Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.more.net | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Let’s Go Phishing!

Similar presentations


Presentation on theme: "Www.more.net | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Let’s Go Phishing!"— Presentation transcript:

1 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Let’s Go Phishing!

2 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Objectives Phishing defined Recognizing a phishing attack Protecting your identity

3 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri What is phishing? Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use “spoofed” s to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Source:

4 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Wow! OK, so what does that mean? Spoofed Social engineering Crimeware Keylogger Spyware

5 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Anti-Phishing Working Group In October 2005, –15,820 phishing messages reported to the APWG. –4367 unique phishing sites identified. –96 brand names were hi-jacked. –Average time a site stayed on-line was 5.5 days.

6 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Statistics 43 percent of adults have received a phishing contact. Five percent of those adults gave their personal information.

7 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Questions?

8 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri How many of you have seen a phishing ?  Yes! I have seen one (or two or three). x No, I have no idea what you are talking about.

9 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri

10 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Headers from Return-Path: X-Original-To: Delivered-To: Received: from nook.more.net (nook.more.net [ ]) by vortex.more.net (Postfix) with ESMTP id 1FC8DC088D for ; Thu, 23 Jun :52: (CDT) Received: from localhost (localhost.more.net [ ]) by nook.more.net (Postfix) with ESMTP id EF4D8CFE8B for ; Thu, 23 Jun :52: (CDT) Received: from nook.more.net ([ ]) by localhost (nook.more.net [ ]) (amavisd-new, port 10024) with ESMTP id for ; Thu, 23 Jun :52: (CDT) Received: from gangdeok.es.kr (unknown [ ]) by nook.more.net (Postfix) with ESMTP id EF879CFE83 for ; Thu, 23 Jun :52: (CDT) Received: from gangdeok.es.kr (gangdeok.es.kr [ ]) by gangdeok.es.kr (8.12.9/8.12.9) with ESMTP id j5NBeEKw for ; Thu, 23 Jun :40: Received: (from by gangdeok.es.kr (8.12.9/8.12.9/Submit) id j5NBeDiu for Thu, 23 Jun :40: Date: Thu, 23 Jun :40: To: Subject: Secure your ACCOUNT Message-ID: From: Content-Type: text/html X-Virus-Scanned: amavisd-new at more.net

11 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Questions?

12 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri HTML of message: SouthTrust Online Banking

"> www.more.net | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri HTML of message: SouthTrust Online Bankin

13 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri What you see on the screen: Login to your SouthTrust Online Banking with your SouthTrust username and password. Confirm your identity as a card memeber of SouthTrust. View your transaction history and report suspicious activity or any unauthorized change. https://southtrustonlinebanking.com/retail/

14 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri What the HTML really does: Login to your SouthTrust Online Banking with your SouthTrust username and password. Confirm your identity as a card memeber of SouthTrust. View your transaction history and report suspicious activity or any unauthorized change. https://southtrustonlinebanking.co m/retail/

15 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri GEEKTOOLS - Looking up IP address owner

16 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Whois reveals: inetnum: netname: HINET descr: Data Communication Business Group, descr: Chunghwa Telecom Co., Ltd. descr: Commerical ISP descr: 21, Section 1, Hsin-Yi Road, Taipei, descr: Taipei 100, Taiwan, R.O.C. country: TW admin-c: HN27-AP tech-c: HN28-AP mnt-by: MAINT-TW-TWNIC changed: changed: status: ALLOCATED PORTABLE source: APNIC

17 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Questions?

18 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Installation of crimeware If a website does not ask you for personally identifiable information, you may still be at risk from installed software.

19 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Be suspicious of any with urgent requests for personal financial information NEVER respond to an requesting personally identifiable information NEVER click on the link provided in the message NEVER fill out fields included in an e- mail message

20 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser Type in the web address and do not click on an link "https://" rather than just "http://" Check for the lock on the browser

21 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Others: Review credit card and bank account statements as soon as you receive it Check your credit report on a regular basis (every six months recommended) Use anti-virus software and keep it up to date Be cautious about opening any attachment or downloading any files from s you receive, regardless of who sent them

22 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Questions?

23 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Fair Credit Reporting Act A recent amendment to the federal Fair Credit Reporting Act requires each of the major nationwide consumer reporting companies to provide you with a free copy of your credit reports, at your request, once every 12 months. MISSOURI: free reports began March 1, call toll-free

24 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Report phishing or spoofed s Always include header information serve/cache/19.html Forward the to Forward the to the Federal Trade Commission at Forward the to the "abuse" address at the company that is being spoofed (e.g.,

25 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri What to do if you think your identity has been stolen: Contact the fraud department of any of the three major credit bureaus and place a fraud alert on your credit file. –Equifax –TransUnion –Experian EXPERIAN ( ) Close the accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavit when disputing new unauthorized accounts.

26 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri What to do, continued File a police report File your complaint with the FTC https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03

27 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Questions?

28 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Resources: ID Theft Homepage Identity Theft Victims: Immediate Steps Take Charge: Fighting Back Against Identity Theft Chart Your Course of Action - Checklist Anit-Phishing Work Group

29 | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Resources: Ten Ways to Recognize Fake (Spoof) nt_id=F483011C-F9D7-41B8-B240- 4A50632D8182 Dear Sir: Your Data Was Stolen html?tw=wn_1polihead Home PCs hijacked to spread spam news.bbc.co.uk/1/hi/technology/ stm


Download ppt "Www.more.net | University of Missouri Copyright ©2005 MOREnet and The Curators of the University of Missouri Let’s Go Phishing!"

Similar presentations


Ads by Google