Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing Scams How to Spot A Phising Scam? Kim Settle and Tara Moody CIS 2010 July 11, 2005.

Similar presentations


Presentation on theme: "Phishing Scams How to Spot A Phising Scam? Kim Settle and Tara Moody CIS 2010 July 11, 2005."— Presentation transcript:

1

2 Phishing Scams How to Spot A Phising Scam? Kim Settle and Tara Moody CIS 2010 July 11, 2005

3 The News The News Phishing scams seen surging this year, Monday June 20,FromMSN!News(http://it.asia1.com.sg/newsdaily/ne ws001_20050618.html). Phishing scams seen surging this year, Monday June 20,FromMSN!News(http://it.asia1.com.sg/newsdaily/ne ws001_20050618.html). Phishing Costs Nearly $1 Billion, Friday, June 24,2005FromMSN!News(http://informationweek.com/st ory/showartice.jhtml?articleID=164902704). Phishing Costs Nearly $1 Billion, Friday, June 24,2005FromMSN!News(http://informationweek.com/st ory/showartice.jhtml?articleID=164902704).

4 News Summary Identity theft is the fastest growing crime in the world. Phishing scams are electronic form of Identity Theft. This crime has the potential to slow done the electronic commerce because the Internet is birthplace of the next victim or phish. Identity theft is the fastest growing crime in the world. Phishing scams are electronic form of Identity Theft. This crime has the potential to slow done the electronic commerce because the Internet is birthplace of the next victim or phish. The phishing scam is a sophisticated form of spam e- mail that retrieves your personal information to commit criminal activities by phishers,scammers or hackers. It so sophisticated because the phishing scam is sent to million of victims at the same time. The phishing scam is a sophisticated form of spam e- mail that retrieves your personal information to commit criminal activities by phishers,scammers or hackers. It so sophisticated because the phishing scam is sent to million of victims at the same time. According to Federal Trade Commission, Direct economic losses in the United States totaled over $574 million in 2004. According to Federal Trade Commission, Direct economic losses in the United States totaled over $574 million in 2004.

5 News Summary News Summary Anyone with an e-mail address is at risk of being phished. Anyone with an e-mail address is at risk of being phished. According to poll conducted by Gartner, during the past 12 months that ended in May, 73 million Americans adults received an average of more than 50 phishing e-mails. The number was 28% higher than the previous, when 57 million Americans were targeted According to poll conducted by Gartner, during the past 12 months that ended in May, 73 million Americans adults received an average of more than 50 phishing e-mails. The number was 28% higher than the previous, when 57 million Americans were targeted America Online is identifying and blocking phishing mail from reaching its members mailboxes. On March 31, 2005, Microsoft filed 117 federal lawsuits in U.S. District Court for Western District of Washington,which accuse John Doe of phishing. America Online is identifying and blocking phishing mail from reaching its members mailboxes. On March 31, 2005, Microsoft filed 117 federal lawsuits in U.S. District Court for Western District of Washington,which accuse John Doe of phishing. Democrat Senator Patrick Leahy introduced the Anti- Phishing Act of 2005 on March 1, 2005. The federal bill proposes that criminal who create fake Websites and spam bogus e-mails be fined up to $250,000 and have jail term up to 5 years. Democrat Senator Patrick Leahy introduced the Anti- Phishing Act of 2005 on March 1, 2005. The federal bill proposes that criminal who create fake Websites and spam bogus e-mails be fined up to $250,000 and have jail term up to 5 years.

6 Background Information The original form of hacking was known as phreaking. The original form of hacking was known as phreaking. Ph is a common hacker replacement for f Ph is a common hacker replacement for f Phreaking was coined by the first hacker, John Draper (aka Captain Crunch) Phreaking was coined by the first hacker, John Draper (aka Captain Crunch) John invented phreaking by creating the infamous Blue Box. John invented phreaking by creating the infamous Blue Box. Blue Box, a device that was used to hack telephone systems in the early 1970s. Blue Box, a device that was used to hack telephone systems in the early 1970s.

7 What is Phising Scam? Phising is a scam and form of identify theft.It used by hackers or cyber-thief to steal your personal information. Phising is a scam and form of identify theft.It used by hackers or cyber-thief to steal your personal information. Sophisticated form of spam-email that could lead to theft of your credit card numbers, account information, or other personal data, which is the electronic form of Identity Theft. Sophisticated form of spam-email that could lead to theft of your credit card numbers, account information, or other personal data, which is the electronic form of Identity Theft. Phising comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who stole AOL accounts by scamming passwords from AOL user. Phising comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who stole AOL accounts by scamming passwords from AOL user.

8 How does Phishing Work? The scam artist sends out millions of e-mail messages that appears to be trustful website, like bank or credit card company. The e-mail messages, pop-up windows, and web links appear to be official and legitimate. The scam artist sends out millions of e-mail messages that appears to be trustful website, like bank or credit card company. The e-mail messages, pop-up windows, and web links appear to be official and legitimate. The copycat sites are also called spoofed websites. The copycat sites are also called spoofed websites. Once you are on the spoofed" sites, you will unknowingly sending personal information to phishers, hackers, con artist, scammers, or cyber thieves, which use your information to purchase items or perform criminal activities. Once you are on the spoofed" sites, you will unknowingly sending personal information to phishers, hackers, con artist, scammers, or cyber thieves, which use your information to purchase items or perform criminal activities.

9 Phishing Methods Four Common Phishing Methods The victim responds, by return email, to a fraudulent account verification or account update request letter from the phisher. The victim responds, by return email, to a fraudulent account verification or account update request letter from the phisher. The victim fills out an email form (an HTML-based submission form, in the phishers email message), which forward the victims input to the criminals email/website address. The victim fills out an email form (an HTML-based submission form, in the phishers email message), which forward the victims input to the criminals email/website address. The victim clicks on a website link in an email, that leads to the phishers website, rather than legitimate site. Victim know for this scam: FBI (hoax website-20030 The victim clicks on a website link in an email, that leads to the phishers website, rather than legitimate site. Victim know for this scam: FBI (hoax website-20030 The phisher intentionally alters Uniform Resource Locator (URL) the name of well-known website by adding, omitting, or transposing letters. For example, the URL www.MICROSOFT.COM appears as: www.micosoft.com,www.mircosoft.com,www.verify- microsoft.com. The phisher intentionally alters Uniform Resource Locator (URL) the name of well-known website by adding, omitting, or transposing letters. For example, the URL www.MICROSOFT.COM appears as: www.micosoft.com,www.mircosoft.com,www.verify- microsoft.com. www.MICROSOFT.COM appears as: www.micosoft.com,www.mircosoft.com,www.verify- microsoft.com www.MICROSOFT.COM appears as: www.micosoft.com,www.mircosoft.com,www.verify- microsoft.com Companies that have been known to be victims of this scam include: AOL, IRS, MSN, Earthlink, Yahoo, Paypal,eBay, BestBuy, DiscoverCard, Bank of America, and Providian. Companies that have been known to be victims of this scam include: AOL, IRS, MSN, Earthlink, Yahoo, Paypal,eBay, BestBuy, DiscoverCard, Bank of America, and Providian.

10 What Does a Phishing Scam Look Like? 1. The From Field appears to be from legitimate company in the e- mail. 2. The e-mail usually contain logos or images that have been taken form the authentic company website. 3. The e-mail will contain a clickable link with text suggesting you to use the inserted link to validate your information. 4. The hyperlink is highlighted, the bottom left screen shows the real Website address to go to. Note: the hyperlink does NOT point to the legitimate Citibank Web site URL. From : Citibank { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/2/694484/slides/slide_10.jpg", "name": "What Does a Phishing Scam Look Like. 1.", "description": "The From Field appears to be from legitimate company in the e- mail. 2. The e-mail usually contain logos or images that have been taken form the authentic company website. 3. The e-mail will contain a clickable link with text suggesting you to use the inserted link to validate your information. 4. The hyperlink is highlighted, the bottom left screen shows the real Website address to go to. Note: the hyperlink does NOT point to the legitimate Citibank Web site URL. From : Citibank

11 How to Prevent Phishing 1. Avoid filling out forms in e-mail messages that ask for personal information. 2. Phiser e-mails are NOT personalized. Valid e-mails from your bank or e-commerce company use your correct name. 3. Never click on any link to a bank, eBay, or other merchants via e-mail. Open a browser and type in the URL. 4. Do not used number listed in e- mail. Look-up institution in phone book and call yourself. 5. Do click on attachments 6. Run and update on a regular basis anti-virus and anti-spyware applications and firewall and privacy protection software. 7. Phishers send upsetting or exciting but (false) statement in their e- mails to get an immediately response. 8. Do not store PINS on your computer. Invest in cross-cutter shredder and pour bleach in the bag. 9. Regularly check your bank and credit statements. 10. Order and Review your credit reports (www.FreeAnnualreport.com

12 Discussion Q: What was the first website to be phished? Q: What was the first website to be phished? A: AOL A: AOL Q: What is the first program well-know for phishing AOL? Q: What is the first program well-know for phishing AOL? A:AOHELL A:AOHELL Why do you feel that there such as increase in phising attacks? Why do you feel that there such as increase in phising attacks? Who should be responsible for preventing or slowing down phising scams? Note: AOL is first server to prevent phishing to their account holders. Bank of America is second--photos. Who should be responsible for preventing or slowing down phising scams? Note: AOL is first server to prevent phishing to their account holders. Bank of America is second--photos. Q: If you receive a e-mail message from your bank indicating that dear accountholder you are overdrawn on your checking account by $347.58 for check that bounced. You do not remember writing a check for this amount. What do you do? Q: If you receive a e-mail message from your bank indicating that dear accountholder you are overdrawn on your checking account by $347.58 for check that bounced. You do not remember writing a check for this amount. What do you do? A: Call the bank. If you do anything else, you have been phished. A: Call the bank. If you do anything else, you have been phished.

13 Resources/References www.mircosoft.com/athome/security/email/ph ising.mspx www.mircosoft.com/athome/security/email/ph ising.mspx www.mircosoft.com/athome/security/email/ph ising.mspx www.mircosoft.com/athome/security/email/ph ising.mspx www.webopedia.com/DidYouKnow/Internet/2 005/phising.asp www.webopedia.com/DidYouKnow/Internet/2 005/phising.asp www.webopedia.com/DidYouKnow/Internet/2 005/phising.asp www.webopedia.com/DidYouKnow/Internet/2 005/phising.asp www.crimedoctor.com/phising_scam.htm www.crimedoctor.com/phising_scam.htm www.crimedoctor.com/phising_scam.htm http://en.wikipedia.org/wiki/Phising http://en.wikipedia.org/wiki/Phising http://en.wikipedia.org/wiki/Phising www.windowsecurity.com/articles/Avoid- Phising.html www.windowsecurity.com/articles/Avoid- Phising.html


Download ppt "Phishing Scams How to Spot A Phising Scam? Kim Settle and Tara Moody CIS 2010 July 11, 2005."

Similar presentations


Ads by Google