1 / 29

Phishing, what you should know

Phishing, what you should know. “L  kout” Initiative. Important Note.

libba
Télécharger la présentation

Phishing, what you should know

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing, what you should know “Lkout” Initiative

  2. Important Note The information published hereafter is just a collection of selected IT industry best practices and tips that might assist you in improving the security levels against computer related threats while exercising your computing activities. The information published hereafter is not meant in any way to provide a comprehensive solution nor to ensure full protection against computer related threats.

  3. What is Phishing? • Phishing is a form of social engineering that is executed via electronic means and can lead to identity theft and fraud.

  4. Social Engineering • A social engineer is a polite cracker!! • A social engineer is a person who will deceive or con others into divulging information that they wouldn’t normally share (credit card numbers, bank account information, passwords…etc.). • He/she will build inappropriate trust relationship with insiders.

  5. Social Engineering • He/she may seem: • Unassuming and respectable • Possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. • Social Engineers use these techniques: • Appeal to vanity • Appeal to authority • Appeal to old-fashioned eavesdropping

  6. Social Engineering • Human Based: • In Person. • Third-party authorization: The social engineer obtains the name of someone who has the authority to grant access to information. • Impersonation: A social engineer might impersonate any character and use certain privileges.

  7. Social Engineering • Electronic Based: • Targeted e-mail messages • Spam, chain letters and hoaxes • E-mail attachments • Pop windows • Spoofed Websites • Instant Messaging and Chat rooms • Cell phone text messages (SMS) (details in slides ahead)

  8. Phishing: Real Life Example 1 - AUB

  9. Phishing: Real Life Example 1 - AUB

  10. Phishing: Real Life Example 2 - AUB

  11. Phishing: Real Life Example 2 - AUB

  12. Phishing: Real Life Example 3 - Common Tricks Same old story, but a different version

  13. Phishing: Real Life Example 4 - Silly Reasoning Yeah, right

  14. Phishing: Real Life Example 5 - Fake Sites This one is Easy! This is not eBay site but a fake One.

  15. Phishing: Real Life Example 6 - Tricky URLs

  16. Phishing: Real Life Example 6 - Tricky URLs

  17. Phishing: Real Life Example 7 - Spyware

  18. How to Avoid Becoming a Phishing Victim?

  19. How to Avoid Becoming a Phishing Victim? • Phishers’ emails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are. • Phishers typically include upsetting (usually a threat) information to get people to react immediately (i.e., claiming they will shut off your account). Is it that urgent?

  20. How to Avoid Becoming a PhishingVictim? • Phishers typically include exciting (but false) statements in their e-mails or pop ups to entice people to access their web sites, i.e. claiming that you have won a prize, lottery or inherited wealth. • Never respond to requests for personal or confidential information via email. When in doubt: • Call the institution that claims to have sent you the email. • Login to their web site by typing their address at the browser address bar. Does this sound too good to be true? Who is this person?

  21. How to Avoid Becoming a Phishing Victim? • If you suspect the message might not be authentic, don't use the links within the email to get to a web page, the web page can be spoofed. • Never fill out forms in email messages that ask for confidential information, you should only communicateconfidential information via a secure website.

  22. How to Avoid Becoming a Phishing Victim? • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser. • Check the beginning of the Web address in your browsers address bar - it should be ‘https://’ rather than just ‘http://’ • Look for the locked padlock icon on your browser (IE; Netscape/Mozilla)

  23. How to Avoid Becoming a Phishing Victim? • Never continue to a secure web site that has a problem with its security certificate. • Internet browsers do present the user with an error message (example: IE7 message below).

  24. How to Avoid Becoming a Phishing Victim? • Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate and if anything is suspicious, contact your bank and all card issuers • Ensure that your browser and OS software is up-to-date and that security patches are applied (Example: MS Outlook signatures of spam e-mails) • Ensure antivirus and anti-spyware software is installed and current.

  25. How to Avoid Becoming a Phishing Victim? • Ensure that your browser phishing filter is turned ON. Example: IE7 phishing filter controls.

  26. What to do if you Suspect a Phishing e-mail? • Stop, never reply, or use any of the URL links embedded in the body, or open attachments, or fill in online forms embedded in the e-mail body. • Report to CNS: spam@aub.edu.lb

  27. What to do if you Think you were a Victim? • If you believe you might have revealed sensitive AUB information or might have revealed information that could be used for identity theft or fraud, contact auditor@aub.edu.lb.

  28. Check this Website: http://survey.mailfrontier.com/survey/quiztest.html Test your Phishing IQ

  29. Acknowledgements • Computing and Networking Services team. • Work-Study students: • Marwa Abdul Baki • Donna Bazzi • Comic strips are reproduced with permission. Please visit www.securityCartoon.com for more material. • www.CartoonStock.com

More Related