Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing Tales: Honestly, the problem is ‘this big’ Peter Black, Queensland University of Technology

Published byEmma Washington Modified over 9 years ago

Similar presentations

Presentation on theme: "Phishing Tales: Honestly, the problem is ‘this big’ Peter Black, Queensland University of Technology"— Presentation transcript:

1 Phishing Tales: Honestly, the problem is ‘this big’ Peter Black, Queensland University of Technology p2.black@qut.edu.au http://freedomtodiffer.typepad.com/

2 Outline 1. Phishing explained Definition Case studies Why the ‘ph’? 2. Growth of phishing 3. Australian legislation 4. US position 5. Difficulties with a legislative response 6. Other methods of combating phishing

3 1. Phishing explained Phishing is the creation and use of e-mails and websites in order to deceive internet users into disclosing their bank and financial account information or other personal data. Once this information is obtained, it then used to commit fraudulent acts.

4 Case study: Westpac Source: Anti-Phishing Working Group

5 Case study: Westpac Source: Anti-Phishing Working Group

6 Case study: Westpac Source: Anti-Phishing Working Group

7 Other targets: Internet services Source: Anti-Phishing Working Group

8 Other targets: Internet services Source: Anti-Phishing Working Group

9 Other targets: Online commerce sites Source: Anti-Phishing Working Group

10 Other targets: Online commerce sites Source: Anti-Phishing Working Group

11 Other targets: Online commerce sites Source: Anti-Phishing Working Group

12 Other targets: Search engines Source: millersmiles.co.uk: the web’s dedicated anti-phishing service

13 Charities: United Way Source: millersmiles.co.uk: the web’s dedicated anti-phishing service

14 Why phishing with a ‘ph’? The word ‘phishing’ is derived from the analogy that internet scammers use email lures to ‘fish’ for passwords and financial information from the ‘sea’ of internet users. The term was first used in 1996 by hackers attempting to steal America On-line (AOL) accounts.

15 2. Growth of phishing Source: Anti-Phishing Working Group: Phishing Activity Trends Report May 2006

16 Phishing sites hosting countries Source: Anti-Phishing Working Group: Phishing Activity Trends Report May 2006

17 Economic impact of phishing The dollar damage from phishing is substantial. Estimates of the loss to the consumer and online commerce being between: $500 million a year (Ponemon Institute 2004); and $2.4 billion in 2003 (Gartner 2004). Phishing also exacts a significant toll on individual consumers. See Jennifer Lynch, ‘Identity Theft in Cyberspace: Crime Control Methods and Their Effectiveness in Combating Phishing Attacks’(2005) 20 Berkeley Technology Law Journal 259 at 266-67.

18 3. Australian legislation Phishing could be criminally prosecuted under state legislation that deals with identity theft and fraud: Crimes Act 1958 (Vic): obtaining property by deception (s 81(1)), and obtaining financial advantage by deception (s 82); Crimes Act 1900 (NSW): obtaining money by deception (s 178BA), obtaining money by false or misleading statements (s 178BB), obtaining credit by fraud (s 178C), false pretences (s 179), and fraudulent personation (s 184); Criminal Code 1899 (Qld): misappropriation (s 408C); Criminal Code (WA): fraud (s 409(1));

19 Australian legislation continued … Criminal Code Act 1924 (Tas): dishonestly acquiring a financial advantage (s 252A(1)), and inserting false information on data (s 257E); Criminal Code 2002 (ACT): obtaining financial advantage by deception (s 332), and general dishonesty (s 333); Criminal Code (NT): criminal deception (s 227); Criminal Law Consolidation Act 1935 (SA): false identity (s 144B), and misuse of personal identification information (s 144C).

20 Criminal Code Act 1995 (Cth) Part 10.8 of the Criminal Code Act, s 480.4 provides: A person is guilty of an offence if the person: a) dishonestly obtains, or deals in, personal financial information; and b) obtains, or deals in, that information without the consent of the person to whom the information relates. Penalty:Imprisonment for 5 years.

21 Other relevant Commonwealth legislation 1. Spam Act 2003 (Cth); 2. Trade Practices Act 1974 (Cth); 3. Privacy Act 1988 (Cth); 4. Trade Marks Act 1995 (Cth).

22 4. US Position Federal offences: 1. Identity theft (18 U.S.C. 1028 (2000)); 2. Wire fraud (18 U.S.C. 1343 (2000 & Supp. II 2002)); 3. Access device fraud (18 U.S.C. 1029 (2002)); 4. Bank fraud (18 U.S.C. 1344 (2000)). Internet users are also protected by the: Truth in Lending Act (15 U.S.C. 1643(a)(1) (2000)); and Gramm-Leach-Bailey Act (15 U.S.C. 6821(b) (2000)).

23 US Position The Identity Theft Penalty Enchancement Act, enacted in 2004, established a new crime of ‘aggravated identity theft’ – using a stolen identity to commit other crimes. Most states have criminal and consumer protection laws that deal with identity theft. Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act), enacted in 2003.

24 Anti-Phishing Act of 2005 Anti-Phishing Act of 2005, a bill to create two new crimes that prohibit the creation or procurement of: 1. a website that represents itself to be that of a legitimate business, and that attempts to induce the victim to divulge personal information, with the intent to commit a crime of fraud or identity theft. 2. an email that represents itself to be that of a legitimate business, and that attempts to induce the victim to divulge personal information, with the intent to commit a crime of fraud or identity theft.

25 5. Difficulties with a legislative response 1. Phishing is difficult to deter as the normal barriers to offline crime do not apply. 2. Phishers are able to appear and disappear remarkably quickly, making their identification and prosecution difficult. 3. Jurisdictional issues. 4. Phishers are often found to be judgment proof.

26 6. Other methods of combating phishing Information security technology solutions: 1. Strong website authentication; 2. Mail server authentication,; 3. Digital signatures and/or gateway verification. Internet users should also use spam filters on email, anti-virus software and personal firewalls.

27 6. Other methods of combating phishing Internet users should look for signs that the email they have received is a phishing email: deceptive addresses; emails addressed to a generic name rather than a username; unsuspected requests for personal information; alarmist warnings; mistakes.

28 Conclusion Issue: legislation vs technology Professor Lawrence Lessig has argued that architecture or ‘code’ is better than traditional law in cyberspace because law regulates ‘through the threat of ex post sanction, while code, in constructing a social world, regulates immediately’. Lawrence Lessig, ‘The Constitution of Code: Limitations on Choice-Based Critiques of Cyberspace Regulation’, 5 CommLaw Conspectus 181, 184 (1997).

29 Conclusion As we wait for technological improvements, companies and consumers need to be aware of the phishing threat and use existing technology and common sense to reduce the instances of successful phishing attacks. If companies and consumers fail to respond, phishing will have caught us hook, line and sinker.

30 Creative Commons License This work is licensed under the Creative Commons Attribution-NonCommercial- ShareAlike 2.5 Australia License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc- sa/2.5/au/ or send a letter to Creative Commons, 543 Howard Street, 5 th Floor, San Francisco, California, 94105, USA.http://creativecommons.org/licenses/by-nc- sa/2.5/au/

Download ppt "Phishing Tales: Honestly, the problem is ‘this big’ Peter Black, Queensland University of Technology"

Similar presentations

Chapter 11: Computer Crime, Fraud, Ethics, and Privacy

Chapter 11: Computer Crime, Fraud, Ethics, and Privacy
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?

Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
By The Blank Mind Group Dana Fellows Jason Kohut Rick Barton Darrell Fraser Kuo-Luen Chang Darrell Fraser Kuo-Luen Chang.

By The Blank Mind Group Dana Fellows Jason Kohut Rick Barton Darrell Fraser Kuo-Luen Chang Darrell Fraser Kuo-Luen Chang.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Phishing into the Future Starr Alexander Sugato Bose Annie Chanchaisri Philip Fort David Salley Allen Walker Thomas Witnauer.

Phishing into the Future Starr Alexander Sugato Bose Annie Chanchaisri Philip Fort David Salley Allen Walker Thomas Witnauer.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Phishing, Pharming, and Spam Margaret StewartTuesday, Oct. 21, 2006.

Phishing, Pharming, and Spam Margaret StewartTuesday, Oct. 21, 2006.
Credit Card Fraud PRESENTED BY THE VIRGINIA OFFICE OF THE ATTORNEY GENERAL June 2013.

Credit Card Fraud PRESENTED BY THE VIRGINIA OFFICE OF THE ATTORNEY GENERAL June 2013.

Similar presentations

Ads by Google