Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity theft vector of the electronic age

Published byMargaretMargaret Hudson Modified over 6 years ago

Similar presentations

Presentation on theme: "Identity theft vector of the electronic age"— Presentation transcript:

1 Identity theft vector of the electronic age
Phishing Identity theft vector of the electronic age

2 What is Phishing? Phishing is defined as an attempt to get personal data through masquerading as a trusted source through an electronic media Many common sources are: Government agencies Large Corporations Help/Service desks

3 A Phishing tale The “PH” in Phishing is a reference to the term phreak, and early term for hackers These types of scams began surfacing around 1995 with the expansion of the internet The term “Phishing” was first recorded on Jan in a Usenet newsgroup on AOL AOL, as America’s largest internet provider of the 90’s was the testing and breeding ground of Phishing techniques The “warez” community are the people who traffic in this type of data Phishing Spoof-sites began appearing in time frame with the rise of eCommerce

4 12 Common Methods Email/Spam Key Loggers Web Delivery Session Hacking
Bulk s asking users to send data with promises of rewards Key Loggers An application that captures every key stroke and sends it off Web Delivery Sniffing valid web traffic for user data Session Hacking Accessing a web session on the user side. Instant Message A link sent from a compromised account to contacts System reconfiguration An attempt to get a user to compromise a system by reducing it’s protections. Trojan Applications Automated processes sending data from compromised machines Content Injection This is adding content to a valid website that then takes you away from that site for nefarious purposes Link Manipulation A difference between link text, and the actual link Search Phishing Injecting malicious websites into common search results Phone Phishing A call directing a user to a phishing site Malware Phishing Usually comes in the form of an attachment in and is a delivery mechanism for malicious code

5 There are a lot of phish in the sea How they make their money…
s sent 1,000,000 Percent filtered by SPAM filters 95% (5% success on total – 50,000) Percentage who open the mail 10% (.5% success on total – 5,000) Percentage who read the mail and click though 10% (.05% success on total - 500) Percentage who fill out the form and fall for the attack 10% (.005% success on total - 50) Revenue generated per Phish $1,800 Phishing revenue generated 50 * $1800 = $90,000 Phishing creates $1.5 Billion a year (in 2012) in global losses, and there are nearly ½ million unique attacks a year

6 Phishing at CWU It’s happening all the time!
is the most common delivery method here at CWU. On a daily basis we average 1.5 as much SPAM as “good” . forms (80% of Phishing attempts at CWU) Mostly “classic” money schemes Used to generate cash, and while it has an extremely low success rate, it is enough to keep them coming. Link Manipulation (20% of Phishing attempts at CWU) Usually username and account phishing Used to generate “the next wave” of accounts to send from This model is used to avoid account spam filtering from known SPAM accounts Malware and Trojans (<1%) Averages a dozen (12) mails a day

7 Things to watch for: The “To:” field The “From:” field Links
The “To:” field in many phishing s is left blank.  This is because a phisher uses a compromised account to send an , and instead of obviously sending an to 50 users from different organizations, they use the BCC to prevent you notifying all the other potential victims, and tipping their hand that this is not to a homogenous group of recipients. The “From:” field In an IT Scam, it will come from someone NOT in your IT org, and likely not at the university at all! In a money Phishing scheme, these will often not match at all FBI (Director) James Comey Jr. Links Look for links that use “Click Here” or other generic terms to hide the link path. Links that lead to a site other than the organization they are pretending to be.  Often generis sub-sites, or foreign sites ending in a 2 letter country suffix like “.ru”, “.hu”, or “.ch” Spelling and Grammar Most Phishing attempts are initiated in countries where English is not a primary language.  As such, s are fraught with grammatical and spelling errors.  See the examples below. Generic IT terms Phishing attempts use terms like “Web-Mail” or “Help Desk” so they don’t need to specialize to individual organizations.  While some more sophisticated attacks will include certain levels of detail, they are always clear upon scrutiny.

Download ppt "Identity theft vector of the electronic age"

Similar presentations

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Surrey Public Library Electronic Classrooms Email Essentials.

Surrey Public Library Electronic Classrooms Essentials.
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.

Hey check out this cool PHISHING presentation! Benjamin Ross Lyerly.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
1 Phishing the Open Net Lure 101 Zane Brys, Nicholas Bingell,and Omar Heniene.

1 Phishing the Open Net Lure 101 Zane Brys, Nicholas Bingell,and Omar Heniene.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Quiz Review.

Quiz Review.
ICASAS206A Detect and protect from spam and destructive software Identify and Stop Spam Warren Toomey North Coast TAFE Port Macquarie campus.

ICASAS206A Detect and protect from spam and destructive software Identify and Stop Spam Warren Toomey North Coast TAFE Port Macquarie campus.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber Crimes.

Cyber Crimes.
P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.

P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.
Matthew Hardaway CSCI101 Thursday 3:30pm.  Fishing (Encyclopedia Britannica): ◦ Sport of catching fish—freshwater or saltwater— typically with rod, line,

Matthew Hardaway CSCI101 Thursday 3:30pm.  Fishing (Encyclopedia Britannica): ◦ Sport of catching fish—freshwater or saltwater— typically with rod, line,
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Scams & Schemes Common Sense Media.

Scams & Schemes Common Sense Media.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Similar presentations

Ads by Google