PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

Slides:

Advertisements

Similar presentations

THE DHS PHISHING IQ TEST PART 2 LEGITIMATE V PHISHING How do you know if an is legitimate, or is a phony, phishing ? Take the.

Advertisements

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Victoria ISD Common Sense Media Grade 6: Scams and schemes

SECURITY CHECK Protecting Your System and Yourself Source:

What is identity theft, and how can you protect yourself from it?

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Internet Phishing Not the kind of Fishing you are used to.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

AND SPAM BY OLUWATOBI BAKARE

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

How It Applies In A Virtual World

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Issues Raised by ICT.

Security Issues: Phishing, Pharming, and Spam

Scams & Schemes Common Sense Media.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

People use the internet more and more these days so it is very important that we make sure everyone is safe and knows what can happen and how to prevent.

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.

BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)

The Internet. 2 So what is the internet? The internet is global network that connects most of the world’s personal computers. The World Wide Web is a.

Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.

CCT355H5 F Presentation: Phishing November Jennifer Li.

About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.

How Phishing Works Prof. Vipul Chudasama.

SCAMS & SCHEMES PROTECTING YOUR IDENTITY. SCAMS WHAT IS A SCAM? ATTEMPT TO TRICK SOMEONE, USUALLY WITH THE INTENTION OF STEALING MONEY OR PRIVATE INFORMATION.

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

Topic 5: Basic Security.

Inappropriate Content Hackers Phishers Scammers Child Abusers Bullies.

What is Spam? d min.

Scams and Schemes Essential Question: What is identity theft, and how can you protect yourself from it?

A Matter of Your Personal Security Phishing Revised 11/30/15.

Activity 4 Catching Phish. Fishing If I went fishing what would I be doing? On the Internet fishing (phishing) is similar!

Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.

INTRODUCTION & QUESTIONS.

Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.

Safe Computing Practices. What is behind a cyber attack? 1.

How to manage your s Tips and tricks. Use Folders Folders are used to manage files in your hard disk drive. Similarly you can create folders in your.

Catching Phish. If I went fishing what would I be doing? On the Internet fishing (phishing) is similar! On the internet people might want to get your.

Identity Theft SS.8.FL.6.7 Evaluate social networking sites and other online activity from the perspective of making individuals vulnerable to harm caused.

Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.

Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.

Take the Quiz and find out more!

Done by… Hanoof Al-Khaldi Information Assurance

PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.

Learn how to protect yourself against common attacks

Lesson 3 Safe Computing.

Phishing, what you should know

Phishing is a form of social engineering that attempts to steal sensitive information.

Cybersecurity Awareness

Information Security Session October 24, 2005

What is it? Why do I keep getting from Barracuda? SPAM.

HOW DO I KEEP MY COMPUTER SAFE?

9 ways to avoid viruses and spyware

Security Hardening through Awareness August 2018

Social Engineering Humans are often the weakest point in security

What is Phishing? Pronounced “Fishing”

Presentation transcript:

PHISHING AND SPAM

INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank, a vendor, or other online site. Hopefully, you have realized that many of these s are not what they proclaim to be – they are not legitimate s, but “phishing.” 2014 DHS IT Security & Privacy Training 2

INTRODUCTION In other words, the sender of the s (phisher) wants you to click on a link in the and go to a fake website which you may think is the legitimate website. On the phishers’ website, they hope to obtain your user account and passwords, financial, credit, and/or identity information. They do this by asking you to enter passwords or other identifying information that unlocks your information; They do this by recording your keystrokes while you are visiting their website; and They do this by surreptitiously downloading malware on your computer while you are on their website DHS IT Security & Privacy Training 3

SOCIAL ENGINEERING “Phishing” is one form of social engineering. Social engineering is the practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security, either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The targets of social engineering may never realize they have been victimized DHS IT Security & Privacy Training 4

PHISHING Phishing uses messages that supposedly come from legitimate businesses you might have dealings with: Banks such as Bank of America or Citibank; Online organizations such as eBay or PayPal; Internet service providers such as AOL, MSN, or Yahoo; Online retailers such as Best Buy; and insurance agencies. The messages may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages DHS IT Security & Privacy Training 5

PHISHING Typically, phishers ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes. Identity theft is the name of the game. And because these s look so official, up to 20% of unsuspecting recipients may respond to them, resulting in financial losses, identity theft and other fraudulent activity DHS IT Security & Privacy Training 6

HOW DO YOU KNOW IF IT'S REAL OR FAKE? 2014 DHS IT Security & Privacy Training 7 Fake  Often contains a generic greeting (it does not call you by name, but as “customer,” “friend,” etc.).  Often claims your personal information has been corrupted, lost, or has expired.  Directs you to a real-looking but counterfeit web site. Almost every company that has your personal information will have a policy that forbids the company from sending attachments or pop-up windows asking for personal information from you and its other customers.

WHAT TO DO WITH A SUSPECT DHS IT Security & Privacy Training 8 If you get an requesting private information:  Verify it really came from where it says before giving out any information.  Call the sender and verify the is authentic.  Delete the . If it is important, the sender will send it again.

SPAM V PHISHING Not every junk or spam is a phishing . The word "Spam" as applied to means "Unsolicited Bulk ". Unsolicited means the recipient has not granted permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having essentially identical content. A message is spam only if it is both unsolicited and bulk. Unsolicited is normal such as first contact enquiries, job enquiries, sales enquiries, etc. Bulk is normal such as subscriber newsletters, customer communications, discussion lists DHS IT Security & Privacy Training 9

SPAM V PHISHING So, spam is unsolicited , usually from someone trying to sell something. The difference between spam and phishing s is that spammers do not attempt to acquire sensitive information DHS IT Security & Privacy Training 10

WHAT TO DO WITH SPAM If you use , you will get spam on your computer. DHS uses a spam filter called the User Quarantine Release that uses a formula to identify suspected of being spam and filters it out DHS IT Security & Privacy Training 11

USING THE USER QUARANTINE RELEASE The User Quarantine Release (UQR) is the DHS Outlook spam filter. It collects suspected to be spam. That does not go to your Outlook inbox. You will receive an auto-generated once a day or on days you have suspect notifying you of any message addressed to you that was quarantined because the system determined it might be spam. From within this notification, you may release messages that you believe are valid s. The UQR deletes the it holds after a 7 days. The next slide gives an example of what the UQR looks like DHS IT Security & Privacy Training 12

USING THE USER QUARANTINE RELEASE 2014 DHS IT Security & Privacy Training 13 Click here to approve or release .

WHAT TO DO WITH SPAM The best way to deal with spam is to delete it. You need to file a Security Incident Report for spam only if your DHS computer is being overrun by spam not being caught by the UQR. Receiving an occasional spam in your inbox does not need to be reported DHS IT Security & Privacy Training 14

DHS POLICY USAGE 2014 DHS IT Security & Privacy Training 15 A User:  Accepts responsibility for any created by that user, and for revisions in messages that are forwarded or replied to.  Accepts responsibility for any he or she stores or saves.  Does not have responsibility for messages received but not created by the user as long as those messages are deleted, not stored, from the user’s mailbox. These are the primary guidelines of the policy:

DHS POLICY USAGE 2014 DHS IT Security & Privacy Training 16  Inappropriately modifying an message or printing inappropriate has negative consequences.  Evidence of misuse of the system may result in termination of access to the DHS network without notice.  DHS cannot guarantee protection from containing viruses, worms, or malicious attachments. Suspicious should be reported on the IT Security Incident Report form.