Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Published byBarrie Casey Modified over 9 years ago

Similar presentations

Presentation on theme: "Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams."— Presentation transcript:

1 Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams

2 Bsharah Presentation Learning Objectives Define a phishing scam. Describe how a phishing scam is carried out. Explain methods for detecting phish email. Provide guidelines for how to avoid being phished. 2

3 Bsharah Presentation Factors Increasing the Threats to Information Security Today’s interconnected, interdependent, networked business environment. Smaller, faster, cheaper computers and storage devices. Decreasing skills necessary to be a computer hacker. International organized crime turning to cybercrime. Increased use of unmanaged devices. 3

4 Bsharah Presentation A Look at Unmanaged Devices Wi-Fi at McDonalds Wi-Fi at Starbucks Hotel Business Center 4

5 Bsharah Presentation Risk 5 There is always risk when you use the internet.

6 Bsharah Presentation And then there is RISK 6

7 Bsharah Presentation Phishing Defined Phishing scams or attacks use deception to acquire sensitive personal information by masquerading as official-looking e-mails or instant messages. The term "phishing" comes from the analogy that Internet scammers are using email lures to "fish" for passwords and financial data from the sea of Internet users. The name was coined in the 1996 timeframe by hackers who were stealing America On-Line accounts [1]. 7

8 Bsharah Presentation Phishing Facts $886 – average dollar loss per phishing victim [2] $3.6 Billion – total dollar loss of all phishing victims over a 1 year period [2] 3.2 Million – number of people who fell victims to phishing scams over that same 1 year period [2] 8.5 Billion – estimated number of phishing emails sent world-wide each month [3] 32,414 – number of phishing web sites that were operational in May 2008 [4] 8

9 Bsharah Presentation Phishing Facts 3.2 MillionNumber of people who fell victims to phishing scams in a 1 year period [2] $3.6 BillionTotal dollar loss of all phishing victims over the same 1 year period [2] $1125Average dollar loss per phishing victim over the same 1 year period [2] 8.5 BillionNumber of phishing emails sent world- wide each month [3] 32,414Number of phishing web sites that were operational in May 2008 [4] 9

10 Bsharah Presentation How Phishing Works First, a fake web site is designed to look and act exactly like a real site ("spoofed" organization). A fraudulent email is then crafted to look like it originated from the legitimate organization. Real Site Fake Site 10

11 Bsharah Presentation How Phishing Works The email is sent out to countless potential victims, either directly or through automated networks like botnets. The email contains links to the bogus web site operated by a criminal. 11

12 Bsharah Presentation How Phishing Works The victim follows the link in the email to the fake site and fills in the requested information, thinking it is the genuine site. Link 12

13 Bsharah Presentation How Phishing Works The information is collected by the fraudulent site and sent back to the criminal. Account ID Social Security Number Credit Card Number PIN Date of Birth 13

14 Bsharah Presentation How to Detect a Phish E-mail As Scammers get better, their emails look more genuine. How do you tell if it’s a scam and phishing for personal information? 14

15 Bsharah Presentation Four Tests to Help Detect Phish E-mail First, look for spelling and grammatical errors in the email. Second, check the email header and look for anomalies. –Even if the e-mail message appears to come from a sender that you know and trust, use the same precautions that you would use with any other e-mail message. Fraudsters can easily spoof the identity information in an e-mail message. 15

16 Bsharah Presentation Real or Fake ? 16

17 Bsharah Presentation Four Tests to Help Detect Phish E-mail Third, analyze the links in e-mail messages to determine the real target address or URL. –Most e-mail programs (e.g., Outlook 2007) show you the actual target address of a link when you hover the mouse over the link. Or you can view the email source and/or link properties. –If the target address contains an IP address, such as 192.168.100.1, do not click the link. –Make sure that the spelling of words in the link matches what you expect. Scams often use URLs with typos in them that are easy to overlook, such as “www.micosoft.com” or “http://online.wellfargo.com”. 17

18 Bsharah Presentation Example: Determine the Real Target Address or URL 18 Visible link: https://online.wellsfargo.com/? customersupport=CONFIRMATION ≠ Called link: http://202.67.159.110:5180/login1.html

19 Bsharah Presentation Four Tests to Help Detect Phish E-mail Fourth, verify the security and identity of the Web site. –Click the lock icon to display the security certificate for the site. The name following “Issued to” should match the name of the site. If the name differs, you may be on a fake site. –Some sites feature verified identity and security information. When you visit a verified site using Internet Explorer 7, the browser address bar turns green and the identity information appears on the right-hand side of the address bar. –This makes it easy to check the identity information and ensure that it matches the site that you expected to see. 19

20 Bsharah Presentation Example: Verify the Security 20

21 Bsharah Presentation Guidelines to avoid being phished If you are requested to update your account information or change your password, connect to the Web site by using your personal bookmark or by typing the URL directly into your browser. Don't trust offers that seem too good to be true. –If a deal or offer in an e-mail message looks too good to be true, it probably is. 21

22 Bsharah Presentation Guidelines to avoid being phished Never enter personal or financial information into a pop- up window. –Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to check the security certificate. –Close pop-up windows by clicking the red X in the top right corner (a "Cancel"button may not work as you'd expect). Regularly Update your computer protection software and browser. Report suspicious e-mail. –Report the e-mail to the faked or "spoofed" organization. Contact the organization directly-not through the e-mail you received. –Report the e-mail to the proper authorities, including the FBI, the Federal Trade Commission (FTC), and the Anti-Phishing Working Group. 22

23 Bsharah Presentation Homework for next class Phishing scams –Phishing exampleexample –Phishing exampleexample –Phishing quizquiz Distributed denial-of-service attacks –See botnet demonstrationdemonstration 23

24 Bsharah Presentation Another Example – Amazon View Source 24

25 Bsharah Presentation Risk Optimization 25

26 Bsharah Presentation How Public Key Encryption Works 26

27 Bsharah Presentation How Digital Certificates Work 27

Download ppt "Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams."

Similar presentations

What Are Scams? Scams are designed to trick you into giving away your money or your personal details. Scams come to you in many forms – by mail, email,

What Are Scams? Scams are designed to trick you into giving away your money or your personal details. Scams come to you in many forms – by mail, ,
Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
Phishing Scams use spoofed emails and websites as lures to prompt people to voluntarily hand over sensitive information Phishing emails may contain.

Phishing Scams use spoofed s and websites as lures to prompt people to voluntarily hand over sensitive information Phishing s may contain.
Keeping Your Identity Your Own Amy Ginther, Project NEThics Coordinator OIT Town Meeting August 24, 2005.

Keeping Your Identity Your Own Amy Ginther, Project NEThics Coordinator OIT Town Meeting August 24, 2005.
© 2005 Convio, Inc. NTEN Webinar: Protecting your organization and donors from online scams February 23, 2006.

© 2005 Convio, Inc. NTEN Webinar: Protecting your organization and donors from online scams February 23, 2006.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,

Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
1 Phishing the Open Net Lure 101 Zane Brys, Nicholas Bingell,and Omar Heniene.

1 Phishing the Open Net Lure 101 Zane Brys, Nicholas Bingell,and Omar Heniene.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Similar presentations

Ads by Google