1 / 17

Phishing: Don’t Take the Bait!

Office Technology Conference Karen McDowell, Ph.D., GCIH 10 June 2009. Phishing: Don’t Take the Bait!. What is Phishing?. Phishing aka fraudulent email – the phisher (attacker) sends email falsely claiming to be an established legitimate operation

vita
Télécharger la présentation

Phishing: Don’t Take the Bait!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Office Technology Conference Karen McDowell, Ph.D., GCIH 10 June 2009 Phishing: Don’t Take the Bait!

  2. What is Phishing? • Phishing aka fraudulent email – the phisher (attacker) sends email falsely claiming to be an established legitimate operation • Phisher attempts to bait (trick) you into surrendering private information that s/he will use to steal your identity, empty your bank account, or charge items to your credit cards

  3. Phishing at UVa - 2009 • If you clicked on this, you went to the Real Address: http://www.virginia.vbedu.net/info/v/

  4. Trickier Still - Phishing Email

  5. Expired Visa Card Phishing Scam • Email appears to come from Visa & claims that the recipient's account has expired • Renew it immediately or account will be closed • Innocent person clicks and enters PI… • Internet criminals now have PI and all account details • Criminals wire transfer funds out of account • Sell person’s PI to other criminals OUCH! SANS Institute Security Newsletter for Computer Users Volume 6, Number 5 May 2009

  6. Spear Phishing • Spear Phishing is any highly targeted phishing attack in which your first name or first and last name may appear in email • Sender may appear to be your HR or IT person or even a higher authority!

  7. Spear Phishing?

  8. Spear Phishing at UVa – 2009

  9. World’s Oldest Con Game • Spear phishers often customize emails with information they've found on Web sites, blogs, or social networking sites • Fake social networking login pages lure people into sites, where they're used to entering personal information • No reputable online entity (bank, credit card company, UVa, etc.) will send you a request for personally identifiable information (PI)

  10. Verified Not Phishing

  11. FaceBook Login Phishing • Tricks recipients into providing their FaceBook login details to Internet criminals • Clicking on the link will take you to a bogus website designed to look like a genuine FaceBook login page • Bogus sites feature domain names such as "fbstarter.com" and "fbaction.net" • Purpose of such attacks is generally identify theft and to spread spam OUCH! SANS Institute Security Newsletter for Computer Users Volume 6, Number 6 June 2009

  12. Why Does Phishing Work So Well? • Relative success of spear phishing relies upon the details used – • Apparent source - known and trusted individual • Information in the message supports its validity • Request seems to have a logical basis • Phishing is also successful, because • We don’t pay attention to visual cues • We are vulnerable to manipulation • Sometimes we are in a hurry

  13. Phishing Headlines • Breaking News Headlines! • Cute videos your friend sends you like “Barbie Turns 50” • Chain letters of any kind • Forward this to at least 10 people to save a life • Bring good luck in 7 days if only you pass it on! • Easy money $$$ of any kind • Lose weight fast! • Burn Those Abs!!

  14. Time-Honored Phishing Scams • Online games - If you want to play games, buy a CD/DVD from a reputable dealer • Playing on your heartstrings – Fake charities • Weather alert software – • Work-at-home and earn a fortune! • You have a virus, and we can help you!* • Remember: If it’s free, the price is hidden *Installs rogue anti-virus software

  15. Brand New Phishing Scams • Shipping update for your Amazon.com order 245-78546321-658742 • CNN News Air France Flight 447 Tragedy • CNN News David Carradine Dead • Click on these messages arriving by email or Twitter, and attackers install rogue anti-spyware • Attempt to force-submit your credit card • Damages your computer’s operating system <blog-trendmicro.com> 6/4/2009

  16. UVa Alerts Email - Legitimate • “Your UVA Alerts account will expire in 30 days. Go to www.virginia.edu/uvaalerts to extend your service.” • It’s possible an attacker could infiltrate the server and send these alerts • Verify that your account is up for renewal • Look closely at the email message • Check the suspicious email page http://itc.virginia.edu/security/phishing/

  17. Don’t Click = 100% Win for You • Webpage below identifies phishing email currently circulating at UVa • http://itc.virginia.edu/security/phishing/ • What my mother taught me still works • Don’t take candy from strangers, and • If in doubt – don’t! • Don’t click, that is…

More Related