SlideShare a Scribd company logo

Email phishing and countermeasures

Jorge Sebastiao
Jorge Sebastiao

Protection against email phishing, identity theft and associated countermeasures.

BusinessTechnology
1 of 43
Email Phishing and Countermeasures Email Security jorge.sebastiao@its.ws
May 2006 – Veterans Administration laptop with personal information on 26.5M veterans is stolen. “Total losses could top $500M.” – VA Secretary Nicholson Jan 2007- Hackers stole data from at least 45.7 million credit and debit cards at retailer T.J.Maxx – total costs could exceed $1.0B May 2006 – CIO, CSO fired Ohio University 137,000 student accounts compromised
Why Does This Happen? Firewall IDS Anti-Virus Attack
ATM is also a type of Phishing
Can you spot a “Social Engineer”? Phishing is Social Engineering
Social Engineering What is Social Engineering? “An attempt to influence a person into granting unauthorized access, unauthorized use or unauthorized disclosure of an information system, network or data. Modifying system configuration.” “How to blunt the socially engineered hack” by Michael Casper (http://www.computerworld.com/cwi/community/story/0,3201,NAV6 5-663_STO65473,00.html)
Social Engineering … 70 percent of those asked said they would reveal their computer passwords for a … Schrage, Michael. 2005. Retrieved from http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1 Bar of chocolate
Social Engineering Methods of Social Engineering Information Gathering Information Planting Email Scams Masquerading Dumpster-diving Help desk/Support areas Receptionist/Administrative areas Launching attack
Vulnerability in People Cause: A large growing population of internet illiterate users are using internet email and other user friendly applications. Threat: Illiteracy in how the internet works and its threats allows miscreants to attack a network or person through social engineering. This is the fastest growing method of hacking we have seen. Human nature is that people are trusting, even those things which may be false.
Social Engineering – Information Gathering Scenario #1 – YOU: How many of you have provided personal information online or over the phone to a vendor or service? Personal Information May Include Social Security Number (or just the last 4 digits) First, Middle, Last names – Maiden Name Mothers Maiden Name Address, Phone Number Email Address? Credit Card Number – CVV2 Code ATM PIN Code Passwords you may use elsewhere
Social Engineering – Information Gathering Scenario #1 - YOU: Was that information sent securely? Will it be shared with someone else? Was it compromised? Scenario #2 – SOMEONE ELSE: Have you ever asked for personal information and been offered that information freely or without much effort?
Social Engineering – Information Gathering Example: How many of you would provide personal information to someone who called you on the phone? Over the Internet? Social Engineering is an art, basically the art of listening and lying at the same time, while seemingly having a typical conversation. Read More: The Art of Deception – Kevin Mitnick
Social Engineering – Information Planting Scenario: You come back from lunch to find a Post-it note on your desk asking you to change a user password to something written on the Post- it Note.
ID Theft– New Way Phishing / Pharming Hijack/Skimming
On 7 October 2001. “Singer Britney Spears Killed in Car Accident”. Due to a bug in CNN’s software, when people at the spoofed site clicked on the “E-mail This” link, the real CNN system distributed a real CNN e-mail to recipients with a link to the spoofed page. With each click at the bogus site, the real site’s tally of most popular stories was incremented for the bogus story. Allegedly this hoax was started by a researcher who sent the spoofed story to three users of AOL’s Instant Messenger chat software. Within 12 hours more than 150,000 people had viewed the spoofed page. Social Engineering Example
Social Engineering Phishing
What is Phishing? “Fishing for personal information” Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. Anti-Phishing Working Group http://www.antiphishing.org/
Surge in phishing Based on the survey, 57 million Americans have been, or think they have been, the victim of a phishing attack. 30 million were positive, Out of that pool, 11 million fell for the scams or about 19% of those attacked. Almost 2 million, or about 3% of those attacked, reported that they'd actually divulged sensitive information eg. credit-card numbers, bank accounts, passwords, etc. Phishers have a one in 700 chance of getting caught. *Gartner Group
Social Engineering
Phishing New Threat
This is a Very Common Tactic used to Social Engineer personal information. Lets walk through a specific case Email Scams
Click on the Link and you get sent to the EBay Security Update Page… Or do you… Click Here and it takes you to Official EBay Help Not a Secure Website LETS SCROLL DOWN Email Scams
As we Scroll Down the Page we find out that it needs a lot of personal information to verify who you are. NEVER Give this Out to Anyone Online Just in case you mistyped your password above OK.. I can see how Ebay Might need this info… right ??? LETS SCROLL DOWN Just in case you thought this might be a scam… Email Scams
CVV2 Code and PIN Number to your bank account. Can’t Use the CreditCard Online without this!! If we clone your card, we might need this as well. Email Scams
Lets take a look at the email again… How many of you receive emails like this on a regular basis? Does it look Legit? Would it have fooled you? In this case, the whole message was actually an Image with the Image linked to the malicious site, while the link in the image shows up as something legitimate. Email Scams
What Companies are Doing AMERICAN EXPRESS - How to Contact American Express about Fraudulent E-Mails If you receive an e-mail that you believe could be fraudulent, immediately forward it to emailhoax@service.americanexpress.com. Please do not forward the e-mail as an attachment. Please note that any submissions to this email address will result in an auto- generated reply to notify you that we have received your e-mail. If we find it to be fraudulent, we will immediately take appropriate action. For consumers requiring additional assistance, please contact us at Contact American Express http://www10.americanexpress.com/sif/cda/page/0,1641,21372,00. asp
How to Detect Deception Publish your mail server addresses (to thwart spoofing) Educate customers (and employees) Establish online communication protocols Create a response plan now Proactively monitor for phishers and fraud Make yourself a difficult target http://www.cio.com/archive/090104/phish.html
Prevent Phishing from Fraud Watch Never click on hyperlinks Use Anti-SPAM filters Use Anti-Virus Software Use personal firewalls Keep all software updated Always look for https and sites that ask for “personal information” Keep computer clean from Spyware Know Fraudulent activity on the Internet Check your credit report immediately for free! If unsure, ask!
First Phishing – Now Ransomware  New generation of attack use of the internet attack for extortion "Ransomware".  Follow-up to: phishing, pharming attacks  It starts with hijacking or stealing user files, encrypting them (so the user loses access to vital information), then demanding payment in exchange for the decryption key.  So far theses attacks are quite rare but it brings a new dimension to the usage of the internet and a new generation of attacks.
Phishing – Variations  “Phishing”= social engineering – Who: Online scammers, posing as legitimate companies or your new best friend – Why: They want your sensitive information (credit-card, billing- routing, and Social Security numbers, among others)  “Pharming”= being diverted to a fake/spoofed website  “Spear phishing”= spoofed email that targets emails stolen from a company or organization
Phishing and Business Risks Privacy Legislative violations Financial loss Intellectual capital Litigation Public Image/Trust Business Risks
Credit Cards for Sale
36 Vendor Solutions abound Anti-spam Antivirus/ Anti-worm Anti-phishing Policy-based controls
37 1st Gen: “Look for stuff…” Subject contains “Viagra” 2nd Gen: “Look smarter” Text has “Viagra” & “Unsubscribe” 3rd Gen: “Go for Buzzwords” Bayesian Filter and Neural Nets 4th Gen: “Mix a Cocktail” You can’t fool all of the filters all of the time But threats get more sophisticated
38 Tradeoffs false positives vs false negatives Catch more emails, more false positives Catch less emails, fewer false positives FP FN
39 User Awareness to Avoid Phishing Caution: African shares $10 million… Banks never ask for account info, in an e-mail Don’t click on links suspicious e-mails Report suspicious e-mails D-E-L-E-T-E
Banking Technical Solutions
Anti-Phishing Laws -Identity Theft Penalty Enhancement Act -Aggregated Identity Theft - Defined as using a stolen identity to commit other crimes. -Mandatory sentencing of 2 years. Anti-Phishing Act of 2005 -Prohibits the use of a website/email to coerce others to divulge their personal information. -Penalties: 5 years, $250,000 fine. Effectiveness: Professionals vs. Amateurs
• FTC Identity Theft Website www.consumer.gov/idtheft • Anti-Phishing Working Group www.antiphishing.org • End ID Theft www.endidtheft.com Resources
Questions

Recommended

Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
PhishingBox
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Phishing
PhishingPhishing
Phishing
Alka Falwaria
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 

Recommended

Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
PhishingBox
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Phishing
PhishingPhishing
Phishing
Alka Falwaria
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
sourav newatia
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
sonalikharade3
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
BokangMalunga
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Muhammad Irfan
 
Phishing
PhishingPhishing
Phishing
shivli0769
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best Practices
Brian Huff
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Yosuke Sakai
 

More Related Content

What's hot

Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 

What's hot (20)

Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Phishing
PhishingPhishing
Phishing
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing
PhishingPhishing
Phishing
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Phishing
PhishingPhishing
Phishing
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 

Viewers also liked

Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Jeremiah Grossman
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hacking
polichen
 
Iis Security Programming Countermeasures
Iis Security Programming CountermeasuresIis Security Programming Countermeasures
Iis Security Programming Countermeasures
guestc27cd9
 
Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.
Marko Kovic
 
Designing Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows ThreatsDesigning Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows Threats
Darwish Ahmad
 
Google Hacking for Cryptographic Secrets
Google Hacking for Cryptographic SecretsGoogle Hacking for Cryptographic Secrets
Google Hacking for Cryptographic Secrets
Dr. Emin İslam Tatlı
 
Irregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData ProcessorsIrregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData Processors
Tokyo University of Science
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
Marco Morana
 
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
CODE BLUE
 

Viewers also liked (20)

Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best Practices
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction Design
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasures
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
Dstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous PathogensDstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous Pathogens
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
 
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hacking
 
VoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldVoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate World
 
Seminar Presentation
Seminar PresentationSeminar Presentation
Seminar Presentation
 
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and CountermeasuresBone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
 
Iis Security Programming Countermeasures
Iis Security Programming CountermeasuresIis Security Programming Countermeasures
Iis Security Programming Countermeasures
 
Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.
 
Return oriented programming
Return oriented programmingReturn oriented programming
Return oriented programming
 
Designing Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows ThreatsDesigning Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows Threats
 
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
 
Google Hacking for Cryptographic Secrets
Google Hacking for Cryptographic SecretsGoogle Hacking for Cryptographic Secrets
Google Hacking for Cryptographic Secrets
 
Irregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData ProcessorsIrregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData Processors
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
 
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
 

Similar to Email phishing and countermeasures

Cognitive hacking
Cognitive hackingCognitive hacking
Cognitive hacking
vishnu1236
 
WCCC Faculty Presentation
WCCC Faculty PresentationWCCC Faculty Presentation
WCCC Faculty Presentation
Ray Brannon
 

Similar to Email phishing and countermeasures (20)

Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival Guide
 
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best PracticesCyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Spam as social engineering presentation.
Spam as social engineering presentation.Spam as social engineering presentation.
Spam as social engineering presentation.
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionWhite Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
 
Social Engineering : To Err is Human...
Social Engineering : To Err is Human...Social Engineering : To Err is Human...
Social Engineering : To Err is Human...
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Cognitive hacking
Cognitive hackingCognitive hacking
Cognitive hacking
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
WCCC Faculty Presentation
WCCC Faculty PresentationWCCC Faculty Presentation
WCCC Faculty Presentation
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
THE CYBER WORLD.pptx
THE CYBER WORLD.pptxTHE CYBER WORLD.pptx
THE CYBER WORLD.pptx
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology
 
Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018
 
Unit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxUnit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptx
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 

More from Jorge Sebastiao

More from Jorge Sebastiao (20)

Real estate tokenization and blockchain
Real estate tokenization and blockchainReal estate tokenization and blockchain
Real estate tokenization and blockchain
 
Blockchain and covid19 v3
Blockchain and covid19 v3Blockchain and covid19 v3
Blockchain and covid19 v3
 
Top tech shapping startups
Top tech shapping startupsTop tech shapping startups
Top tech shapping startups
 
Blockchain and security v3
Blockchain and security v3Blockchain and security v3
Blockchain and security v3
 
The road to blockchain 5.0
The road to blockchain 5.0The road to blockchain 5.0
The road to blockchain 5.0
 
Cyber Warfare 4TH edition
Cyber Warfare 4TH editionCyber Warfare 4TH edition
Cyber Warfare 4TH edition
 
How AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart CityHow AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart City
 
Ai and traffic management application v1.0
Ai and traffic management application v1.0Ai and traffic management application v1.0
Ai and traffic management application v1.0
 
Practical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsPractical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threats
 
Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3
 
AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1
 
Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2
 
Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1
 
Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3
 
Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2
 
RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4
 
IGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance ForumIGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance Forum
 
ADIPEC physical and Infosec for Oil and Gas
ADIPEC physical and Infosec for Oil and GasADIPEC physical and Infosec for Oil and Gas
ADIPEC physical and Infosec for Oil and Gas
 
AVSEC are you flying cybersafe?
AVSEC are you flying cybersafe?AVSEC are you flying cybersafe?
AVSEC are you flying cybersafe?
 
Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7
 

Recently uploaded

Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
lizamodels9
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
dlhescort
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 

Recently uploaded (20)

Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 

Email phishing and countermeasures

  • 1. Email Phishing and Countermeasures Email Security jorge.sebastiao@its.ws
  • 2. May 2006 – Veterans Administration laptop with personal information on 26.5M veterans is stolen. “Total losses could top $500M.” – VA Secretary Nicholson Jan 2007- Hackers stole data from at least 45.7 million credit and debit cards at retailer T.J.Maxx – total costs could exceed $1.0B May 2006 – CIO, CSO fired Ohio University 137,000 student accounts compromised
  • 3. Why Does This Happen? Firewall IDS Anti-Virus Attack
  • 4. ATM is also a type of Phishing
  • 5. Can you spot a “Social Engineer”? Phishing is Social Engineering
  • 6. Social Engineering What is Social Engineering? “An attempt to influence a person into granting unauthorized access, unauthorized use or unauthorized disclosure of an information system, network or data. Modifying system configuration.” “How to blunt the socially engineered hack” by Michael Casper (http://www.computerworld.com/cwi/community/story/0,3201,NAV6 5-663_STO65473,00.html)
  • 7. Social Engineering … 70 percent of those asked said they would reveal their computer passwords for a … Schrage, Michael. 2005. Retrieved from http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1 Bar of chocolate
  • 8. Social Engineering Methods of Social Engineering Information Gathering Information Planting Email Scams Masquerading Dumpster-diving Help desk/Support areas Receptionist/Administrative areas Launching attack
  • 9. Vulnerability in People Cause: A large growing population of internet illiterate users are using internet email and other user friendly applications. Threat: Illiteracy in how the internet works and its threats allows miscreants to attack a network or person through social engineering. This is the fastest growing method of hacking we have seen. Human nature is that people are trusting, even those things which may be false.
  • 10. Social Engineering – Information Gathering Scenario #1 – YOU: How many of you have provided personal information online or over the phone to a vendor or service? Personal Information May Include Social Security Number (or just the last 4 digits) First, Middle, Last names – Maiden Name Mothers Maiden Name Address, Phone Number Email Address? Credit Card Number – CVV2 Code ATM PIN Code Passwords you may use elsewhere
  • 11. Social Engineering – Information Gathering Scenario #1 - YOU: Was that information sent securely? Will it be shared with someone else? Was it compromised? Scenario #2 – SOMEONE ELSE: Have you ever asked for personal information and been offered that information freely or without much effort?
  • 12. Social Engineering – Information Gathering Example: How many of you would provide personal information to someone who called you on the phone? Over the Internet? Social Engineering is an art, basically the art of listening and lying at the same time, while seemingly having a typical conversation. Read More: The Art of Deception – Kevin Mitnick
  • 13. Social Engineering – Information Planting Scenario: You come back from lunch to find a Post-it note on your desk asking you to change a user password to something written on the Post- it Note.
  • 14. ID Theft– New Way Phishing / Pharming Hijack/Skimming
  • 15. On 7 October 2001. “Singer Britney Spears Killed in Car Accident”. Due to a bug in CNN’s software, when people at the spoofed site clicked on the “E-mail This” link, the real CNN system distributed a real CNN e-mail to recipients with a link to the spoofed page. With each click at the bogus site, the real site’s tally of most popular stories was incremented for the bogus story. Allegedly this hoax was started by a researcher who sent the spoofed story to three users of AOL’s Instant Messenger chat software. Within 12 hours more than 150,000 people had viewed the spoofed page. Social Engineering Example
  • 17. What is Phishing? “Fishing for personal information” Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. Anti-Phishing Working Group http://www.antiphishing.org/
  • 18. Surge in phishing Based on the survey, 57 million Americans have been, or think they have been, the victim of a phishing attack. 30 million were positive, Out of that pool, 11 million fell for the scams or about 19% of those attacked. Almost 2 million, or about 3% of those attacked, reported that they'd actually divulged sensitive information eg. credit-card numbers, bank accounts, passwords, etc. Phishers have a one in 700 chance of getting caught. *Gartner Group
  • 21. This is a Very Common Tactic used to Social Engineer personal information. Lets walk through a specific case Email Scams
  • 22. Click on the Link and you get sent to the EBay Security Update Page… Or do you… Click Here and it takes you to Official EBay Help Not a Secure Website LETS SCROLL DOWN Email Scams
  • 23. As we Scroll Down the Page we find out that it needs a lot of personal information to verify who you are. NEVER Give this Out to Anyone Online Just in case you mistyped your password above OK.. I can see how Ebay Might need this info… right ??? LETS SCROLL DOWN Just in case you thought this might be a scam… Email Scams
  • 24. CVV2 Code and PIN Number to your bank account. Can’t Use the CreditCard Online without this!! If we clone your card, we might need this as well. Email Scams
  • 25. Lets take a look at the email again… How many of you receive emails like this on a regular basis? Does it look Legit? Would it have fooled you? In this case, the whole message was actually an Image with the Image linked to the malicious site, while the link in the image shows up as something legitimate. Email Scams
  • 26. What Companies are Doing AMERICAN EXPRESS - How to Contact American Express about Fraudulent E-Mails If you receive an e-mail that you believe could be fraudulent, immediately forward it to emailhoax@service.americanexpress.com. Please do not forward the e-mail as an attachment. Please note that any submissions to this email address will result in an auto- generated reply to notify you that we have received your e-mail. If we find it to be fraudulent, we will immediately take appropriate action. For consumers requiring additional assistance, please contact us at Contact American Express http://www10.americanexpress.com/sif/cda/page/0,1641,21372,00. asp
  • 27.
  • 28.
  • 29. How to Detect Deception Publish your mail server addresses (to thwart spoofing) Educate customers (and employees) Establish online communication protocols Create a response plan now Proactively monitor for phishers and fraud Make yourself a difficult target http://www.cio.com/archive/090104/phish.html
  • 30. Prevent Phishing from Fraud Watch Never click on hyperlinks Use Anti-SPAM filters Use Anti-Virus Software Use personal firewalls Keep all software updated Always look for https and sites that ask for “personal information” Keep computer clean from Spyware Know Fraudulent activity on the Internet Check your credit report immediately for free! If unsure, ask!
  • 31.
  • 32. First Phishing – Now Ransomware  New generation of attack use of the internet attack for extortion "Ransomware".  Follow-up to: phishing, pharming attacks  It starts with hijacking or stealing user files, encrypting them (so the user loses access to vital information), then demanding payment in exchange for the decryption key.  So far theses attacks are quite rare but it brings a new dimension to the usage of the internet and a new generation of attacks.
  • 33. Phishing – Variations  “Phishing”= social engineering – Who: Online scammers, posing as legitimate companies or your new best friend – Why: They want your sensitive information (credit-card, billing- routing, and Social Security numbers, among others)  “Pharming”= being diverted to a fake/spoofed website  “Spear phishing”= spoofed email that targets emails stolen from a company or organization
  • 34. Phishing and Business Risks Privacy Legislative violations Financial loss Intellectual capital Litigation Public Image/Trust Business Risks
  • 37. 37 1st Gen: “Look for stuff…” Subject contains “Viagra” 2nd Gen: “Look smarter” Text has “Viagra” & “Unsubscribe” 3rd Gen: “Go for Buzzwords” Bayesian Filter and Neural Nets 4th Gen: “Mix a Cocktail” You can’t fool all of the filters all of the time But threats get more sophisticated
  • 38. 38 Tradeoffs false positives vs false negatives Catch more emails, more false positives Catch less emails, fewer false positives FP FN
  • 39. 39 User Awareness to Avoid Phishing Caution: African shares $10 million… Banks never ask for account info, in an e-mail Don’t click on links suspicious e-mails Report suspicious e-mails D-E-L-E-T-E
  • 41. Anti-Phishing Laws -Identity Theft Penalty Enhancement Act -Aggregated Identity Theft - Defined as using a stolen identity to commit other crimes. -Mandatory sentencing of 2 years. Anti-Phishing Act of 2005 -Prohibits the use of a website/email to coerce others to divulge their personal information. -Penalties: 5 years, $250,000 fine. Effectiveness: Professionals vs. Amateurs
  • 42. • FTC Identity Theft Website www.consumer.gov/idtheft • Anti-Phishing Working Group www.antiphishing.org • End ID Theft www.endidtheft.com Resources