Phishing into the Future Starr Alexander Sugato Bose Annie Chanchaisri Philip Fort David Salley Allen Walker Thomas Witnauer.

Slides:



Advertisements
Similar presentations
Phishing Scams How to Spot A Phising Scam? Kim Settle and Tara Moody CIS 2010 July 11, 2005.
Advertisements

Victoria ISD Common Sense Media Grade 6: Scams and schemes
Protecting Your Identity: What to Know, What to Do.
1 Identity Theft and Phishing: What You Need to Know.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
What is identity theft, and how can you protect yourself from it?
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
8 Mistakes That Expose You to Online Fraud to Online Fraud.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
DO YOU LOVE FISHING “PHISHING” ? OR Global Wealth Management Group MORGAN STANLEY & SMITH BARNEY A term used to describe fraudulent attempts to steal.
Starter for 10 Unit 3: Stay safe online Transform IT SFT03_stay_safe_online.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
1 Phishing the Open Net Lure 101 Zane Brys, Nicholas Bingell,and Omar Heniene.
CMU Usable Privacy and Security Laboratory A Brief History of Semantic Attacks or How Not to Get Screwed Online Serge Egelman.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Internet Fraud By: Noelle Woodman.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Issues: Phishing, Pharming, and Spam
Beware! Consumer Fraud Module 9.1.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber Crimes.
FRAUD, ONE OF THE FASTEST GROWING SEGMENTS OF OUR INDUSTRY Joseph Bajic, Chief Compliance Officer and Vice-President, Compliance.
Scams & Schemes Common Sense Media.
IT security By Tilly Gerlack.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Information Security Sharon Welna Information Security Officer.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
How Phishing Works Prof. Vipul Chudasama.
SCAMS & SCHEMES PROTECTING YOUR IDENTITY. SCAMS WHAT IS A SCAM? ATTEMPT TO TRICK SOMEONE, USUALLY WITH THE INTENTION OF STEALING MONEY OR PRIVATE INFORMATION.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Protecting Yourself from Fraud including Identity Theft Advanced Level.
Scams and Schemes Essential Question: What is identity theft, and how can you protect yourself from it?
Alert against Online Shopping Frauds. Online Shopping A form of electronic commerce whereby consumers directly buy goods or services from a seller over.
Identity Theft What is it, is identity theft really a problem, how can I protect myself, what do I do if my Identity is stolen.
Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Protecting Yourself from Fraud including Identity Theft Advanced Level.
Extra Credit Presentation: Allegra Earl CSCI 101 T 3:30.
Unit Five Your Money – Keeping It Safe and Secure Identity Theft Part II Resource: NEFE High School Financial Planning Program.
WHAT IS IDENTITY THEFT?  Identity thieves take your personal information and use it to harm you in various ways, including these:  User names, passwords,
Presented By: Jennifer Thayer, SPHR, SHRM-SCP.  Identify CyberCrime and Types  Identify Steps to Take to Prevent Identity Theft  Learn Tips and Tricks.
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Dr. Harold Cothern, Educause/SonicWall, Hendra Harianto Tuty, Microsoft.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
Objectives Define phishing and identify various types of phishing scams Recognize common baiting tactics used in phishing scams Examine real phishing messages.
To Know what Cyber crime is
Learn how to protect yourself against common attacks
IT Security  .
Digital Citizenship Middle School
Information Security and Privacy Pertaining to Phishing and Internet Scams Brian Corl COSC 316 Information Security and Privacy.
Phishing is a form of social engineering that attempts to steal sensitive information.
Information Security Session October 24, 2005
Protecting Yourself from Fraud including Identity Theft
Protecting Yourself from Fraud including Identity Theft
What is Phishing? Pronounced “Fishing”
Protecting Yourself from Fraud including Identity Theft
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
Presentation transcript:

Phishing into the Future Starr Alexander Sugato Bose Annie Chanchaisri Philip Fort David Salley Allen Walker Thomas Witnauer

What is Phishing? Originates in the analogy that internet scammers use lures to fish for passwords and financial data from the sea of internet users.

What is Phishing?  Web page code is copied from a major site  Replica page, that appears to be part of the companies’ site, is set up  A fake is sent out with a link to this site  Sends financial data or password to scammer  Leaves user on a company web site

The History  A form of social engineering attack  Term was coined in 1996 by hackers  May have been used even earlier in “2600” (hacker newsletter)

Earliest citation: “It used to be that you could make a fake account on AOL so long as you had a credit card generator. However, AOL became smart. Now they verify every card with a bank after it is typed in. Does anyone know of a way to get an account other than phishing?” - mk590, “AOL for free?”, alt.2600, January 28, The History

Phishing is not a new concept  A type of scam that has been around for years  Predates computers  Called social engineering The History

Underlying concept of spoofing users into revealing sensitive information is not new  Password capturing via fake login prompts is a basic hacker trick for years  Hackers did it over the phone for years Phishing

Phone Phreaking  First form of hacking  Used a “blue box” that emitted tones that allowed a hacker to control phone switches  Made long distance calls billed to someone else’s account  Possibly the origin of the “PH” in phishing

Navigating the Frontier: Where Frauds Are 1.Online Investment Newsletters 2.Online Bulletin Boards 3. Spams

Country of Origin Company% of Attacks United States32.07% Republic of Korea15.39% France6.55% China6.40% United Kingdom4.06% Germany3.85% Spain3.81% Japan3.05% Italy2.48% * by message count - CipherTrust, 2004

Top 10 Tricks Used in Phishing 1.Mimic Reputable Companies 2.Use Different Reply Address From the Claimed Sender 3.Create a Plausible Premise 4.Require a Quick Response 5.Promise Security and/or Privacy 6.Collect Information in the 7.Link to Web Sites That Gather Information 8.Fake a Secure Connection 9.Process Submitted Information Immediately 10.Buy Time to Access Accounts - MailFrontier, Inc. 2004

Other Forms of Hacking Slamming  Switching a customer from one long distance carrier to another without permission Web Cramming  A person or business accepts an offer for a free website, only to be charged a monthly fee on their phone bill Identity Theft  The use of personal authentication information (i.e. name, social security, etc.) to commit fraud by opening credit card accounts, ordering checks, etc.

Consumer Confidence  28% of consumers identified fraudulent s as legitimate according to a study by Mail Frontier Inc.  50% of consumers thought a legitimate Federal Trade Commission was fraudulent  20% of consumers identified a legitimate PayPal “payment received” as fraud  31% fell for a fraudulent PayPal that had been reported about widely.

Consumer Confidence  These statistics indicate the success rate of phishing to fool people  It is inhibiting the effectiveness of as a form of communication to the consumer  If consumers cannot correctly identify a legitimate , they may ignore all business related s  Many fraudulent websites are hosted through international computers  15% in Republic of Korea, 6% in China, and 6% in France  Criminals may be located in different location than the computer

Consumer Confidence  International locations make it more difficult to shut down due to time zone and language barriers  Average life span of fraudulent websites is 2.25 days  Phishing is the fastest growing scam according to Barbara Span of First Data  Phishing has gone from no complaints a year ago to #4 of the list with the National Consumer League

Percentage of Corporate Phishing Victims Company% of Attacks Citibank54.16% Smith Barney13.48% Suntrust10.02% PayPal7.57% Wells Fargo5.42% HSBC5.07% eBay4.15% USBank0.11% CitizensBank0.014% - CipherTrust, 2004

Software Solutions 1.Symantec  The Online Fraud Management Solution 2.SMS based security  SSL/TLS channel

Existing Federal Laws  No Existing Law solely devoted to Phishing.  Existing federal laws do criminalize phishing - but mainly after a consumer has already been defrauded.  Such laws include the laws against wire fraud, identity theft, credit card fraud, computer fraud, CAN SPAM Act, and a number of trade laws.  The Identity Theft Penalty Enhancement Act, (ITPEA) establishes a new crime of "aggravated identity theft“. Convictions for aggravated identity theft - including phishing -- would carry a mandatory two-year prison sentence.

The Anti-Phishing Act  Bill introduced to senate by Senator Patrick Leahy on July 9,  It targets the entire scam, all the way from sending the to creating fraudulent sites.  It averts free speech issues by exempting parodies and political speech (via or on websites) from its reach.  It stipulates that the perpetrator must have the specific criminal purpose of committing a crime of fraud or identity theft.

Strengths of the Act  It criminalizes the bait - not just successful phishing.  It makes it illegal to knowingly send out spoofed that links to sham websites, with the intention of committing a crime.  It criminalizes the operation of the sham websites that are the locus of the wrongdoing.  If the bill were to become law, then each and every element of the scam would become a felony subject to five years in prison and/or a fine up to $250,000.

Tips to Protect Yourself from Phishing Scam 1.Never Click on Hyperlinks within s 2.Use Anti-Spam Filter Software 3.Use Anti-Virus Software 4.Use a Personal Firewall 5.Keep Software Updated (Operating Systems & Browsers 6.Always Look for “https” and “padlock” on site that request personal information 7.Keep Your Computer Clean From Spyware 8.Educate Yourself on Fraudulent Activity on the Internet 9.Check Your Credit Report Immediately, for Free 10.Seek Advice if you’re Unsure

What To Do If You Are A Victim  For financial concerns close accounts immediately and call your institution  For SSN concerns, again call your bank  Clear yourself of responsibility  Check your credit report  Contact FTC

MailFrontier Phishing IQ Test II

Questions???

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.