Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing Rising to the challenge Amy Marasco Microsoft.

Published byShanon Carson Modified over 8 years ago

Similar presentations

Presentation on theme: "Phishing Rising to the challenge Amy Marasco Microsoft."— Presentation transcript:

1 Phishing Rising to the challenge Amy Marasco Microsoft

2 How Phishing attacks work Branded email message that looks like it comes from a familiar business Request you to login in to your account to validate account details URL that points to fake site, even though the text may look real. Fake site, branded to look just like the real one. Phishing site takes your username and password and then uses them to defraud you.

3 Threats to Online Safety The Internet was built without a way to know who and what you are connecting to Internet services have one-off “workarounds” Inadvertently taught people to be phished Greater use and greater value attract professional international criminal fringe Exploit weaknesses in patchwork Phishing and pharming at 1000% CAGR Missing an “Identity layer” No simplistic solution is realistic Most people re-use username and passwords on multiple sites

4 Phishing & Phraud New Phishing Sites by Month December 2004 – December 2005 Dec 04 Jan Feb Mar Apr MayJunJul Aug Sep Oct Nov Dec 05 7,197 4,630 4,367 5,242 5,259 4,564 4,280 3,326 2,854 2,870 2,625 2,560 1,707 Source: http://www.antiphishing.orghttp://www.antiphishing.org

5 Need Layered Defense Stop users clicking on URL’s in phishing email Detect phishing sites and when possible prevent users clicking on them Work with the industry to move away from username and passwords as authentication mechanism

6 Improvements to Outlook 12 Improved junk email filters No longer click on URL’s on emails in the junk email folder

7 Improvements in IE7 Phishing Filter: comprehensive anti-phishing service Warns if site exhibits suspicious behavior Blocks known phishing sites Instant protection via page scan and online service High Assurance Certs: accountability for secure sites Much higher bar for granting certificates Clear identification that site has stronger certificate Industry-wide initiative

8 InfoCard Simple user abstraction for digital identity For managing collections of claims For managing keys for sign-in and other uses Grounded in real-world metaphor of physical cards Government ID card, driver’s license, credit card, membership card, etc… Self-issued cards signed by user Managed cards signed by external authority Based on series of WS* specifications Shipping in WinFX Runs on Windows Vista, XP, and Server 2003 Implemented as protected subsystem

9 Summary This is an industry wide problem which we can only solve together. We need co-operation of all major sites to implement High Assurance Certificates and InfoCard

Download ppt "Phishing Rising to the challenge Amy Marasco Microsoft."

Similar presentations

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Line Efficiency     Percentage Month Today’s Date

Line Efficiency     Percentage Month Today’s Date
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.

With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
STAY SAFE ONLINE. STAY SAFE ONLINE! PLEASE MAKE SURE YOU LOGIN AT THE CORRECT BANK URL / ADDRESS 1.NEVER LOGIN VIA EMAIL LINKS 2.NEVER REVEAL YOUR PIN.

STAY SAFE ONLINE. STAY SAFE ONLINE! PLEASE MAKE SURE YOU LOGIN AT THE CORRECT BANK URL / ADDRESS 1.NEVER LOGIN VIA LINKS 2.NEVER REVEAL YOUR PIN.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
A Claims Based Identity System Steve Plank Identity Architect Microsoft UK.

A Claims Based Identity System Steve Plank Identity Architect Microsoft UK.

Similar presentations

Ads by Google