Your SlideShare is downloading. ×
0
Phishing
Phishing
Phishing
Phishing
Phishing
Phishing
Phishing
Phishing
Phishing
Phishing
Phishing
Phishing
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Phishing

2,102

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,102
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
84
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Source: http://www.wired.com/dangerroom/2013/03/air-force-sextortion/
  • Transcript

    • 1. Navy IO Center of Excellence Phishing Awareness Naval OPSEC Support Team (NOST) Navy Information Operations Command (NIOC) Norfolk (757) 417-7100 DSN 537 OPSEC@navy.mil www.nioc-norfolk.navy.mil http://www.facebook.com/NavalOPSEC UNCLASSIFIED//FOUOUpdated: 27 Mar 2013
    • 2. Phishing Navy IO Center of ExcellencePhishing is an illegal activity using social engineering techniques tofraudulently solicit sensitive information or install malicious software.Phishing attempts solicit sensitive information such as usernames,passwords, personal information, military operations details, financialinformation and so on.Phishing emails can also include malicious links or attachments.Common phishing techniques: - Phishing - Spear phishing - Whaling - Vishing - Smishing UNCLASSIFIED//FOUO
    • 3. What is phishing? Navy IO Center of ExcellencePhishing: An email scam intended to lure a user into providing sensitiveinformation. • Yahoo link URL spoofing • A fake or forged URL which impersonates a legitimate website. • Requests credit card information • Threatens service interruption UNCLASSIFIED//FOUO
    • 4. What is spear phishing? Navy IO Center of ExcellenceSpear phishing: A targeted scam directed at a specific person ordepartment. • Addresses the target/recipient by name or other personal detail • Attacker generally references specific personal information about the target. • Emails appear legitimate • References factually correct details, operational terms, etc. Malicious URL • Links or attachments malicious in nature. • Viruses, malware, URL spoofing UNCLASSIFIED//FOUO
    • 5. What is whaling? Navy IO Center of ExcellenceWhaling: A phishing scam directed specifically at high ranking officersor other high profile targets within the government, military or business. • Addresses the high profile target by name or other personal detail • Attacker knows specific personal information about the target. • Emails appear legitimate • Include specific, accurate details, such as names and operational details, to stress legitimacy. Download includes a keystroke logger virus • Links or attachments malicious in nature. • Viruses, malware, URL spoofing UNCLASSIFIED//FOUO
    • 6. What is vishing? Navy IO Center of ExcellenceVishing: A phone scam intended to lure a user into providing sensitivepersonal information. • Typically solicit personal information through scare tactics • Warns of credit card fraud, instruct target to provide account details to prove identity • Callers often imitate legitimate call centers • Target specific, critical details • Financial information, operational dates, locations, etc. UNCLASSIFIED//FOUO
    • 7. What is smishing? Navy IO Center of ExcellenceSmishing: A phishing scam that sends bogus text messages to mobilephones. • Direct a target to call a number or link to a website. • Personal, sensitive information is requested • Malicious websites install malware on mobile devices, collect sensitive information • Callers often imitate legitimate call centers • Target specific, critical details • Financial information, operational dates, locations, etc UNCLASSIFIED//FOUO
    • 8. What is sextortion? Navy IO Center of ExcellenceSextortion: Sexual exploitation as a means of blackmail or extortion. • Sexually explicit content obtained through enticement or theft is leveraged against a person. • Money • Sex • Information • Extortionists commonly find targets on: • Social networking sites • Mobile applications (i.e. instagram) • Private chat messages & chat rooms • Web cams UNCLASSIFIED//FOUO
    • 9. Identifying a phishing scam Navy IO Center of ExcellencePhishing scams tend to have common characteristics which make them easy to identify.• Spelling and punctuation errors.• Include a redirect to malicious URL’s which require you input usernames and passwords to access.• Scare tactics to entice a target to provide personal information or follow links.• Sensational subject lines to entice targets to click on attached links or provide personal information.• Try to appear genuine by using legitimate operational terms, key words and accurate personal information.• Fake or unknown sender. UNCLASSIFIED//FOUO
    • 10. How to avoid a phishing scam Navy IO Center of ExcellenceProtect yourself from phishing scams:• Do not register official government/.mil email accounts with any commercial websites.• Patch/update web browsers as needed.• Beware the unknown sender or sensational subject line.• You will never get a free iPad, don’t fill anything out.• When in doubt, call your financial institutions to verify if your account has been compromised.• Do not follow links included in emails or text messages, use a known good link instead.• Digitally sign and encrypt emails where ever possible.• Only follow links or download attachments from digitally signed emails.• Do not follow links to unsubscribe from spam, simply mark as spam and delete.• Do not make security challenge answers for account validation easy to guess/learn details. UNCLASSIFIED//FOUO
    • 11. Digital signatures & encryptionNavy IO Center of Excellence UNCLASSIFIED//FOUO
    • 12. Questions?Navy IO Center of Excellence Naval OPSEC Support Team (NOST)Navy Information Operations Command (NIOC) Norfolk (757) 417-7100 DSN 537 OPSEC@navy.mil www.nioc-norfolk.navy.mil http://www.facebook.com/NavalOPSEC UNCLASSIFIED//FOUO

    ×