Transcript Document

What is Phishing?
…listening to music by the band called Phish
or perhaps
…a hobby, sport or recreation involving the
ocean, rivers or streams…nope
1
Phishing
A computer scam on the rise!
2
Did you know…
• One in four people have
never heard of the term
“Phishing”.
• Half of the people
surveyed could not
accurately define
phishing.
3
Phishing Facts
•6.1 Billion – Number of phishing e-mails sent world-wide
each month.
•$1,200 – Average loss to successfully phished person.
•7,484 Number of phishing Web sites in January 06.
•A new phishing scam is launched every two minutes.
4
Be Alert, Be Wary, and
Be Informed.
5
“Phishing” Scam Occur when
• You get an email that looks like it comes
from your bank, credit card company, etc.
• Asking you to “update their records”
– May be due to potential fraud, other reasons
• Provides a hyperlink to a web page where
you enter your personal information
• The link takes you to a thief’s website that
is disguised to look like the company’s.
6
Why Phishing Scams?
A phishing expedition, like the fishing expedition
it's named for, is a speculative venture: the phisher
puts the lure hoping to fool at least a few of the
prey that encounter the bait.
The thief is hoping to hook you with a very slick
but very fake website to fish for your personal
information.
7
What kinds of personal information
do the thieves want?
–
–
–
–
–
–
Your name, address and date of birth
Social Security number
Driver’s License number
Credit Card numbers
ATM cards
Telephone calling cards
8
Why people fall for phishing scams.
Typically, the messages appear to come
from well known and trustworthy Web sites.
Web sites that are frequently spoofed by
phishers include PayPal, eBay, MSN,
Yahoo, BestBuy, and America Online.
9
Current Phishing Targets
This chart highlights which institutions were
targeted in phishing attacks recently.
10
How a Phishing E-mail might read
Dear valued [CompanyName] member, Due to concerns, for the safety
and integrity of the online [vendor service] community we have issued the
following warning message.
It has come to our attention that your account information needs to be
confirmed due to inactive customers, fraud and spoof reports. If you could
please take 5-10 minutes out of your online experience and renew your
records you will not run into any future problems with the online service.
However, failure to confirm your records may result in your account
suspension.
Once you have confirmed your account records your internet [vendor
service] service will not be interrupted and will continue as normal.
Please click here {fake web site address} to confirm your [vendor service]
account records.
Thank you for your time,
[CompanyName] Billing Department.
11
Phishing E-mails Examples
12
More Phishing E-mails
13
More Phishing Examples
14
“Actual Phishing” Email
15
How can you tell if the message is real ?
There are many other clues to look for:
• See if the email contains obvious grammatical or spelling errors
("Due to concerns, for")
• The message opening very
– general, or incorrectly identifies you, or only your email account name
• The email asks you to renew or update your account information.
• The message asks you to link to a web site which seems to be
legitimate, but has extra information or characters at the end
(http://www.amazon.com/myhacksite?brth=2y3bn45&uid=Kan13245)
.
• The web site prompts you for your userid and password, and then
opens a page asking for credit card numbers, bank account numbers
and so forth.
16
What should I do if I
suspect the email is a fake?
• Report it. Most legitimate companies encourage you to forward
suspicious emails to their security department, if you are unsure of the
email's authenticity, and will respond within 24 hours with an answer.
• Then, delete it. Drag it to the trash, then empty the trash. And
forget about it. You've defeated the spammers by not falling for their
tricks.
17
How to Protect Yourself.
• Never click on hyperlinks in emails. never cut and paste the link into
your web browser. - INSTEAD, type in the url to go to the website in
your search engine.
• Call the company directly to confirm whether the website is valid.
• Don’t reply to email or pop-up messages that ask for personal or
financial information.
• Don’t email personal information.
• Be cautious opening attachments
• Forward spam that is phishing for information to [email protected] and
visit FTC’s
18
What if I was tricked and entered my
information on the web site?
Take immediate action to protect your identity and all of
your online accounts.
•Treat the situation like you lost your wallet or purse. Immediately
contact all of your financial institutions, preferably by phone, and inform
them of the situation.
•Choose a strong password that is significantly different from your old
passwords.
•Go to every web site where you may have stored credit card and/or bank
numbers and change the password at each web site
19
What happens once phishing is
reported to authorities…
• Once the thieves have “fished out the pond"
so to speak, they move on. Normally, the
link will shows a "cannot be displayed"
page.
20
How do you avoid a Phishing Scam
• DO NOT respond
to the e-mail.
• DO NOT provide
personal
information.
21
Work Cited
http://www.uab.edu/it/email/spoofs.html
http://phishinginfo.org/
http://keepitsafe.auburn.edu/index3.html
http://www.sonicwall.com/phishing/index.ht
ml
http://www.marshal.com/trace/phishing_stat
istics.asp
22