Anatomy of a Phishing Email

  • 757 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
757
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Anatomy of a Phishing Email
  • 2. Spamming for money2 phish·ing/ˈfi shiŋ/ - noun: The fraudulent practice of sending emails purporting to be from legitimate companies in order to induce individuals to reveal personal information © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 3. 3 An inbox hand grenade This is what a phishing email can look like if your email client is set to display text only. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 4. 4 Looks can be deceiving And here it is loaded in rich-text or HTML. Odds are your email is set up so that a phishing email could look a lot like this. Seems official? © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 5. 5 A closer look Notice the To: and Cc: boxes aren’t filled in. And while it claims to be from Wells Fargo, the email address appears to be from “activation.” © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 6. 6 Not my number See how they’ve tried to make the VISA number look like something you’d recognize? Well, on most credit cards it’s the last eight numbers that are unique. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 7. 7 Obvious no-no No bank or legitimate business will ask for personal information in an email. It’s a clear sign the message is a scam. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 8. A deeper look8  The scammers get sophisticated. The Wells Fargo logo has an official SSL certificate, a widely accepted method for ensuring a secure connection. That means the bad guys mined the Internet for official company graphics to include in the con. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 9. Verified, but not9  The SSL certificate is verified, meaning it has been officially recognized as Wells Fargo.  But that only applies to the logo. So if you dissect your messages for authenticity, be careful. It’s easy to be misled. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 10. 10 The evil code Looking at the email code, you can see information wouldn’t be sent to Wells Fargo, but to PayPal. It’s designed to automatically pull money from your account, through PayPal, presumably to the hackers’ account. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 11. The reroute game11 The scammers are also trying to mask their steps by pumping your information through a masked web address: http://0x185AED0A/T/w.php © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 12. Use your judgment12 The best defense against these phishing attacks is sound judgment. If it doesn’t feel right, it probably isn’t. Simply pick up the phone, call your bank or business, and ask them to work with you over the phone. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 13. Take action13 If you’ve fallen for a phishing scam, you’re not alone. Call your bank, credit union, insurer, financial planner or attorney to see if they provide identity theft protection. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012
  • 14. Help is out there14 Call Identity Theft 911 at 1-888-682-5911. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved - Confidential July 13, 2012