1 / 24

Threats to Information Security

Threats to Information Security. Protecting Your Personal Information from Phishing Scams. Learning Objectives. Define a phishing scam. Describe how a phishing scam is carried out. Explain methods for detecting phish email. Provide guidelines for how to avoid being phished. Risk.

azana
Télécharger la présentation

Threats to Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Threats to Information Security Protecting Your Personal Information from Phishing Scams

  2. Learning Objectives • Define a phishing scam. • Describe how a phishing scam is carried out. • Explain methods for detecting phish email. • Provide guidelines for how to avoid being phished.

  3. Risk There is always risk when you use the internet.

  4. And then there is RISK

  5. Phishing Defined • Phishing scams or attacks use deception to acquire sensitive personal information by masquerading as official-looking e-mails or instant messages. • The term "phishing" comes from the analogy that Internet scammers are using email lures to "fish" for passwords and financial data from the sea of Internet users. • The name was coined in the 1996 timeframe by hackers who were stealing America On-Line accounts[1].

  6. Phishing Facts

  7. How Phishing Works • First, a fake web site is designed to look and act exactly like a real site ("spoofed" organization). • A fraudulent email is then crafted to look like it originated from the legitimate organization. Real Site Fake Site

  8. How Phishing Works The email is sent out to countless potential victims, either directly or through automated networks like botnets. The email contains links to the bogus web site operated by a criminal.

  9. How Phishing Works • The victim follows the link in the email to the fake site and fills in the requested information, thinking it is the genuine site. Link

  10. How Phishing Works • The information is collected by the fraudulent site and sent back to the criminal. Date of Birth Account ID PIN Social Security Number Credit Card Number

  11. How to Detect a Phish E-mail • As Scammers get better, their emails look more genuine. • How do you tell if it’s a scam and phishing for personal information?

  12. Four Tests to Help Detect Phish E-mail • First, look for spelling and grammatical errors in the email. • Second, check the email header and look for anomalies. • Even if the e-mail message appears to come from a sender that you know and trust, use the same precautions that you would use with any other e-mail message. Fraudsters can easily spoof the identity information in an e-mail message.

  13. Real or Fake ?

  14. Four Tests to Help Detect Phish E-mail • Third, analyze the links in e-mail messages to determine the real target address or URL. • Most e-mail programs (e.g., Outlook 2007) show you the actual target address of a link when you hover the mouse over the link. Or you can view the email source and/or link properties. • If the target address contains an IP address, such as 192.168.100.1, do not click the link. • Make sure that the spelling of words in the link matches what you expect. Scams often use URLs with typos in them that are easy to overlook, such as “www.micosoft.com” or “http://online.wellfargo.com”.

  15. Example: Determine the Real Target Address or URL Visible link: https://online.wellsfargo.com/?customersupport=CONFIRMATION ≠ Called link: http://202.67.159.110:5180/login1.html

  16. Four Tests to Help Detect Phish E-mail • Fourth, verify the security and identity of the Web site. • Click the lock icon to display the security certificate for the site. The name following “Issued to” should match the name of the site. If the name differs, you may be on a fake site. • Some sites feature verified identity and security information. When you visit a verified site using Internet Explorer 7, the browser address bar turns green and the identity information appears on the right-hand side of the address bar. • This makes it easy to check the identity information and ensure that it matches the site that you expected to see.

  17. Example: Verify the Security

  18. Guidelines to avoid being phished • If you are requested to update your account information or change your password, connect to the Web site by using your personal bookmark or by typing the URL directly into your browser. • Don't trust offers that seem too good to be true. • If a deal or offer in an e-mail message looks too good to be true, it probably is.

  19. Guidelines to avoid being phished • Never enter personal or financial information into a pop-up window. • Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to check the security certificate. • Close pop-up windows by clicking the red X in the top right corner (a "Cancel"button may not work as you'd expect). • Regularly Update your computer protection software and browser. • Report suspicious e-mail. • Report the e-mail to the faked or "spoofed" organization. Contact the organization directly-not through the e-mail you received. • Report the e-mail to the proper authorities, including the FBI, the Federal Trade Commission (FTC), and the Anti-Phishing Working Group.

  20. Homework for next class • Phishing scams • Phishing example • Phishing example • Phishing quiz • Distributed denial-of-service attacks • See botnetdemonstration

  21. View Source Another Example – Amazon

  22. Risk Optimization

  23. How Public Key Encryption Works

  24. How Digital Certificates Work

More Related