Presentation is loading. Please wait.

Presentation is loading. Please wait.

Teaching you NOT to fall for Phish

Published byUtami Oesman Modified over 5 years ago

Similar presentations

Presentation on theme: "Teaching you NOT to fall for Phish"— Presentation transcript:

1 Teaching you NOT to fall for Phish
Carnegie Mellon Beth Cueni

2 Internet addiction People do get addicted to the Internet
What are the signs?

3 Fighting Cybercrime View these images. Only one is an actual web site. How can you tell?

4 Password Protection Number of Characters Possible Combinations Human
Computer 1 36 3 minutes seconds 2 1,300 2 hours seconds 3 47,000 3 days .02 seconds 4 1,700,000 3 months 1 second 5 60,000,000 10 years 30 seconds 10 3,700,000,000,000,000 580 million years 59 years Possible characters A-Z and 0-9 Human discovery assumes 1 try every 10 seconds Computer discovery assumes one million tries per second Average time assumes the password would be discovered in approx half the time it would take to try all possible combinations

5 Characteristics of Phish scams
Sense of urgency No specific person signs the Links do not take you to a valid address Dear eBay member – they should know your name!

6 Phishing Works 73 millions US adults received more than 50 phishing s each year in the year 2005 3.6 million adults lost 3.2 billion dollars in phishing attacks in 2007 Financial institutions and the military are also victims

7 Why phishing works Phishers take advantage of Internet users; trust in legitimate organizations Lack of computer and security knowledge People do not protect themselves

8 Anti-phishing strategies (What industry is doing)
Silently eliminate the threat Find and take down the phishing sites Detect and delete phishing s Warn users about the threat Anti phishing toolbars and web browsers feature (IE 7.0 and Firefox) Train users not to fall for attacks

9 Users education is challenging
Users are not motivated to learn about security Security is a secondary task

10 Web Site Training Lab study – 28 non-expert computer users
Evaluate 10 sites Take a break (read training material or play games) Evaluate 10 more sites People who read the training material identified phishing sites better

11 PhishGuru http://phishguru.org/
YouTube

12 Students are most vulnerable
Students more likely to fall for phish than staff 18-25 age group were consistently more vulnerable to phishing attacks

13 Wombat Security Purchased the Anti Phishing game from Carnegie Mellon and is now using it to train others

14 Play the game!

Download ppt "Teaching you NOT to fall for Phish"

Similar presentations

Norman M. Sadeh, Ph.D. Smart Phone Security & Privacy: What Should We Teach Our Users …and How? Professor, School of Computer Science Director, Mobile.

Norman M. Sadeh, Ph.D. Smart Phone Security & Privacy: What Should We Teach Our Users …and How? Professor, School of Computer Science Director, Mobile.
Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.

Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.
Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.

Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.

C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Internet Security Awareness Presenter: Royce Wilkerson.

Internet Security Awareness Presenter: Royce Wilkerson.
Ethical Hacking by Shivam.

Ethical Hacking by Shivam.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Course Overview January 16, 2007.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Course Overview January 16, 2007.
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.

Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Discovering Computers 2010

Discovering Computers 2010
How It Applies In A Virtual World

How It Applies In A Virtual World
INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.

Similar presentations

Ads by Google