Presentation is loading. Please wait.

Presentation is loading. Please wait.

PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

Published byLeslie O’Brien’ Modified over 9 years ago

Similar presentations

Presentation on theme: "PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…"— Presentation transcript:

1 PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…

2 “PHISHING”  “Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.”  “Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.” The term “phishing” is a variant of fishing, probably influenced by phreaking, and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen. http://en.wikipedia.org/wiki/Phishing (10/16/2012)

3 TECHNIQUES  Phishing  Spear Phishing  Clone Phishing  Whaling  Link manipulation  Filter evasion  Website forgery  Phone phishing  Clone Phishing  Tab nabbing  Evil twins  Click-through syndrome

4 PHISHING SUCCESS Phishing is profitable with only a low level of success.  1% of 1% of a web site’s visitors being “phished” can be highly profitable!  8:51 PM, 10/16/2012, the “dashboard” for CA.GOV websites indicated 29,752 visitors.  Deceive 3 people an hour, and a phisher can score one or more of the following profitable items: Personal identity information Financial data Passwords & PIN numbers Drivers license, medical information, tax records.

5 TARGETS

6 STATISTICS

7 DEFENSE TRIFECTA Vouch for Website Certificate Authority TLS/SSL

8 PHISH OR NO PHISH?  The fastest growing Internet game sweeping the nation!

9 PHISH?

10

11 THIS IS THE PHISH!

12 GET A LOCK! What is the “threshold” used for a website to get an SSL certificate and a “LOCK?” The Ability to Pay.

13 EV CERTIFICATE  Focuses on website owner: Official paper trail that backs up your claim that you (1) Own that website, and (2) Own that IP/DNS name, and (3) you are a legal entity.  User: Offers visual cues for the users that the website employs an EV certificate.

14 WELLS FARGO

15 USAA

16 COMPARISON

17 EV SSL CERTS… Web browser Has built in Knowledge of EV CAs Third Party CA Web Site Certificate Auditing Entity Built-in knowledge (X.509 standard)

18 HOW TO IMPLEMENT EV SSL  Get the certificate from a reputable source.  Educate your users!! Get them to check the address bar.  Code your website cleanly!

19 PHISH TANK http://www.phishtank.com/phish_archive.php

20 QUESTIONS?  The end

Download ppt "PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…"

Similar presentations

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Recommendations on the future of online GyroScope & Databse implementation.

Recommendations on the future of online GyroScope & Databse implementation.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.
  Cyberbullying can be as simple as continuing to send e- mail or text harassing someone who has said they want no further contact with the sender.

  Cyberbullying can be as simple as continuing to send e- mail or text harassing someone who has said they want no further contact with the sender.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.

Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Electronic Payment By: El Panda. What is an electronic payment? Electronic money (also known as e-currency, e-money, electronic cash, electronic currency,

Electronic Payment By: El Panda. What is an electronic payment? Electronic money (also known as e-currency, e-money, electronic cash, electronic currency,
1. The VeriSign brand2. Extended Validation SSL www.secure128.com.

1. The VeriSign brand2. Extended Validation SSL
Online Shopping Take Charge of Your Finances 1.3.2.

Online Shopping Take Charge of Your Finances
© Family Economics & Financial Education –October 2007 – Consumer Protection Unit – Online Shopping Funded by a grant from Take Charge America, Inc. to.

© Family Economics & Financial Education –October 2007 – Consumer Protection Unit – Online Shopping Funded by a grant from Take Charge America, Inc. to.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.

Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.

Similar presentations

Ads by Google