Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing into the Future Starr Alexander Sugato Bose Annie Chanchaisri Philip Fort David Salley Allen Walker Thomas Witnauer.

Similar presentations


Presentation on theme: "Phishing into the Future Starr Alexander Sugato Bose Annie Chanchaisri Philip Fort David Salley Allen Walker Thomas Witnauer."— Presentation transcript:

1 Phishing into the Future Starr Alexander Sugato Bose Annie Chanchaisri Philip Fort David Salley Allen Walker Thomas Witnauer

2 What is Phishing? Originates in the analogy that internet scammers use e-mail lures to fish for passwords and financial data from the sea of internet users.

3 What is Phishing?  Web page code is copied from a major site  Replica page, that appears to be part of the companies’ site, is set up  A fake e-mail is sent out with a link to this site  Sends financial data or password to scammer  Leaves user on a company web site

4 The History  A form of social engineering attack  Term was coined in 1996 by hackers  May have been used even earlier in “2600” (hacker newsletter)

5 Earliest citation: “It used to be that you could make a fake account on AOL so long as you had a credit card generator. However, AOL became smart. Now they verify every card with a bank after it is typed in. Does anyone know of a way to get an account other than phishing?” - mk590, “AOL for free?”, alt.2600, January 28, 1996. The History

6 Phishing is not a new concept  A type of scam that has been around for years  Predates computers  Called social engineering The History

7 Underlying concept of spoofing users into revealing sensitive information is not new  Password capturing via fake login prompts is a basic hacker trick for years  Hackers did it over the phone for years Phishing

8 Phone Phreaking  First form of hacking  Used a “blue box” that emitted tones that allowed a hacker to control phone switches  Made long distance calls billed to someone else’s account  Possibly the origin of the “PH” in phishing

9 Navigating the Frontier: Where Frauds Are 1.Online Investment Newsletters 2.Online Bulletin Boards 3.Email Spams

10 Country of Origin Company% of Attacks United States32.07% Republic of Korea15.39% France6.55% China6.40% United Kingdom4.06% Germany3.85% Spain3.81% Japan3.05% Italy2.48% * by message count - CipherTrust, 2004

11 Top 10 Tricks Used in Phishing 1.Mimic Reputable Companies 2.Use Different Reply Address From the Claimed Sender 3.Create a Plausible Premise 4.Require a Quick Response 5.Promise Security and/or Privacy 6.Collect Information in the E-mail 7.Link to Web Sites That Gather Information 8.Fake a Secure Connection 9.Process Submitted Information Immediately 10.Buy Time to Access Accounts - MailFrontier, Inc. 2004

12 Other Forms of Hacking Slamming  Switching a customer from one long distance carrier to another without permission Web Cramming  A person or business accepts an offer for a free website, only to be charged a monthly fee on their phone bill Identity Theft  The use of personal authentication information (i.e. name, social security, etc.) to commit fraud by opening credit card accounts, ordering checks, etc.

13 Consumer Confidence  28% of consumers identified fraudulent e-mails as legitimate according to a study by Mail Frontier Inc.  50% of consumers thought a legitimate Federal Trade Commission e-mail was fraudulent  20% of consumers identified a legitimate PayPal “payment received” e-mail as fraud  31% fell for a fraudulent PayPal e-mail that had been reported about widely.

14 Consumer Confidence  These statistics indicate the success rate of phishing to fool people  It is inhibiting the effectiveness of e-mail as a form of communication to the consumer  If consumers cannot correctly identify a legitimate e-mail, they may ignore all business related e-mails  Many fraudulent websites are hosted through international computers  15% in Republic of Korea, 6% in China, and 6% in France  Criminals may be located in different location than the computer

15 Consumer Confidence  International locations make it more difficult to shut down due to time zone and language barriers  Average life span of fraudulent websites is 2.25 days  Phishing is the fastest growing scam according to Barbara Span of First Data  Phishing has gone from no complaints a year ago to #4 of the list with the National Consumer League

16 Percentage of Corporate Phishing Victims Company% of Attacks Citibank54.16% Smith Barney13.48% Suntrust10.02% PayPal7.57% Wells Fargo5.42% HSBC5.07% eBay4.15% USBank0.11% CitizensBank0.014% - CipherTrust, 2004

17 Software Solutions 1.Symantec  The Online Fraud Management Solution 2.SMS based security  SSL/TLS channel

18 Existing Federal Laws  No Existing Law solely devoted to Phishing.  Existing federal laws do criminalize phishing - but mainly after a consumer has already been defrauded.  Such laws include the laws against wire fraud, identity theft, credit card fraud, computer fraud, CAN SPAM Act, and a number of trade laws.  The Identity Theft Penalty Enhancement Act, (ITPEA) establishes a new crime of "aggravated identity theft“. Convictions for aggravated identity theft - including phishing -- would carry a mandatory two-year prison sentence.

19 The Anti-Phishing Act  Bill introduced to senate by Senator Patrick Leahy on July 9, 2004.  It targets the entire scam, all the way from sending the e-mail to creating fraudulent sites.  It averts free speech issues by exempting parodies and political speech (via email or on websites) from its reach.  It stipulates that the perpetrator must have the specific criminal purpose of committing a crime of fraud or identity theft.

20 Strengths of the Act  It criminalizes the bait - not just successful phishing.  It makes it illegal to knowingly send out spoofed email that links to sham websites, with the intention of committing a crime.  It criminalizes the operation of the sham websites that are the locus of the wrongdoing.  If the bill were to become law, then each and every element of the scam would become a felony subject to five years in prison and/or a fine up to $250,000.

21 Tips to Protect Yourself from Phishing Scam 1.Never Click on Hyperlinks within Emails 2.Use Anti-Spam Filter Software 3.Use Anti-Virus Software 4.Use a Personal Firewall 5.Keep Software Updated (Operating Systems & Browsers 6.Always Look for “https” and “padlock” on site that request personal information 7.Keep Your Computer Clean From Spyware 8.Educate Yourself on Fraudulent Activity on the Internet 9.Check Your Credit Report Immediately, for Free 10.Seek Advice if you’re Unsure

22 What To Do If You Are A Victim  For financial concerns close accounts immediately and call your institution  For SSN concerns, again call your bank  Clear yourself of responsibility  Check your credit report  Contact FTC

23 MailFrontier Phishing IQ Test II http://survey.mailfrontier.com/survey/quiztest.html

24 Questions???


Download ppt "Phishing into the Future Starr Alexander Sugato Bose Annie Chanchaisri Philip Fort David Salley Allen Walker Thomas Witnauer."

Similar presentations


Ads by Google