Phishing
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Phishing

on

  • 1,727 views

 

Statistics

Views

Total Views
1,727
Views on SlideShare
1,727
Embed Views
0

Actions

Likes
3
Downloads
76
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Source: http://www.wired.com/dangerroom/2013/03/air-force-sextortion/

Phishing Presentation Transcript

  • 1. Navy IO Center of Excellence Phishing Awareness Naval OPSEC Support Team (NOST) Navy Information Operations Command (NIOC) Norfolk (757) 417-7100 DSN 537 OPSEC@navy.mil www.nioc-norfolk.navy.mil http://www.facebook.com/NavalOPSEC UNCLASSIFIED//FOUOUpdated: 27 Mar 2013
  • 2. Phishing Navy IO Center of ExcellencePhishing is an illegal activity using social engineering techniques tofraudulently solicit sensitive information or install malicious software.Phishing attempts solicit sensitive information such as usernames,passwords, personal information, military operations details, financialinformation and so on.Phishing emails can also include malicious links or attachments.Common phishing techniques: - Phishing - Spear phishing - Whaling - Vishing - Smishing UNCLASSIFIED//FOUO
  • 3. What is phishing? Navy IO Center of ExcellencePhishing: An email scam intended to lure a user into providing sensitiveinformation. • Yahoo link URL spoofing • A fake or forged URL which impersonates a legitimate website. • Requests credit card information • Threatens service interruption UNCLASSIFIED//FOUO
  • 4. What is spear phishing? Navy IO Center of ExcellenceSpear phishing: A targeted scam directed at a specific person ordepartment. • Addresses the target/recipient by name or other personal detail • Attacker generally references specific personal information about the target. • Emails appear legitimate • References factually correct details, operational terms, etc. Malicious URL • Links or attachments malicious in nature. • Viruses, malware, URL spoofing UNCLASSIFIED//FOUO
  • 5. What is whaling? Navy IO Center of ExcellenceWhaling: A phishing scam directed specifically at high ranking officersor other high profile targets within the government, military or business. • Addresses the high profile target by name or other personal detail • Attacker knows specific personal information about the target. • Emails appear legitimate • Include specific, accurate details, such as names and operational details, to stress legitimacy. Download includes a keystroke logger virus • Links or attachments malicious in nature. • Viruses, malware, URL spoofing UNCLASSIFIED//FOUO
  • 6. What is vishing? Navy IO Center of ExcellenceVishing: A phone scam intended to lure a user into providing sensitivepersonal information. • Typically solicit personal information through scare tactics • Warns of credit card fraud, instruct target to provide account details to prove identity • Callers often imitate legitimate call centers • Target specific, critical details • Financial information, operational dates, locations, etc. UNCLASSIFIED//FOUO
  • 7. What is smishing? Navy IO Center of ExcellenceSmishing: A phishing scam that sends bogus text messages to mobilephones. • Direct a target to call a number or link to a website. • Personal, sensitive information is requested • Malicious websites install malware on mobile devices, collect sensitive information • Callers often imitate legitimate call centers • Target specific, critical details • Financial information, operational dates, locations, etc UNCLASSIFIED//FOUO
  • 8. What is sextortion? Navy IO Center of ExcellenceSextortion: Sexual exploitation as a means of blackmail or extortion. • Sexually explicit content obtained through enticement or theft is leveraged against a person. • Money • Sex • Information • Extortionists commonly find targets on: • Social networking sites • Mobile applications (i.e. instagram) • Private chat messages & chat rooms • Web cams UNCLASSIFIED//FOUO
  • 9. Identifying a phishing scam Navy IO Center of ExcellencePhishing scams tend to have common characteristics which make them easy to identify.• Spelling and punctuation errors.• Include a redirect to malicious URL’s which require you input usernames and passwords to access.• Scare tactics to entice a target to provide personal information or follow links.• Sensational subject lines to entice targets to click on attached links or provide personal information.• Try to appear genuine by using legitimate operational terms, key words and accurate personal information.• Fake or unknown sender. UNCLASSIFIED//FOUO
  • 10. How to avoid a phishing scam Navy IO Center of ExcellenceProtect yourself from phishing scams:• Do not register official government/.mil email accounts with any commercial websites.• Patch/update web browsers as needed.• Beware the unknown sender or sensational subject line.• You will never get a free iPad, don’t fill anything out.• When in doubt, call your financial institutions to verify if your account has been compromised.• Do not follow links included in emails or text messages, use a known good link instead.• Digitally sign and encrypt emails where ever possible.• Only follow links or download attachments from digitally signed emails.• Do not follow links to unsubscribe from spam, simply mark as spam and delete.• Do not make security challenge answers for account validation easy to guess/learn details. UNCLASSIFIED//FOUO
  • 11. Digital signatures & encryptionNavy IO Center of Excellence UNCLASSIFIED//FOUO
  • 12. Questions?Navy IO Center of Excellence Naval OPSEC Support Team (NOST)Navy Information Operations Command (NIOC) Norfolk (757) 417-7100 DSN 537 OPSEC@navy.mil www.nioc-norfolk.navy.mil http://www.facebook.com/NavalOPSEC UNCLASSIFIED//FOUO