phishing
TRANSCRIPT
Introduction
History of phishing scam
What does a phishing scam look like
How to know an email msg is spam
Watch your steps
How to protect your self
How to turn the Internet Explorer Phishing Filter or the
SmartScreen Filter on or off
What happens once phishing is reported to authorities
conclusion
IntroductionPhishing is a type of deception
designed to steal your valuable personal
data, such as credit card numbers,
passwords, account data, or other
information.
Phisher might send millions of
fraudulent e-mail messages that appear
to come from Web sites you trust, like
your bank or credit card company, and
request that you provide personal
information.
Phreaking + Fishing = PhishingPhreaking = making phone calls for free back in 70’sFishing = Use bait to lure the target
Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com ), social engineering
Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995
Phishing in 2007
Target: Paypal, banks, ebay
Purpose: bank accounts
Threat level: high
Techniques: browser, link
Phishing in 2012
Social networking sites are now a prime target of phishing, since the
personal details in such sites can be used in identity theft.
Social Media PhishingWe have all fallen for this
Want to play a game or use an application that is not created by Facebook ?
Provide this app your email
Basic Information
Allow it to post to your wall so others can see it and sign up!
Date Phished Victim Attack details
2011\11 Stores 110 millions customer & credit card records stolen
2013\03 RSA Security RSA staff phished RSA secureID security token being stolen
2014\09 Home Depot 2200 home depot stores posted for sale on hacking web sites
The damage caused by phishing ranges from denial of access to email
to substantial financial loss. It is estimated that between May 2004 and
May 2005, approximately 1.2 million computer users in theUnited
States suffered losses caused by phishing, totaling
approximately US$929 million. United States businesses lose an
estimated US$2 billion per year as their clients become victims. In
2007, phishing attacks escalated. 3.6 million adults lost US$3.2
billion in the 12 months ending in August 2007. Microsoft claims these
estimates are grossly exaggerated and puts the annual phishing loss in
the US at US$60 million.
What Does a Phishing Scam Look
Like?
•As scam artists become more sophisticated, so do
their phishing e-mail messages and pop-up windows.
• They often include official-looking logos from real
organizations and other identifying information taken
directly from legitimate Web sites.
Here are a few phrases to look for if you think an e-mail
message is a phishing scam "Verify your account.“
"If you don't respond within 48 hours, your account will be closed."
"Dear Valued Customer.“
"Click the link below to gain access to your account."For example, the URL "www.microsoft.com" could appear instead as:
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
• Never respond to an email asking for personal information
•Always check the site to see if it is secure. Call the phone number if necessary
• Never click on the link on the email. Retype the address in a new window
• Keep your browser updated
• Keep antivirus definitions updated
• Use a firewall
How to turn the Internet Explorer Phishing Filter or the
SmartScreen Filter on or offInternet Explorer 8
To turn the SmartScreen Filter on or off, follow these steps:Start Window Internet
Explorer 8.
On the Safety menu, point to SmartScreen Filter, and then click one of the
following:
Turn On SmartScreen Filter
Turn Off SmartScreen Filter
Browser features – IE8
Domain highlighting
SmartScreen filtering – block access to malicious
sites and file downloads
16
For Firefox (version 2 and later):
Open Firefox.
Click on Tools, click on Options, and then click on Security.
Ensure that Warn me when sites try to install add-ons, Block reported attack
sites, and Block reported web forgeries are all checked.
Browser features - Firefox
Anti-phishing and anti-malware protection –
detects and blocks access to known malicious sites
and downloads
18
Browser features - Firefox
Instant Website ID – provides detailed identity information, if available, about the site:
Turn off phishing and malware detection
Click the Chrome menu on the browser toolbar.
Select Settings.
Click Show advanced settings and find the "Privacy"
section.
Uncheck the box next to "Enable phishing and malware
protection." Note: When you turn off these warnings
you also turn off other malware and uncommon
download warnings.
Client-based anti-phishing programsavast!
Avira Premium Security Suite
Firefox
Google Chrome
Google Safe Browsing (usable with Firefox)
Kaspersky Internet Security
McAfee SiteAdvisor
Microsoft Internet Explorer
Mozilla Thunderbird - e-mail client which warns users of e-mails which may be part of an e-mail scam.
Netcraft Toolbar
Netscape
Norton 360
Norton Internet Security
Opera
Phishtank SiteChecker
PineApp Mail-SeCure
Safari
Web Of Trust extension for browsers
Windows Mail, an e-mail client that comes with Windows Vista
Phishing Filter runs in the background while you browse the web and uses
three methods to help protect you from phishing scams.
First, it compares the addresses of websites you visit against a list of sites
reported to Microsoft as legitimate. This list is stored on your computer.
Second, it helps analyze the sites you visit to see if they have the
characteristics common to a phishing website.
Third, with your consent, Phishing Filter sends some website addresses to
Microsoft to be further checked against a frequently updated list of
reported phishing websites.
24
What happens once phishing is
reported to authorities…
Once the thieves have “fished out the pond" so to
speak, they move on. Normally, the link will
shows a "cannot be displayed" page.
Phishing has becoming a serious network security problem,
causing financial lose of billions of dollars to both consumers
and e-commerce companies. And perhaps more fundamentally,
phishing has made e-commerce distrusted and less attractive to
normal consumers.
The explosive growth of Internet commerce has given rise to a
new breed of online criminals who may attempt to steal your
passwords, your credit card numbers, and other personal
information by impersonating authority figures from your
bank or other institutions you frequent. The best defence
against this growing threat is to be aware of the problem and
to be alert when transacting business online.
http://www.uab.edu/it/email/spoofs.html
http://phishinginfo.org/
http://keepitsafe.auburn.edu/index3.html
http://www.sonicwall.com/phishing/index.html
http://www.marshal.com/trace/phishing_statistics.asp