1 / 1

Understanding Social Phishing: The Carlton Draught Beer Incident

This study delves into a real-world phishing scenario involving an unsuspecting college student, Vince, who fell victim to a phishing attack after an email about Carlton Draught beer was forwarded to him. The incident triggered a wider phishing campaign that spread swiftly across three continents, affecting numerous individuals. The analysis highlights the tactics used by phishers and emphasizes preventive measures. It discusses client-side and server-side fixes to enhance cybersecurity, vital for protecting personal information in an increasingly digital world.

berg
Télécharger la présentation

Understanding Social Phishing: The Carlton Draught Beer Incident

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SOCIAL PHISHING – Phish a Phriend Mona Gandhi, Divya Aggarwal Collaborators: Sid Stamm, Markus Jakobsson Evil doers in Action Phishing with Beer!!! Statistics Experiment Scenario In excitement, Christy forwarded an email about the newly launched Carlton Draught beer to her boyfriend Vince, a business major at IU. Unsuspecting, Vince clicked on the link and got redirected to a phishing site www.verybigad.com, a legitimate cousin site of www.bigad.com.au. Impressed by the ad, Vince forwarded it to his network of friends, thus expanding the phisher’s net. Malicious EXE In the Future... • Phishers can • Mount attacks to compromise access • points, implement rogue captive portals, • personal information via emails, IM, • telephones, faxes and IRC • It will be practiced at all levels • Students for homework assignments, • exams • Journalists for scoops • Politicians for their election campaigns • Governments for spying • Terrorist organizations Believe it or not!! The attack spread across 3 continents in a span of 5 days affecting 630 people and this is an underestimation since it did not operate correctly on some versions of IE are they your true friends? Fixes • Client-Side • Use of anti-virus, firewalls, spyware for • desktop protection • Disabling HTML functionality and • dangerous attachment downloads from • emails • Configuring web browsers to disable • window pop-ups, ActiveX controls, Java • Runtime • Server-side • Educate the user • Validation and personalization of • customer communication • Use of strong passwords for authentication • Use of developed standards for hosting Disclaimer The content and the design layout of this website are not original and authentic and similarity to any website, living or dead, is purely intentional. This website is protected under the laws of United States and other countries. Unauthorized duplication, distribution or exhibition may result in civil liability and criminal prosecution. Harmless Link Credits: NGS. “The Phishing Guide – Understanding and Preventing Phishing Attacks”

More Related