1. Phishing and Internet Scams

2. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam emails Possible losses Prevention techniques

3. Important Scam Definitions Phishing- An online scam in which the perpetrator sends out a large number of legitimate looking e- mails that appear to come from respected companies (such as banks, credit card companies, etc.) with the intent of "fishing" for personal and financial information from the recipient. These e-mails are falsely claiming to be the respected company who needs the user's information to update their files, when in fact, it is an attempt to scam the user into surrendering private information that will later be used for identity theft. (Netlingo)

4. Important Scam Definitions Spear Phishing- an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing is a specific attack against a certain company or organization. (whatis) Spoofing- the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. (whatis)

5. PhishTank.com’s Month Overview

6. Why is phishing so dangerous? Emails and websites can be convincing or hard to distinguish from the real company Uses pictures and websites from existing companies Can sometimes link to the real website to seem even more realistic Email address seems legitimate

7. Common Phishing Tactics and Identifiers Reply emails are requested to be sent to a different address Reason for the information request Account information is outdated Account has been selected for varification Limited time threats Threats of discontinued service or deactivated accounts Security Statement Assure the victim that the company can be trusted with the requested information Use of the TRUSTe symbol to fake legitimacy (even though this symbol is supposed to be displayed to show email security) Information Collection Link to a site that requires information be submitted Request for an email reply with information included

8. Common Phishing Tactics and Identifiers Fake links or hidden destinations Links that take you to a different destination than stated in the email Using the IP address of the website, which can be modified even farther by representing it in a different format (hex,oct) The @ Symbol and Hexadecimal Commands When used in http or https, all text before the @ becomes ignored @ can be concealed even further by using %40, which is it’s hexadecimal representation Putting a null (%00) in front of the @ will sometimes hide the real destination, giving only the user info tag

9. Fake Link Examples http://account.earthlink.com Actual link address Stated link addres

10. Fake Link Examples onMouseOver modification https://www.pa ypal.com/cgi-bin/webscr?cmd=_login-run Typed Address onMouseOver Address Actual Address

11. Phishing Email Examples

12. Possible Losses/Criminal Targets Personal Social Security Number Credit Card Numbers Bank Accounts Private Information Businesses Credibility Money Customer Information Employee Information Private Documents

13. Prevention Techniques, Methods, and Advancements Businesses should have policies on what information should never be given out Ex: passwords, usernames, important files Most businesses will never ask you to give out your private information in an email Contact the company by phone if unsure about an email Do not give personal information out in an email Programs and communities are being developed to fight against phishing

14. Overview Important definitions and statistics Why phishing is so dangerous What makes up a phishing attack Examples Losses and preventions