Botnets The Current Threat Landscape

1
Welcome to the National Webcast Initiative
Phishing How to Avoid Getting Hooked
Thursday, October 9, 2008 (200pm 300pm
Eastern)
Live Meeting Technical Support US/Canada
866-493-2825 or 800-893-8779Live Meeting
Technical Support International 1 971-544-3222
2
Connect to Audio via Telephone

• Reminder In order to access the audio portion of
  todays webcast, you need to dial into the
  toll-free number.
• Phone lines will open beginning at 145pm
  Eastern
• US/Canada participants 866-450-8367 or
  877-317-6701
• Participant/Guest Code  1450971
• International participants 1-412-317-6701
  Participant/Guest Code  1450971 Please
  Note   The International number is not toll-free
• You will hear hold music until your event begins.

Live Meeting Technical Support US/Canada
866-493-2825 or 800-893-8779Live Meeting
Technical Support International 1 971-544-3222
3
To Give Feedback or Ask for Help
If you need help, please change your seat color
to purple and expect a 1 to 1 chat for assistance
Live Meeting Technical Support US/Canada
866-493-2825 or 800-893-8779Live Meeting
Technical Support International 1 971-544-3222
4
To View Your Slides at Full Screen
To view the webcast in full screen select F5 or
click on the full screen icon on the bottom
right-hand side of the console. To return to
the default panel layout, select F5
Live Meeting Technical Support US/Canada
866-493-2825 or 800-893-8779Live Meeting
Technical Support International 1 971-544-3222
5
To Ask a Question
You may use the Ask a Question feature at any
time during the webcast.
To ask a question click into the floating QA
panel that appears and type your question. Once
youve entered your question, click the Ask
button.
Live Meeting Technical Support US/Canada
866-493-2825 or 800-893-8779Live Meeting
Technical Support International 1 971-544-3222
6
Polling Survey Slides
Please vote by clicking on the colored box that
corresponds to your answer.
Live Meeting Technical Support US/Canada
866-493-2825 or 800-893-8779Live Meeting
Technical Support International 1 971-544-3222
7
National Webcast Initiative
Phishing
Thursday, October 9, 2008 200pm 300pm Eastern
8
October is National Cyber Security Awareness
Month!
For more information - visit
www.msisac.org
www.staysafeonline.org
www.us-cert.gov
9
What is Phishing?
William F. Pelgrin

• Phishing scams continue to proliferate at
  alarming rates and are becoming more and more
  difficult to detect.
• We can expect to see more types of phishing
  attacks purporting to come from banks and other
  financial institutions.

10
Polling Slide

• Have you been a victim of a phishing scam
• Yes
• No
• Not Sure

11
Special Guest

• Hun Kim
• Director Online Fraud Detection and
  PreventionInternal Revenue ServiceOffice of
  Privacy, Information Protection Data Security

12
Special Guest

• Cornelius Tate
• Director National Cyber Security DivisionU.S.
  Department of Homeland Security

13
Webcast Presenter
Mischel Kwon Director United States Computer
Emergency Readiness Team National Cyber Security
Division U.S. Department of Homeland Security
14
Webcast Presenter
Michael Kaiser Executive Director National Cyber
Security Alliance (NCSA)
15
Special Guest

• Hun Kim
• Director Online Fraud Detection and
  PreventionInternal Revenue ServiceOffice of
  Privacy, Information Protection Data Security

16
Phishing
Hun Kim

• increasing threats of online fraud
• Identity theft
• phishing updates
• outreach and awareness

17
Special Guest

• Cornelius Tate
• Director National Cyber Security DivisionU.S.
  Department of Homeland Security

18
Webcast Presenter
Mischel Kwon Director United States Computer
Emergency Readiness Team National Cyber Security
Division U.S. Department of Homeland Security
19
Phishing Examples
e-Commerce
Social Networks
Source www.about.com
Source www.badphisher.com
20
Phishing Examples
Online Banking
Utility Accounts
Source www.about.com
Source www.charter.com
21
Free Phishing Education Tools
To assist in educating users, organizations are
encouraged to visit OnGuardOnline and grab the
Phishy videos and games to provide on their
Websites
Source www.OnGuardOnline.gov
Source www.OnGuardOnline.gov
22
Polling Slide

• Which country hosts the most phishing sites?
• China
• Russia
• United States
• Estonia

23
Polling slide

• What is the longest amount of time a phishing
  site stays up
• One year
• Six months
• Thirty days
• Forever

24
Phishing Statistics

• According to the Anti-phishing Working Group
• United States remains the top country hosting
  phishing sites
• Financial Services is the most targeted
  industry sector for phishing scams
• Longest amount of time a phishing site stays up
  is 30 days
• Crime-ware spreading URLs infecting PCs with
  password stealing code rose 337 from Q1, 2007 to
  Q1, 2008

• According to PhishTank.com
• Total of verified phishing sites 351,796
• Total of current online phishing sites 4,071
• Total of current offline phishing sites
  347,725
• US-CERT had 50,717 phishing reports in FY 2008

25
How to Prevent Phishing

• Protect your email address by not publishing it
  in public forums (i.e., conferences, websites,
  etc.)
• Do not provide personal information or
  information about your organization, including
  its structure or networks, unless you are certain
  of a person's authority to have the information
• Install and maintain anti-virus software,
  firewalls, and email filters to reduce some of
  this traffic
• Configure email client for security
• Update your operating system with the latest
  patches as soon as they appear
• Never open attachments or click on links from
  unsolicited email messages
• Make sure you are using a secure website (HTTPS)
  and check the digital certificates
• Always type the URL yourself instead of following
  a link
• Learn email policies of organizations you do
  business with
• Regularly check your accounts and statements and
  immediately report any abuse
• Use common sense!

26
Results of Successful Phishing Attacks

• Identity Theft
• Installation of Malware on victims
  computer/mobile phone (e.g., Asprox Botnet)
• Denial of access to email and user accounts
• Modification of DNS server settings

27
Anti-phishing Group (http//www.antiphishing.org/)

• The Anti-Phishing Working Group (APWG) is the
  global pan-industrial and law enforcement
  association focused on eliminating the fraud and
  identity theft that result from phishing,
  pharming and email spoofing of all types.
• 3000 members
• 1700 companies agencies worldwide
• 9 of the top 10 US banks
• The top 5 US ISPs
• Hundreds of technology vendors
• National provincial law enforcement worldwide

28
Reporting Phishing Scams

• US-CERT (www.us-cert.gov/nav/report_phishing.html)
  
• Anti-Phishing Working Group (reportphishing_at_antiph
  ishing.org)
• FTC (spam_at_uce.gov)

29
Resources

• US-CERT (www.us-cert.gov)
• MS-ISAC (www.msisac.org)
• National Cyber Security Alliance
  (www.staysafeonline.org)
• Anti-Phishing Working Group Phishing Archive
  (http//www.antiphishing.org/phishing_archive/phis
  hing_archive.html)
• OnGuard Online (www.OnGuardOnline.gov)
• FTC Consumer Alert 12 Scams Most Likely To
  Arrive Via Bulk Email (http//www.ftc.gov/opa/1998
  /07/dozen.shtm)

30
Resources

• FTC Consumer Alert How Not to Get Hooked by a
  Phishing Scam (http//www.ftc.gov/bcp/edu/pubs/c
  onsumer/alerts/alt127.shtm)
• Recognize and avoid fraudulent email to Microsoft
  customers (http//www.microsoft.com/protect/yourse
  lf/phishing/msemail.mspx)
• United States Secret Service Advance Fee Fraud
  Advisory (http//www.secretservice.gov/faq.shtmlf
  aq13)

31
National Cyber Security Alliance (NCSA)
Michael Kaiser Executive Director michael_at_staysafe
online.org 202-756-2278
32
NCSA Mission

• The National Cyber Security Alliance is a
  501(c)(3) organization. Through collaboration
  with the government, corporate, academic and
  non-profit sectors, the mission of the NCSA is to
  create a culture of cyber security and safety
  awareness by providing the knowledge and tools
  necessary to prevent cyber crimes and attacks.

33
NCSAs Target Audiences

• Home Users
• Small Business
• K-12 (students, educators, schools
  administrators)
• Non-profits
• Higher Education (students, faculty
  administrators)

34
Stakeholders

• Government
• Academic
• Non-profits
• Consumers
• International

35
Phishing/Spoofing

• Phishing attempting to acquire sensitive
  personal information --passwords and credit card
  details -- via email by masquerading as a
  trustworthy source.
• Spoofing e-mail appears as though the e-mail
  originated from a different source. Spoof email
  is how cyber criminals Phish

36
Who is vulnerable?

• Consumer
• Big business
• Small business
• All of us

37
Crime is opportunistic

• Criminals are cutting edge
• Criminals exploit not only technology but human
  nature
• Seek immediate action
• Cause panic or fear
• Building confidence is key
• Realistic emails websites
• Content that seems legitimate
• Criminals count on us to not be informed

38
Phishing is something old and something new

• Fraud has been around a long time
• The Internet gives criminals more velocity, a
  broader reach, and easy access

39
Polling slide

• Do you have anti-virus on your computerand keep
  it updated?
• Yes
• No
• Not sure

40
Polling slide

• Do you have a firewall on your computer?
• Yes
• No
• Not sure

41
Keep up your defenses and hone your instincts

• Have the three core protections
• Antivirus
• Antispyware
• Firewall
• Use email filters
• Ask
• Who
• What
• Why

42
W W WWho-What-Why

• WHO has sent the email?
• WHAT are they asking for?
• WHY do they need it?

43
Who is asking?

• Where did this email come from (spoofs can be
  hard to tell from the real thing)?
• How is it addressed? Some sites use your real
  user name or real name. Phishers are casting a
  wider, more sophisticated net.
• Is this a company or organization you actually do
  business with?

44
What are they asking for?

• What is the email requesting?
• Password
• Account information
• Log on
• Other personal information
• Immediate action

45
Why would they need it?

• Does your bank need your name and password to
  access your account?
• Does the information request seem legitimate
  based on the transaction?
• Is this typical communication for this business?

46
What can we do

• Use browsers or toolbars that scan for phishing
  sites or indicate you are on a safe site.
• Report Phishing
• to your ISP
• to the institution being spoofed
• US-CERT www.uscert.gov
• Keep informed
• Never click through a link
• When in doubt close the email and browser
• open a new browser, type in the URL and log on to
  your account or call the institution

47
Whos Involved

• Anti-Phishing Working Group (www.apwg.org)
• Corporations
• Government
• Consumers

48
Polling slide

• Whats the single most important protection
  against phishing
• Antivirus
• Firewalls
• Awareness
• Filters

49
Questions and Answers ?
50
Mark Your CalendarUpcoming 2008 National Webcasts

• Wednesday, December 17, 2008 Securing a
  Multi-Tiered Environment
• Registration will be available at
  http//www.msisac.org
• Broadcast will take place from 200-300pm
  Eastern

51
Thank you for participating

• This concludes todays webcast. Please remain
  online to answer a few polling questions.
• The archive of todays session will be available
  at http//www.msisac.org

52
Polling QuestionHow are you participating in
today's webcast?

• Individually
• In a group setting with lt 5 people
• In a group setting with 6 - 10 people
• In a group setting with 11 - 20 people
• In a group setting with 21 - 40 people
• In a group setting with gt 40 people

53
Polling Slide

• Did you find today's webcast useful in helping to
  advance your knowledge on Phishing?
• Yes
• No- Please explain using the Questions and
  Answers Tool

54
Polling Slide

• How did you learn about today's webcast?
• From the MS-ISAC
• From DHS/NCSD
• From Your Organization
• From the Internet
• From NYS CSCIC
• From NYS FORUM
• Other - Please explain using the Questions and
  Answers Tool

55
Phishing
National Webcast Initiative
October 9, 2008
Thank You!