1 / 14

Information Security Session October 24, 2005

Information Security Session October 24, 2005. Bill Eaheart Network Security Coordinator DePaul University. What is spam?. Email advertising for some product or service Unsolicited Commercial Email (UCE) Electronic version of junk mail Not necessarily virus or malware.

sandrafranklin
Télécharger la présentation

Information Security Session October 24, 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security SessionOctober 24, 2005 Bill Eaheart Network Security Coordinator DePaul University

  2. What is spam? • Email advertising for some product or service • Unsolicited Commercial Email (UCE) • Electronic version of junk mail • Not necessarily virus or malware Information Security

  3. How do ‘spammers’ get my email? • Harvesting WebPages • Harvesting Newsgroups • Guessing • Buying lists from other spammers or companies • From a mailing list • By people themselves • Other ways Information Security

  4. Can you limit the amount of spam? • Don't give your email address out arbitrarily • Check privacy policies • Be aware of options selected by default. • Use filters • Don't follow links in spam messages • Disable the automatic downloading of graphics in HTML mail • Consider opening an additional email account. • Don't spam other people Information Security

  5. What is ‘Phishing’? • Scam to steal valuable information – Online Fraud • Attacks use ‘spoofed’ emails and fraudulent websites • Designed to fool users into divulging personal data – credit card numbers, user ID’s, passwords and social security numbers. • Hijack trusted brands of well-known banks, retailers and credit card companies • Anti-Phishing Working Group – Up to 5% success rate Information Security

  6. Why is ‘Phishing’ so popular? • Effective Social Engineering • Technique for manipulating people to disclose sensitive information • People trust information in emails or websites • Simple for people to disguise email addresses and location of websites Information Security

  7. Gartner Study STAMFORD, Conn., June 23, 2005 — Increasing reports of lost consumer data files and disclosures of unauthorized access to sensitive personal data are taking a toll on consumers' confidence in online commerce, according to Gartner Inc., the world's largest technology research and advisory firm. A Gartner survey of 5,000 U.S. adults showed that phishing attacks grew at double-digit rates last year in the United States. In the twelve months ending in May 2005, an estimated 73 million U.S. adults who use the Internet said they definitely, or think, they received an average of more than 50 phishing e-mails in the past year. 2.4 million online consumers report losing money directly because of the phishing attacks. Of these, approximately 1.2 million consumers lost $929 million during the year preceding the survey. Survey participants indicated most of the money stolen was repaid by banks and credit cards. Information Security

  8. How do I spot a Phishing scam? • Attempt to grab your attention • Suspicious email • Can be difficult to tell without research • Closely resembles website – same graphics Information Security

  9. Examples Information Security

  10. Examples – Bank of America Phish • Target: Bank of America customers • Spoofed Sender: Online Banking Notice<5thvtc@alert.bankofamerica.com> • Goal: Bank Username/Password and ATM card information • Visible Link: ‘Sign in to Online Banking’ • www.bankofamerica.com : 171.159.193.173 • Phish site IP Address: 216.119.179.191 Information Security

  11. Recommended Steps • Use Caution/Common Sense - Be suspicious of emails asking for sensitive information • Reputable organizations will not request information through email • Never respond to an email for personal information • Never follow the links in an email you suspect might be phishing • Use a browser to type in the site mentioned in the e-mail • Check to see if the site has an announcement about phishing attacks targeting it. • Check to see if the privacy policy of the website has a policy about collecting private data. • If you determine that a website is legitimate, make sure it encrypts your data by using SSL. Information Security

  12. How do I report Phishing scams • Federal Trade Commission • http://www.consumer.gov/idtheft • FBI's Internet Fraud Complaint Center • http://www.ifccfbi.gov/index.asp • Attacks targeting DePaul University • abuse@depaul.edu Information Security

  13. Additional Information • If you think you are a victim to a phishing scam: • http://www.antiphishing.org/consumer_recs2.html • Anti-Phishing Work group • http://www.antiphishing.org/ • Microsoft Video: Phishing and Identity Theft • http://www.microsoft.com/athome/security/email/phishing/video1.mspx Information Security

  14. The End! Thank you Any questions weaheart@depaul.edu Information Security

More Related