Presentation on theme: "CYBER SECURITY-PHISHING: DON’T BECOME A VICTIM OF FRAUD"— Presentation transcript:
1CYBER SECURITY-PHISHING: DON’T BECOME A VICTIM OF EMAIL FRAUD
291% Of Targeted Attacks Start With Spear-phishing Email Did You Know...91% Of Targeted Attacks Start With Spear-phishingThe word phishing comes from the analogy that Internet scammers are using lures to fish for passwords and financial data from the sea of Internet users.The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting users. Since hackers have a tendency to replacing "f" with "ph" the term phishing was derived.
3SPEAR PHISHINGThe Phish appears to be legitimately addressed from someone within that company in a position of trust and request information such as login ID’s and passwords.Spear phishing scams will often appear to be from a company’s own human resources or technical support division and may ask employees to update their username and passwords. Once hackers get this data, they can gain entry into secured networks.Another type of spear phishing attack will ask users to click on a link, which deploys spyware that can steal data.
4WHAT IS PHISHING? (fish’ing) (n) The act of sending an email to a user falsely claiming to be an established legitimateenterprise in an attempt to scam the user intosurrendering private information that will be used foridentity theft.directs the user to visit a web siteupdate personal information(passwords, credit card, social security and bank account numbers)
5PHISHING TECHNIQUES Official looking and sounding emails Copies legitimate corporate s with minor URL changesStandard virus/worm attachments to sIP addresses instead of domain names in hyperlinksSetting up fake web sites that closely mimic the domain name of the target website.
63 THINGS TO REMEMBER YOU have to do something to be attacked! NEVER click on “Click Here” or embedded links!NEVER give personal information over internet!
8TIPS TO HELP YOU RECOGNIZE PHISHING SCAMS AND FRAUDULENT EMAIL Generic greetingFrom and return path don’t matchInsecure site-look for https://Requests personal informationSense of urgencySpelling errorsPoor grammarForged link-beware of symbol in the URLWarns that you’ve been a victim of fraudRule of thumb: Anytime you are asked for personal information, it is a scam
16Other Phishing Scams The "Nigerian" Scam: Costly Compassion 1997-Secret Service confirmed losses just in the US of over 100 million dollars in 15 monthsHelp! I'm Stuck in London and I've Been Robbed!Fake FBI s Seeking Personal InformationWork-From-Home ScamsDormant African Account
17“HELP, IT’S ME”-----Original Message----- From: C. McGarrett;to: undisclosed recipients: ; Sent: Fri, Sep 2, :25 am Subject: It's urgent, please respondIt’s me, I really don't mean to inconvenience you right now. I made a little trip to Scotland, and misplaced my wallet that contains my passport and credit cards. Just hearing from me like this, sounds a little odd, but it all happened very fast. I've just been issued a temporary passport and also my ticket, but I'm short of funds to pay for the bills here. I've also been trying to reach my credit card company, but from the message I just received, I'll need some verifications like answering my home phone, and that will only happen when I'm home. Please, can you lend me some funds to secure the bills? I'll be willing to pay back as soon as I return. Please respond as soon as you get this message, so I can forward my details to send the money via western union or money gram, you can also contact me via the hotel's desk phone. The numbers are, , Looking forward to your response.In HIS Service and Yours,Christian McGarrettPolice Detective Sergeant and State Criminal Investigator
18Phishing Facts6.1 Billion - Number of phishing s sent world-wide each month$1,200 - Average loss to each person successfully phished (Federal Trade Commission)15,451 - Number of unique phishing attacks in January 2006 (Anti-Phishing Working Group)7,484 - Number of phishing Web sites found in January 2006 (Anti-Phishing Working Group)27,221 - Number of phishing Web sites found in January 2007 (Anti-Phishing Working Group)Source:
19USE COMMON SENSE – YOU need to do something to be attacked Why would a perfect stranger pick YOU-also a perfect stranger-to share a fortune with and why would you share your personal or business information, including your bank account numbers , with someone you don’t know?If it sounds too good to be true….IT IS!
21WHAT CAN I DO TO PREVENT PHISHING? Keep all software updated , especially anti-virusStay away from shady websitesDo not respond to suspicious and do notclick on any links within theOnly open attachments if you're expecting themIf you get ERROR when making purchase-DO NOT CONTINUELOG OFF – Don’t just close browserIf doing private transaction, CLOSE TABS – Every open tab allows access to others.YOU initiate connection /communication – Don’t click on link to get thereCall company by phone if you get a suspicious but DO NOT call the phone number in theRemove programs you don’t needReboot occasionally
22E-mail client configuration YOU control what you download Do NOT auto execute anythingDo NOT automatically download HTML graphics or contentDo NOT display graphics in messageDo NOT allow executable html contentTurn OFF Attachment PreviewIf NOT sure configure to “WARN ME BEFORE”You can control drive-by scripts running across the screen
26WHAT TO DO IF YOU RECEIVE A SUSPICIOUS EMAIL DO NOT respond to theDO NOT CLICK ON A LINK IN AN unless you are sure of the real target address. (Hover mouse over linkand compare to header—veryclose but does not match.)NEVER reveal personal or financial information in a response to an request, no matter who appears tohave sent it.D-E-L-E-T-E the
27WHAT TO DO IF YOU’VE RESPONDED TO A PHISHING SCAM: Report the incident -FTC, FBI, Secret Service, UNM IT ServicesChange the passwords on all your online accountsRoutinely review your credit card and bank statementsUse the latest products and services to helpwarn and protect you from online scams (Antivirus softwarecan only protect you from known viruses.)protect you from known viruses.)
28If you think you have been a victim of a phishing scam or want further information, please contact Deb Kuidis at or