Teaching%20you%20NOT%20to%20fall%20for%20Phish - PowerPoint PPT Presentation

About This Presentation
Title:

Teaching%20you%20NOT%20to%20fall%20for%20Phish

Description:

Teaching you NOT to fall for Phish Carnegie Mellon Beth Cueni Internet addiction People do get addicted to the Internet What are the signs? Fighting Cybercrime http ... – PowerPoint PPT presentation

Number of Views:191
Avg rating:3.0/5.0
Slides: 15
Provided by: aes92
Category:

less

Transcript and Presenter's Notes

Title: Teaching%20you%20NOT%20to%20fall%20for%20Phish


1
Teaching you NOT to fall for Phish
  • Carnegie Mellon
  • Beth Cueni

2
Internet addiction
  • People do get addicted to the Internet
  • What are the signs?

3
Fighting Cybercrime
  • http//www.nsf.gov/cise/csbytes/newsletter/vol1i12
    .html
  • View these images.
  • Only one is an actual web site.
  • How can you tell?

4
Password Protection
Number of Characters Possible Combinations Human Computer
1 36 3 minutes .000018 seconds
2 1,300 2 hours .00065 seconds
3 47,000 3 days .02 seconds
4 1,700,000 3 months 1 second
5 60,000,000 10 years 30 seconds
10 3,700,000,000,000,000 580 million years 59 years
  • Possible characters A-Z and 0-9
  • Human discovery assumes 1 try every 10 seconds
  • Computer discovery assumes one million tries per
    second
  • Average time assumes the password would be
    discovered in approx half the time it would take
    to try all possible combinations

5
Characteristics of Phish scams
  • Sense of urgency
  • No specific person signs the email
  • Links do not take you to a valid address
  • Dear eBay member they should know your name!

6
Phishing Works
  • 73 millions US adults received more than 50
    phishing emails each year in the year 2005
  • 3.6 million adults lost 3.2 billion dollars in
    phishing attacks in 2007
  • Financial institutions and the military are also
    victims

7
Why phishing works
  • Phishers take advantage of Internet users trust
    in legitimate organizations
  • Lack of computer and security knowledge
  • People do not protect themselves

8
Anti-phishing strategies(What industry is doing)
  • Silently eliminate the threat
  • Find and take down the phishing sites
  • Detect and delete phishing emails
  • Warn users about the threat
  • Anti phishing toolbars and web browsers feature
    (IE 7.0 and Firefox)
  • Train users not to fall for attacks

9
Users education is challenging
  • Users are not motivated to learn about security
  • Security is a secondary task

10
Web Site Training
  • Lab study 28 non-expert computer users
  • Evaluate 10 sites
  • Take a break (read training material or play
    games)
  • Evaluate 10 more sites
  • People who read the training material identified
    phishing sites better

11
PhishGuru
  • http//phishguru.org/
  • http//wombatsecurity.com/antiphishingphil
  • YouTube http//www.youtube.com/watch?vc1Es2qza1II
  • http//cups.cs.cmu.edu/antiphishing_phil/

12
Students are most vulnerable
  • Students more likely to fall for phish than staff
  • 18-25 age group were consistently more vulnerable
    to phishing attacks

13
Wombat Security
  • Purchased the Anti Phishing game from Carnegie
    Mellon and is now using it to train others

14
Play the game!
  • http//cups.cs.cmu.edu/antiphishing_phil/
Write a Comment
User Comments (0)
About PowerShow.com