Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing Scams How to Spot A Phising Scam? Kim Settle and Tara Moody CIS 2010 July 11, 2005.

Published byNoah Andrews Modified over 10 years ago

Similar presentations

Presentation on theme: "Phishing Scams How to Spot A Phising Scam? Kim Settle and Tara Moody CIS 2010 July 11, 2005."— Presentation transcript:

1

2 Phishing Scams How to Spot A Phising Scam? Kim Settle and Tara Moody CIS 2010 July 11, 2005

3 The News The News Phishing scams seen surging this year, Monday June 20,FromMSN!News(http://it.asia1.com.sg/newsdaily/ne ws001_20050618.html). Phishing scams seen surging this year, Monday June 20,FromMSN!News(http://it.asia1.com.sg/newsdaily/ne ws001_20050618.html). Phishing Costs Nearly $1 Billion, Friday, June 24,2005FromMSN!News(http://informationweek.com/st ory/showartice.jhtml?articleID=164902704). Phishing Costs Nearly $1 Billion, Friday, June 24,2005FromMSN!News(http://informationweek.com/st ory/showartice.jhtml?articleID=164902704).

4 News Summary Identity theft is the fastest growing crime in the world. Phishing scams are electronic form of Identity Theft. This crime has the potential to slow done the electronic commerce because the Internet is birthplace of the next victim or phish. Identity theft is the fastest growing crime in the world. Phishing scams are electronic form of Identity Theft. This crime has the potential to slow done the electronic commerce because the Internet is birthplace of the next victim or phish. The phishing scam is a sophisticated form of spam e- mail that retrieves your personal information to commit criminal activities by phishers,scammers or hackers. It so sophisticated because the phishing scam is sent to million of victims at the same time. The phishing scam is a sophisticated form of spam e- mail that retrieves your personal information to commit criminal activities by phishers,scammers or hackers. It so sophisticated because the phishing scam is sent to million of victims at the same time. According to Federal Trade Commission, Direct economic losses in the United States totaled over $574 million in 2004. According to Federal Trade Commission, Direct economic losses in the United States totaled over $574 million in 2004.

5 News Summary News Summary Anyone with an e-mail address is at risk of being phished. Anyone with an e-mail address is at risk of being phished. According to poll conducted by Gartner, during the past 12 months that ended in May, 73 million Americans adults received an average of more than 50 phishing e-mails. The number was 28% higher than the previous, when 57 million Americans were targeted According to poll conducted by Gartner, during the past 12 months that ended in May, 73 million Americans adults received an average of more than 50 phishing e-mails. The number was 28% higher than the previous, when 57 million Americans were targeted America Online is identifying and blocking phishing mail from reaching its members mailboxes. On March 31, 2005, Microsoft filed 117 federal lawsuits in U.S. District Court for Western District of Washington,which accuse John Doe of phishing. America Online is identifying and blocking phishing mail from reaching its members mailboxes. On March 31, 2005, Microsoft filed 117 federal lawsuits in U.S. District Court for Western District of Washington,which accuse John Doe of phishing. Democrat Senator Patrick Leahy introduced the Anti- Phishing Act of 2005 on March 1, 2005. The federal bill proposes that criminal who create fake Websites and spam bogus e-mails be fined up to $250,000 and have jail term up to 5 years. Democrat Senator Patrick Leahy introduced the Anti- Phishing Act of 2005 on March 1, 2005. The federal bill proposes that criminal who create fake Websites and spam bogus e-mails be fined up to $250,000 and have jail term up to 5 years.

6 Background Information The original form of hacking was known as phreaking. The original form of hacking was known as phreaking. Ph is a common hacker replacement for f Ph is a common hacker replacement for f Phreaking was coined by the first hacker, John Draper (aka Captain Crunch) Phreaking was coined by the first hacker, John Draper (aka Captain Crunch) John invented phreaking by creating the infamous Blue Box. John invented phreaking by creating the infamous Blue Box. Blue Box, a device that was used to hack telephone systems in the early 1970s. Blue Box, a device that was used to hack telephone systems in the early 1970s.

7 What is Phising Scam? Phising is a scam and form of identify theft.It used by hackers or cyber-thief to steal your personal information. Phising is a scam and form of identify theft.It used by hackers or cyber-thief to steal your personal information. Sophisticated form of spam-email that could lead to theft of your credit card numbers, account information, or other personal data, which is the electronic form of Identity Theft. Sophisticated form of spam-email that could lead to theft of your credit card numbers, account information, or other personal data, which is the electronic form of Identity Theft. Phising comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who stole AOL accounts by scamming passwords from AOL user. Phising comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who stole AOL accounts by scamming passwords from AOL user.

8 How does Phishing Work? The scam artist sends out millions of e-mail messages that appears to be trustful website, like bank or credit card company. The e-mail messages, pop-up windows, and web links appear to be official and legitimate. The scam artist sends out millions of e-mail messages that appears to be trustful website, like bank or credit card company. The e-mail messages, pop-up windows, and web links appear to be official and legitimate. The copycat sites are also called spoofed websites. The copycat sites are also called spoofed websites. Once you are on the spoofed" sites, you will unknowingly sending personal information to phishers, hackers, con artist, scammers, or cyber thieves, which use your information to purchase items or perform criminal activities. Once you are on the spoofed" sites, you will unknowingly sending personal information to phishers, hackers, con artist, scammers, or cyber thieves, which use your information to purchase items or perform criminal activities.

9 Phishing Methods Four Common Phishing Methods The victim responds, by return email, to a fraudulent account verification or account update request letter from the phisher. The victim responds, by return email, to a fraudulent account verification or account update request letter from the phisher. The victim fills out an email form (an HTML-based submission form, in the phishers email message), which forward the victims input to the criminals email/website address. The victim fills out an email form (an HTML-based submission form, in the phishers email message), which forward the victims input to the criminals email/website address. The victim clicks on a website link in an email, that leads to the phishers website, rather than legitimate site. Victim know for this scam: FBI (hoax website-20030 The victim clicks on a website link in an email, that leads to the phishers website, rather than legitimate site. Victim know for this scam: FBI (hoax website-20030 The phisher intentionally alters Uniform Resource Locator (URL) the name of well-known website by adding, omitting, or transposing letters. For example, the URL www.MICROSOFT.COM appears as: www.micosoft.com,www.mircosoft.com,www.verify- microsoft.com. The phisher intentionally alters Uniform Resource Locator (URL) the name of well-known website by adding, omitting, or transposing letters. For example, the URL www.MICROSOFT.COM appears as: www.micosoft.com,www.mircosoft.com,www.verify- microsoft.com. www.MICROSOFT.COM appears as: www.micosoft.com,www.mircosoft.com,www.verify- microsoft.com www.MICROSOFT.COM appears as: www.micosoft.com,www.mircosoft.com,www.verify- microsoft.com Companies that have been known to be victims of this scam include: AOL, IRS, MSN, Earthlink, Yahoo, Paypal,eBay, BestBuy, DiscoverCard, Bank of America, and Providian. Companies that have been known to be victims of this scam include: AOL, IRS, MSN, Earthlink, Yahoo, Paypal,eBay, BestBuy, DiscoverCard, Bank of America, and Providian.

10 What Does a Phishing Scam Look Like? 1. The From Field appears to be from legitimate company in the e- mail. 2. The e-mail usually contain logos or images that have been taken form the authentic company website. 3. The e-mail will contain a clickable link with text suggesting you to use the inserted link to validate your information. 4. The hyperlink is highlighted, the bottom left screen shows the real Website address to go to. Note: the hyperlink does NOT point to the legitimate Citibank Web site URL. From : Citibank<alert@citibank.com To: JohnD1@student.gsu.edu JohnD1@student.gsu.edu Subject: Citibank Alerting Service Citi Dear Citibank Customer: We were unable to process the recent transactions on your account. To ensure that your account is not suspended, please update your clicking here or click onto www.citibank.com/secure. If you have recently updated your information, please disregard this message as we are processing the changes you have made. Citibank Customer Service Source:http:www.webopedia.com/DidYouKnow/Internet/2005/phishing.asp

11 How to Prevent Phishing 1. Avoid filling out forms in e-mail messages that ask for personal information. 2. Phiser e-mails are NOT personalized. Valid e-mails from your bank or e-commerce company use your correct name. 3. Never click on any link to a bank, eBay, or other merchants via e-mail. Open a browser and type in the URL. 4. Do not used number listed in e- mail. Look-up institution in phone book and call yourself. 5. Do click on attachments 6. Run and update on a regular basis anti-virus and anti-spyware applications and firewall and privacy protection software. 7. Phishers send upsetting or exciting but (false) statement in their e- mails to get an immediately response. 8. Do not store PINS on your computer. Invest in cross-cutter shredder and pour bleach in the bag. 9. Regularly check your bank and credit statements. 10. Order and Review your credit reports (www.FreeAnnualreport.com

12 Discussion Q: What was the first website to be phished? Q: What was the first website to be phished? A: AOL A: AOL Q: What is the first program well-know for phishing AOL? Q: What is the first program well-know for phishing AOL? A:AOHELL A:AOHELL Why do you feel that there such as increase in phising attacks? Why do you feel that there such as increase in phising attacks? Who should be responsible for preventing or slowing down phising scams? Note: AOL is first server to prevent phishing to their account holders. Bank of America is second--photos. Who should be responsible for preventing or slowing down phising scams? Note: AOL is first server to prevent phishing to their account holders. Bank of America is second--photos. Q: If you receive a e-mail message from your bank indicating that dear accountholder you are overdrawn on your checking account by $347.58 for check that bounced. You do not remember writing a check for this amount. What do you do? Q: If you receive a e-mail message from your bank indicating that dear accountholder you are overdrawn on your checking account by $347.58 for check that bounced. You do not remember writing a check for this amount. What do you do? A: Call the bank. If you do anything else, you have been phished. A: Call the bank. If you do anything else, you have been phished.

13 Resources/References www.mircosoft.com/athome/security/email/ph ising.mspx www.mircosoft.com/athome/security/email/ph ising.mspx www.mircosoft.com/athome/security/email/ph ising.mspx www.mircosoft.com/athome/security/email/ph ising.mspx www.webopedia.com/DidYouKnow/Internet/2 005/phising.asp www.webopedia.com/DidYouKnow/Internet/2 005/phising.asp www.webopedia.com/DidYouKnow/Internet/2 005/phising.asp www.webopedia.com/DidYouKnow/Internet/2 005/phising.asp www.crimedoctor.com/phising_scam.htm www.crimedoctor.com/phising_scam.htm www.crimedoctor.com/phising_scam.htm http://en.wikipedia.org/wiki/Phising http://en.wikipedia.org/wiki/Phising http://en.wikipedia.org/wiki/Phising www.windowsecurity.com/articles/Avoid- Phising.html www.windowsecurity.com/articles/Avoid- Phising.html

Download ppt "Phishing Scams How to Spot A Phising Scam? Kim Settle and Tara Moody CIS 2010 July 11, 2005."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Phishing Scams use spoofed emails and websites as lures to prompt people to voluntarily hand over sensitive information Phishing emails may contain.

Phishing Scams use spoofed s and websites as lures to prompt people to voluntarily hand over sensitive information Phishing s may contain.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Personal Identity Theft in the Web-based Business World Presenter – Rick Weatherspoon Xtreme Computing, LLC.

Personal Identity Theft in the Web-based Business World Presenter – Rick Weatherspoon Xtreme Computing, LLC.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?

Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,

Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
DO YOU LOVE FISHING “PHISHING” ? OR Global Wealth Management Group MORGAN STANLEY & SMITH BARNEY A term used to describe fraudulent attempts to steal.

DO YOU LOVE FISHING “PHISHING” ? OR Global Wealth Management Group MORGAN STANLEY & SMITH BARNEY A term used to describe fraudulent attempts to steal.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Phishing into the Future Starr Alexander Sugato Bose Annie Chanchaisri Philip Fort David Salley Allen Walker Thomas Witnauer.

Phishing into the Future Starr Alexander Sugato Bose Annie Chanchaisri Philip Fort David Salley Allen Walker Thomas Witnauer.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
1 Phishing the Open Net Lure 101 Zane Brys, Nicholas Bingell,and Omar Heniene.

1 Phishing the Open Net Lure 101 Zane Brys, Nicholas Bingell,and Omar Heniene.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Similar presentations

Ads by Google