Phishing: Don t Phall Phor It Part 1

Similar documents
Objectives. Disclaimer: Phishing: Don t Phall Phor It Part 1. Software Training Services

Train employees to avoid inadvertent cyber security breaches

Your security on click Jobs

Webomania Solutions Pvt. Ltd. 2017

How to recognize phishing s

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

FAQ. Usually appear to be sent from official address

IMPORTANT SECURITY CHANGES LOGGING ON. We are replacing the existing enhanced authentication.

DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

Malicious s. How to Identify Them and How to Protect Yourself

PROTECTING YOUR BUSINESS ASSETS

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Online Scams. Ready to get started? Click on the green button to continue.

Target Breach Overview

Today s Presentation. Define phishing Explain phishing techniques Examples of phishing Statistics about phishing Defense against Dark Arts Resources

How to Build a Culture of Security

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Newcomer Finances Toolkit. Fraud. Worksheets

Internet Basics. Basic Terms and Concepts. Connecting to the Internet

TIPS TO AVOID PHISHING SCAMS

CE Advanced Network Security Phishing I

IMPORTANT SECURITY INFORMATION PHISHING

Ages Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk

Custom Plugin A Solution to Phishing and Pharming Attacks

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

Phishing Attacks. Mendel Rosenblum. CS142 Lecture Notes - Phishing Attack

Staying Safe on the Internet. Mark Schulman

Guide to credit card security

Cyber Security Guide for NHSmail

Who We Are! Natalie Timpone

FAQ: Privacy, Security, and Data Protection at Libraries

Personal Cybersecurity

Anti-Phishing Working Group

Financial scams. What to look for and how to avoid them.

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

Scams and Schemes LESSON PLAN UNIT 1. Essential Question What is identity theft, and how can you protect yourself from it?

Best Practices Guide to Electronic Banking

Chapter 6 Network and Internet Security and Privacy

Phishing. What do phishing s do?

Why was an extra step of choosing a Security Image added to the sign-in process?

Duplication and/or selling of the i-safe copyrighted materials, or any other form of unauthorized use of this material, is against the law.

INTERNET SAFETY IS IMPORTANT

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Protect Yourself From. Identify Theft

Frequently Asked Questions (FAQ)

Phishing Activity Trends Report October, 2004

Employee Security Awareness Training

Security Awareness. Presented by OSU Institute of Technology

Security & Phishing

Security and Privacy

Introduction to

Internet and Mini.K.G Senior Scientist, FRAD, CMFRI

3.5 SECURITY. How can you reduce the risk of getting a virus?

Security Awareness. Chapter 2 Personal Security

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Credit Card Frauds Sept.08, 2016

Phishing: What is it?

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

Security Using Digital Signatures & Encryption

Do not open attachments on s that you are not sure of.

BRING SPEAR PHISHING PROTECTION TO THE MASSES

41% Opens. 73% Clicks. 35% Submits Sent

INTERNET BASICS. GETTING STARTED PAGE 02 Prerequisites What You Will Learn

Webroot Phishing Threat Trends

Spam Protection Guide

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

When you provide personal information to us it will only be used in the ways described in this privacy policy.

Adobe Security Survey

CSE 484 / CSE M 584: Computer Security and Privacy. Usable Security. Fall Franziska (Franzi) Roesner

Cyber Security Practice Questions. Varying Difficulty

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

Phishing: When is the Enemy

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

PIN / Password Security

Cyber Security Guide. For Politicians and Political Parties

The Dilemma: Junk, Spam, or Phishing? How to Classify Unwanted s and Respond Accordingly

1 of 11 10/1/ :26 AM

Phishing Activity Trends

Manually Create Phishing Page For Facebook 2014

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Whitepaper on AuthShield Two Factor Authentication with SAP

ATTACHMENTS, INSERTS, AND LINKS...

Safety and Security. April 2015

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Designing a Software that Detect and Block Phishing Attacks

Website Validity DOING QUALITY RESEARCH MR. ERFURTH, 2015

Phishing Activity Trends Report August, 2006

Keep the Door Open for Users and Closed to Hackers

CAREERBUILDER.COM - PRIVACY POLICY

South Central Power Stop Scams

Phishing for Dollars

ANNUAL SECURITY AWARENESS TRAINING 2012

Introduction to

The Rise of Phishing. Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group

Security Practices & File Encryption

Furl Furled Furling. Social on-line book marking for the masses. Jim Wenzloff Blog:

I G H T T H E A G A I N S T S P A M. ww w.atmail.com. Copyright 2015 atmail pty ltd. All rights reserved. 1

Usable Security: Phishing

Transcription:

Phishing: Don t Phall Phor It Part 1 Software Training Services Welcome to Part 1 of the online course: Phishing: Don t Fall for it! 1

Objectives Definition of Phishing State of Phishing Today Recognizing Phishing/Phishing Tricks Examples Best Practices What to do if you get hooked Summary This course is the first of a two-part series on Phishing. All of the objectives listed will be covered in the complete course. In part 1, the following topics will be discussed: Define phishing and distinguish it from spam Provide phishing statistics to give some insight into the state of phishing today Show how to recognize phishing and expose some phishing tricks And Provide some examples of phishing and point out how to identify these as phishing scams You will want to make sure you watch Part 2 of the presentation in order to complete this course. 2

Disclaimer: Many of the links in this presentation are not authentic web addresses, but are intended to illustrate hostile activity. DO NOT type these into your browser, unless they are provided in the Resources section. 3

Here s Phil the Phisher. 4

Web Address Definition Located in the top portion of the screen Begins with http or https The unique address of the web page Throughout this course we will refer to a web address. It s important that you understand what a web address is, and where to find it. The web address is located in the top portion of the screen and will normally begin with http or https. It is the unique address of the web page. 5

Web Address Example In this example, the web address is http://www.uakron.edu 6

Phishing Defined It s NOT what you do with a worm and a hook on a sunny afternoon Let s start with a definition of phishing. Contrary to what it sounds like, it s NOT what you do with a worm and a hook on a sunny afternoon. 7

A Definition of Phishing: The process by which someone obtains private information - often authenticating credentials - through deceptive or illicit means in order to falsely assume another person s identity. Phishing is the process by which someone obtains private information, often authenticating credentials, through deceptive or illicit means. They use this information for the purpose of identify theft 8

Phishing Defined Use spoofed emails to lead the recipient to counterfeit websites Tricked into divulging credit card information, personal information, account usernames and passwords, social security numbers, etc. Phishing involves the use of spoofed emails to lead the victim to counterfeit websites The phisher makes the message appear to come from a legitimate source such as Paypal, E-bay, the victim s bank, credit union, etc. Once at the website, they are tricked into divulging credit card information, personal information, account usernames and passwords, social security numbers, etc. Frequently, people will use the same username and password for multiple (or all) sites so phishers will try to get a username and Password and then try to re-use it on other popular websites to gain access to multiple additional accounts 9

Identity Theft Defined A crime in which an imposter obtains key pieces of personal information in order to impersonate someone else: Social Security number Driver's license numbers Identity Theft is a crime in which an imposter obtains key pieces of personal information, such as social security number and drivers license number, in order to impersonate someone else. 10

Identity Theft Defined Information can be used to carry out transaction in the name of the victim: Obtain credit Purchase merchandise and services Provides the thief with false credentials Can create a criminal record for the victim Leave outstanding arrest warrants for the person whose identity has been stolen Once the thief has this personal information, one way they may use it is to obtain credit and purchase merchandise and services under the victim s identity. In addition, the thief may also use the information for the purpose of providing them with false credentials. In this manner, they can create a criminal record for the victim resulting in outstanding arrest warrants for the person whose identity has been stolen, as the thief commits crimes under the assumed identity. 11

The State of Phishing Today Anti-Phishing Working Group : 5.7 billion Number of phishing emails sent each month 9,715 Number of unique phishing websites in January 2006 17,877 - Number of unique phishing reports received in January 2006 16,000+ sites for 2005 YTD 5 days - Average time online for a site Let s take a look at some of the statistics from the Anti-Phishing Working Group which provides us with a good view of the state of phishing today. 5.7 billion that s the number of phishing emails sent each month! Just for the month of January 2006 there were 9,715 unique phishing websites. Those are fake websites set up by phishers to lure unsuspecting users into entering their personal information. It might also surprise you to know that the majority of these fake web sites are originating in the United States. 17,877 is the number of unique phishing reports received for the month of January in 2006 There were more than 16,000 phishing sites for the entire year in 2005 5 days is the average time online for a phishing site. That means it is taking an average of 5 days before the web site is discovered and taken down. Frequently, the phisher just moves the page to another site Keep in mind that these numbers continue to increase the situation is getting worse, not better. 12

Identity Theft Statistics From FTC Identity Theft Survey Report 2003: 9.9 million Number of victims $47.6 billion Loss to businesses $5 billion Total loss to victims 2 10,000 hours Range of time spent by victims on resolving the problem (Average was 600 hours) You might be wondering how does this affect me? Well, phishing is used for the purpose of identity theft and the statistics on identity theft are overwhelming: There were 9.9 million victims of identity theft in 2003 The loss to businesses was $47.6 billion and the total loss to victims was $5 billion The amount of time spent by victims on resolving the problem ranges from 2 hours to 10,000 hours with an average of 600 hours. Keep in mind, some of the victims are still clearing records over 10 years since the initial theft as the imposter continues to open accounts in their name. 13

The State of Phishing Today Why Phishing Works study found: People do not know how to scrutinize web addresses Even when presented with a choice between a valid and a hoax site, the hoax was selected 40% of the time Spam VS. Phishing Spam Selling Phishing - Stealing A study was conducted to determine why phishing scams are successful and the results showed that people don t know how to scrutinize a web address to determine if it is valid or not. Even when people were presented with a choice between a valid and a hoax site, the hoax was selected 40% of the time. You might be asking, is there a difference between spam and phishing? Are they the same thing? Well, they are not the same thing and it s important to differentiate between the two. Spam is selling someone is trying to sell you a product Viagra, low mortgage rates, Vitamins, etc Phishing is actually stealing they are trying to steal your identity by tricking you into divulging personal information 14

Recognizing Phishing Look for the following three components: Build credibility (sounds good) Spoof a real company You may or may not be a member or have an account Create a reason to act Urgency, plausible premise, requires quick response A call to action Click a link or button Subtle changes to web address Actual web address with changed link properties Not going where you think you are going! There are some standard items to look for in an email to help you identify it as a phishing scam. Most phishing emails will have 3 components: First, they will try to build credibility by spoofing a real company. Typically, the phisher will use very popular and well-known businesses, such as e-bay, paypal, Amazon, or major banks. Second, they will express a sense of urgency to get you to take immediate action. They may try to scare you into believing that someone may have tried to access your account and they need you to verify your account information immediately. Finally, there is a call to action a very quick and convenient method for you to provide the requested information by completing a form or clicking a link. They may even make it look as though you are clicking a valid web address. When in fact, they have modified the link properties so that you are NOT actually going where you think they are. 15

Recognizing Phishing Exercise caution when: Notified of internal accounting errors, requesting your cooperation Warnings of your account being closed if action is not taken Requests to update your account or profile Apparent notices from your ISP informing you of problems generated by your PC You should exercise caution any time you are notified of warnings such as internal accounting errors or threats that your account is going to be closed unless you take immediate action. Some other popular ploys include requests to update your account or profile, and notices that seem to come from your Internet Service Provider informing you of problems that have been generated by your pc. All of these are tricks of the phisher to scare you into taking immediate action. By placing urgency on the request they are hoping to increase their chances that you will respond immediately without thinking about the possible consequences. 16

For Example Take this example which appears to be coming from Paypal. This request informs the recipient that they have recently enhanced their web site and therefore, they are updating their account information and noticed some discrepancies in the client s account. Notice the simple link to click on in order to be taken to a web page where the account information can be entered. This email does contain some tell-tale signs that it is a phishing scheme. Let s take a closer look. 17

First, notice the generic Dear paypal customer If this were a legitimate message, the email would be personalized to include the account holder s name. In addition, take a look at the improper Grammar used the first sentence includes the phrase to verify that the informations you have provided are accurate. Then, the poorly worded note Unable to do so may result to abnormal account behavior during transactions. Sometimes, poor grammar and misspellings are a good indication of a phishing scheme, but they are not always present. Let s click on the link and see where it takes us that will provide us with additional clues as to the legitimacy of the message 18

Takes you to Let s analyze this web page. ANYTIME you enter personal information on the web, you should always verify that the site is secure by looking for https in the web address and a Lock icon in the lower right both should be present. You can see by this example, http is used and not https and there is no lock icon in the lower right. The Secure Log In and lock symbol used towards the top of the page are being used to fool you into believing the web page is secure, when in fact it is not. The lock icon should be located in the status bar at the bottom of the page. 19

This is an example of valid, secure web site. Notice the https web address and lock icon are both present. This is the legitimate web site for paypal. 20

Https Secure Site Internet Explorer Lock icon: Displayed in lower right Mozilla FireFox Lock icon: Displayed in lower left Netscape Lock icon: Displayed in lower left Throughout this presentation we will use Internet Explorer as the browser. However, you may be using another browser, such as Mozilla FireFox or Netscape. Therefore, on this slide we have provided a sample of the lock icon from all three of these browsers so you are aware of what to look for. Also keep in mind that unlike Internet Explorer where the lock icon is displayed in the lower right, both Mozilla and Netscape display the lock icon in the lower left. This lock icon is not just a picture. You can click the icon or or double-click (depending upon your browser) and examine the security information displayed about the web site. 21

Recognizing Phishing The actual domain comes JUST BEFORE the domain suffix Example: www.uakron.edu Uakron = domain.edu = suffix Suffixes:.com = Commercial business.edu = Educational institutions.gov = Government.org = Non-Profit organizations.mil = Military.net = Network organizations You ll need to understand how to identify domains and suffixes in the web address so keep in mind the following: To help clarify, the actual domain comes just BEFORE the domain suffix. So, for www.uakron.edu Uakron is the domain and.edu is the suffix. It s helpful to know some common suffixes such as:.com for commercial institutions. Businesses such as ebay, paypal, starbucks, lands end, etc would all use the suffix of.com.edu is for educational institutions, such as The University of Akron.gov is used for government entitities. For example, the United States Postal Service is usps.gov the FBI is fbi.gov.org is used by non-profit organizations, such as the Red Cross, the American Cancer Society, etc..mil is used by military organizations The marines are USmc.mil, the army is army.mil.net is for network organizations and is typically used for Internet Service Providers It helps to be able to identify the domain and suffix in order to determine if a web site is legitimate. 22

Recognizing Phishing Look for the following (examples of fraudulent links): http://ebay.signon.com http://banesandnoble.com www.ebay.com@xyz.com www.xyz.com/paypal-login.html Anything after a slash is a subdirectory of the website Let s take a look at what we learned about domains and suffixes and apply it to these web address examples: In the first example ebay.signon.com you see the ebay and immediately assume it is legitimate it s NOT. For the legitimate ebay site, ebay is the domain and in this example signon is the domain, making it invalid. Banesand Noble.com they want you to think it s Barnes and Noble.com they re hoping you glance at it quickly and ignore the missing r. The next one is a good one www.ebay.com@xyz.com You might be thinking, this is ebay because it s ebay.com The fact is, whenever there is an @ symbol everything to the left is ignored and the actual address is to the right so, this is really xyz.com and NOT ebay The last one xyz.com/paypal-login.html - Again, you might be thinking it s paypal when in fact anything after the slash is a subdirectory of the website - Therefore, the true domain is xyz and the suffix is.com 23

Phishing Tricks Credible-looking web address http://81.109.44.105/ebay/account_update/now.php The @ sign Uses everything to the right of the @ Everything to the left of the @ is forgotten http://www.usbank.com/update.pl@81.109.43.103/ usb/upd.pl Long status line Web address is so long it cannot be completely displayed in the status bar (combine with @ sign) Here s some more credible-looking examples: The first one has the number 81.109.44.105 which is the IP address. Think of the IP address as being similar to a phone number. Sometimes, phishers use the IP address in place of the web address in order to fool you. Any time you see a series of numbers such as this in the web address it should be an indication that the web site it not legitimate. The next one uses the @ symbol the www.usbank.com/update.pl part looks real - too bad it s to the LEFT of the @ symbol. Remember, everything to the left of the @ is ignored. Another trick is to use a very long web address. I ll point out in a minute how you can move your mouse over the link and see the actual web address it points to in the status bar at the bottom of the page. Phishers will make the address so long that when you hover over it the full address it will not be displayed you only see part of the name and it s the part they want you to see. They frequently combine this with the @ symbol so they can put anything they want in front of the @ symbol and none of it is real. We will show you an example of a long web address on the next slide. 24

In this example, the phisher is pretty good at disguising the url If we place the mouse over the link labeled internal/loginupdate.html the status bar at the bottom of the screen will display internal/login/update/accounts, etc However, the actual url is really quite long as you can see from the address displayed in the light grey box. What this phisher did was combine a long address with the @ symbol to confuse the recipient. Scan the long address and look for the @ symbol we ve highlighted the text in red to help make it stand out for you. Remember, everything to the left of the @ is ignored, everything to the right is the real address. Therefore, the real address is www.sisterstuff.com/images/index.html 25

Part 1 Conclusion To advance to Part 2 click the link below: Phishing: Don t Phall Phor It Part 2 Questions? pstrain@uakron.edu AppSupport@uakron.edu This concludes Part 1 of Phising, Don t Phall Phor it! Please don t forget to watch Part 2 of this course. It contains valuable information on advanced phishing tricks and provides advice on what to do should you become a victim of phishing. In addition, many valuable resources are provided in Part 2. Should you have any questions, you may direct them to either pstrain@uakron.edu or AppSupport@uakron.edu 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback