Phishing the Open Net - PowerPoint PPT Presentation

About This Presentation
Title:

Phishing the Open Net

Description:

Phishing the Open Net Lure 101 Zane Brys, Nicholas Bingell ,and Omar Heniene – PowerPoint PPT presentation

Number of Views:162
Avg rating:3.0/5.0
Slides: 26
Provided by: mmh70
Category:

less

Transcript and Presenter's Notes

Title: Phishing the Open Net


1
Phishing the Open Net
  • Lure 101
  • Zane Brys, Nicholas Bingell ,and Omar Heniene

2
What is Phishing?
  • The word "phishing" comes from the analogy that
    Internet scammers are using email lures to "fish"
    for passwords and financial data from the sea of
    Internet users. The term was coined in the 1996
    timeframe by hackers who were stealing America
    On-Line accounts by scamming passwords from
    unsuspecting AOL users. The first mention on the
    Internet of phishing is on the alt.2600 hacker
    newsgroup in January 1996, however the term may
    have been used even earlier in the printed
    edition of the hacker newsletter "2600". "Ph is
    a common hacker replacement for "f", and is a nod
    to the original form of hacking, known as
    "phreaking". Phreaking was coined by the first
    hacker, John Draper (aka. "Captain Crunch"). John
    invented "hacking" by creating the infamous Blue
    Box, a device that he used to hack telephone
    systems in the early 1970s.

3
What is Phishing?
  • phishing (FISH.ing) pp. Creating a replica of an
    existing Web page to fool a user into submitting
    personal,financial, or password data. adj.
    phisher n.
  • Phishing Password Fishing
  • Combination of
  • Technology
  • Social engineering

4
How does it work?
  • Phishers use many different tactics to lure you,
    including e-mail and Web sites that mimic
    well-known, trusted brands. A common phishing
    practice involves "spamming" recipients with fake
    messages that resemble a valid message from a
    well-known Web site or a company that the
    recipients might trust, such as a credit card
    company, bank, charity, or e-commerce online
    shopping site.
  • (Laurie )

5
Steps to Start Phishing
Step 1 Gather E-mail Addresses
Step 2 Mass e-mail everyone on the list and make it appear as if it is coming from a legitimate organization. Change the From line Use HTML and include legitimate logos\colors Include a link for them to click on that appears to be legit but takes them to a fake website
Step 3 Users click on the link and, hopefully, enter their personal information.
Step 4 Profit! (Steal their money, identity and ruin their lives.)
BONUS Download malware onto the persons PC and convert it into part of your botnet to be used to target other people.
6
Who are the perpetrators?
  • A single hacker/phisher was originally the most
    predominate technique but todays attacks also
    come from organized crime groups with global
    syndication.
  • For example, there have been instances in which a
    phishing Web site is hosted in one country, the
    spam attack is launched from a second country,
    and the financial fraud transaction occurs in a
    third country for a user of another country.

7
Who are the victims?
  • A common practice is identity theft, whereby the
    criminal steals your personal information, takes
    on your identity, and can then do the following
  • Apply for and get credit in your name.
  • Empty your bank account and max out your credit
    cards.
  • Transfer money from your investment or credit
    line accounts into your checking account, and
    then use a copy of your debit card to withdraw
    cash from your checking account at ATMs around
    the world.

8
What does a phishing scam look like?
  • As scam artists become more sophisticated, so do
    their phishing e-mail messages and pop-up
    windows.
  • They often include official-looking logos from
    real organizations and other identifying
    information taken directly from legitimate Web
    sites.

9
What does a phishing scam look like?
10
What does a phishing scam look like?
11
What does a phishing scam look like?
12
What does a phishing scam look like?
13
What does a phishing scam look like?
14
Prevention Tips
  • 1. NEVER TRUST AN EMAIL SENDER
  • Did you know that you can fake the return address
    in an email? For the less computer literate,
    that's the bit of the email that tells you who
    it's from. The sender can choose any
    name/supposed address they want, so never trust
    an email just because it appears to be from a
    legitimate address. It is a well known fact that
    over 95 of phishing attacks use spoofed email
    addresses to appear more authentic.
  • 2. ALWAYS CHECK THE CONTENT
  • A common technique used by scammers is to include
    all of the email's text as an image, and have the
    whole image link to a spoof website when clicked.
    This is a tactic to avoid email scanners that can
    scan the text in an email but not images. If you
    can't click and select the text as normal with
    the mouse, simple, it's a scam. Authentic emails
    are never constructed like this. Also, bad
    spelling and grammar is also a dead giveaway, as
    are places that seem unable to spell their own
    names, e.g. Alert from Ciitibnk'. Banks and the
    like don't send out emails with mistakes as bad
    as these.

15
Prevention Tips
  • 3. DON'T OPEN ATTACHMENTS OR FILL OUT EMAIL FORMS
  • Sometimes a spoof email will come with an
    attachment. Don't open it! It may be harmless,
    but there is no need to take the risk. This is
    the most common way that viruses are spread, and
    as well as being a scam the email may try and
    infect your computer with programs that steal
    information from you without your knowledge. 90
    of computer viruses are distributed via email, so
    don't take the risk.
  • 4. UPDATE YOUR COMPUTER SECURITY
  • Get an antivirus program (and keep it
    updated)..
  • Get an spyware removal program (and keep it
    updated). Update your operating system regularly

16
What if You Get Phished?
  • Dont panic!
  • Quickly contact the real bank or company
  • and tell them what has happened.
  • Close the account and open a new one.
  • Change your passwords and details so
  • the details you gave out are no longer valid.
  • Start checking your free credit report.

17
Reporting Phishing Scams
  • Always report "phishing" or spoofed emails to
    the following groups
  • forward the email to reportphishing_at_antiphishing
    .org
  • forward the email to the Federal Trade
    Commission at spam_at_uce.gov
  • forward the email to the "abuse" email address
    at the company that is being spoofed (e.g.
    "spoof_at_ebay.com")
  • when forwarding spoofed messages, always
    include the entire original email with its
    original header information intact
  • notify The Internet Crime Complaint Center of
    the FBI by filing a complaint on their website
    www.ic3.gov/

18
Security Indicators
  • Look for the lock at the bottom of your browser
    and https in front of the website address.

19
More Security Indicators
Spoofstick
20
More Security Indicators
Netcraft Toolbar
21
More Security Indicators
Trustbar
22
Test Your Phishing
  • Phishing Quiz
  • Lets go phishing!

23
Workload Distribution
  • Zane Brys research, rough draft ideas, editing
    power point, and presenting.
  • Omar Heniene research, rough draft ideas, power
    point preparation, and presenting.
  • Nicholas Bingell research, typing of the
    documents, finalizing of report, and presenting.

24
Resources
  • Microsoft Phishing Information Website
  • http//office.microsoft.com/en-us/outlook/HA011400
    021033.aspx
  • http//66.99.255.20/it/phishing.htm
  • http//en.wikipedia.org/wiki/Phishing
  • http//www.webopedia.com/TERM/P/phishing.html
  • http//www.privacyrights.org/ar/phishing.htm
  • http//surfthenetsafely.com/phishing.htm
  • money.howstuffworks.com
  • www.niagaracountyfcu.org

25
Questions/Comments?
Write a Comment
User Comments (0)
About PowerShow.com