

Ads by Google