SlideShare a Scribd company logo

Phishing

Download as PPTX, PDF
C
CWU Information Services Division
1 of 7
Phishing IDENTITY THEFT VECTOR OF THE ELECTRONIC AGE
What is Phishing?  Phishing is defined as an attempt to get personal data through masquerading as a trusted source through an electronic media  Many common sources are:  Government agencies  Large Corporations  Help/Service desks
A Phishing tale  The “PH” in Phishing is a reference to the term phreak, and early term for hackers  These types of scams began surfacing around 1995 with the expansion of the internet  The term “Phishing” was first recorded on Jan 2 1996 in a Usenet newsgroup on AOL  AOL, as America’s largest internet provider of the 90’s was the testing and breeding ground of Phishing techniques  The “warez” community are the people who traffic in this type of data  Phishing Spoof-sites began appearing in 2003-2004 time frame with the rise of eCommerce
12 Common Methods Email/Spam Bulk emails asking users to send data with promises of rewards Key Loggers An application that captures every key stroke and sends it off Web Delivery Sniffing valid web traffic for user data Session Hacking Accessing a web session on the user side. Instant Message A link sent from a compromised account to contacts System reconfiguration An attempt to get a user to compromise a system by reducing it’s protections. Trojan Applications Automated processes sending data from compromised machines Content Injection This is adding content to a valid website that then takes you away from that site for nefarious purposes Link Manipulation A difference between link text, and the actual link Search Phishing Injecting malicious websites into common search results Phone Phishing A call directing a user to a phishing site Malware Phishing Usually comes in the form of an attachment in email and is a delivery mechanism for malicious code
There are a lot of phish in the sea How they make their money… Emails sent 1,000,000 Percent filtered by SPAM filters 95% (5% success on total – 50,000) Percentage who open the mail 10% (.5% success on total – 5,000) Percentage who read the mail and click though 10% (.05% success on total - 500) Percentage who fill out the form and fall for the attack 10% (.005% success on total - 50) Revenue generated per Phish $1,800 Phishing revenue generated 50 * $1800 = $90,000 Phishing creates $1.5 Billion a year (in 2012) in global losses, and there are nearly ½ million unique attacks a year
Phishing at CWU It’s happening all the time!  Email is the most common delivery method here at CWU. On a daily basis we average 1.5 as much SPAM as “good” email.  Email forms (80% of Phishing attempts at CWU)  Mostly “classic” money schemes  Used to generate cash, and while it has an extremely low success rate, it is enough to keep them coming.  Link Manipulation (20% of Phishing attempts at CWU)  Usually username and account phishing  Used to generate “the next wave” of accounts to send from  This model is used to avoid account spam filtering from known SPAM accounts  Malware and Trojans (<1%)  Averages a dozen (12) mails a day
Things to watch for:  The “To:” field  The “To:” field in many phishing emails is left blank. This is because a phisher uses a compromised account to send an email, and instead of obviously sending an email to 50 users from different organizations, they use the BCC to prevent you notifying all the other potential victims, and tipping their hand that this is not to a homogenous group of recipients.  The “From:” field  In an IT Scam, it will come from someone NOT in your IT org, and likely not at the university at all!  In a money Phishing scheme, these will often not match at all  FBI (Director) James Comey Jr. <simonlin@chinaconstruction.com.sg>  Links  Look for links that use “Click Here” or other generic terms to hide the link path.  Links that lead to a site other than the organization they are pretending to be. Often generis sub-sites, or foreign sites ending in a 2 letter country suffix like “.ru”, “.hu”, or “.ch”  Spelling and Grammar  Most Phishing attempts are initiated in countries where English is not a primary language. As such, emails are fraught with grammatical and spelling errors. See the examples below.  Generic IT terms  Phishing attempts use terms like “Web-Mail” or “Help Desk” so they don’t need to specialize to individual organizations. While some more sophisticated attacks will include certain levels of detail, they are always clear upon scrutiny.

Recommended

CEO Fraud is on the Rise
CEO Fraud is on the RiseCEO Fraud is on the Rise
CEO Fraud is on the RiseNeil Kemp
 
Phising
PhisingPhising
PhisingSayantan Sur
 
Internet Safety
Internet SafetyInternet Safety
Internet Safetybriansmithmccallum
 
Phishing
PhishingPhishing
PhishingMariano Soto
 
Phishing
PhishingPhishing
Phishing99i
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 

Recommended

CEO Fraud is on the Rise
CEO Fraud is on the RiseCEO Fraud is on the Rise
CEO Fraud is on the RiseNeil Kemp
 
Phising
PhisingPhising
PhisingSayantan Sur
 
Internet Safety
Internet SafetyInternet Safety
Internet Safetybriansmithmccallum
 
Phishing
PhishingPhishing
PhishingMariano Soto
 
Phishing
PhishingPhishing
Phishing99i
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing mails: Bonnes pratiques
Phishing mails: Bonnes pratiques Phishing mails: Bonnes pratiques
Phishing mails: Bonnes pratiques EyesOpen Association
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitssuser64f8f8
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
2016 Social Engineering Training
2016 Social Engineering Training2016 Social Engineering Training
2016 Social Engineering TrainingRob Valdez
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Phishing
PhishingPhishing
Phishingshivli0769
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
cot-2022.pptx
cot-2022.pptxcot-2022.pptx
cot-2022.pptxangelosoriano12
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attackAariyaRathi
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptxTanvir Amin
 
Phishing.pptx
Phishing.pptxPhishing.pptx
Phishing.pptxDakshParashar7
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
Tha security awareness training
Tha security awareness trainingTha security awareness training
Tha security awareness trainingRob Valdez
 
Phishing 1 vp
Phishing 1 vpPhishing 1 vp
Phishing 1 vpomaralrshdi
 
Tittl e
Tittl eTittl e
Tittl eKayhellKecoh
 

More Related Content

Similar to Phishing

phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitssuser64f8f8
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
2016 Social Engineering Training
2016 Social Engineering Training2016 Social Engineering Training
2016 Social Engineering TrainingRob Valdez
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attackAariyaRathi
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptxTanvir Amin
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
Tha security awareness training
Tha security awareness trainingTha security awareness training
Tha security awareness trainingRob Valdez
 

Similar to Phishing (20)

Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing mails: Bonnes pratiques
Phishing mails: Bonnes pratiques Phishing mails: Bonnes pratiques
Phishing mails: Bonnes pratiques
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the bait
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer Jungle
 
2016 Social Engineering Training
2016 Social Engineering Training2016 Social Engineering Training
2016 Social Engineering Training
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Phishing
PhishingPhishing
Phishing
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
cot-2022.pptx
cot-2022.pptxcot-2022.pptx
cot-2022.pptx
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attack
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
 
Phishing.pptx
Phishing.pptxPhishing.pptx
Phishing.pptx
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOU
 
Tha security awareness training
Tha security awareness trainingTha security awareness training
Tha security awareness training
 
Phishing 1 vp
Phishing 1 vpPhishing 1 vp
Phishing 1 vp
 
Tittl e
Tittl eTittl e
Tittl e
 

Phishing

  • 1. Phishing IDENTITY THEFT VECTOR OF THE ELECTRONIC AGE
  • 2. What is Phishing?  Phishing is defined as an attempt to get personal data through masquerading as a trusted source through an electronic media  Many common sources are:  Government agencies  Large Corporations  Help/Service desks
  • 3. A Phishing tale  The “PH” in Phishing is a reference to the term phreak, and early term for hackers  These types of scams began surfacing around 1995 with the expansion of the internet  The term “Phishing” was first recorded on Jan 2 1996 in a Usenet newsgroup on AOL  AOL, as America’s largest internet provider of the 90’s was the testing and breeding ground of Phishing techniques  The “warez” community are the people who traffic in this type of data  Phishing Spoof-sites began appearing in 2003-2004 time frame with the rise of eCommerce
  • 4. 12 Common Methods Email/Spam Bulk emails asking users to send data with promises of rewards Key Loggers An application that captures every key stroke and sends it off Web Delivery Sniffing valid web traffic for user data Session Hacking Accessing a web session on the user side. Instant Message A link sent from a compromised account to contacts System reconfiguration An attempt to get a user to compromise a system by reducing it’s protections. Trojan Applications Automated processes sending data from compromised machines Content Injection This is adding content to a valid website that then takes you away from that site for nefarious purposes Link Manipulation A difference between link text, and the actual link Search Phishing Injecting malicious websites into common search results Phone Phishing A call directing a user to a phishing site Malware Phishing Usually comes in the form of an attachment in email and is a delivery mechanism for malicious code
  • 5. There are a lot of phish in the sea How they make their money… Emails sent 1,000,000 Percent filtered by SPAM filters 95% (5% success on total – 50,000) Percentage who open the mail 10% (.5% success on total – 5,000) Percentage who read the mail and click though 10% (.05% success on total - 500) Percentage who fill out the form and fall for the attack 10% (.005% success on total - 50) Revenue generated per Phish $1,800 Phishing revenue generated 50 * $1800 = $90,000 Phishing creates $1.5 Billion a year (in 2012) in global losses, and there are nearly ½ million unique attacks a year
  • 6. Phishing at CWU It’s happening all the time!  Email is the most common delivery method here at CWU. On a daily basis we average 1.5 as much SPAM as “good” email.  Email forms (80% of Phishing attempts at CWU)  Mostly “classic” money schemes  Used to generate cash, and while it has an extremely low success rate, it is enough to keep them coming.  Link Manipulation (20% of Phishing attempts at CWU)  Usually username and account phishing  Used to generate “the next wave” of accounts to send from  This model is used to avoid account spam filtering from known SPAM accounts  Malware and Trojans (<1%)  Averages a dozen (12) mails a day
  • 7. Things to watch for:  The “To:” field  The “To:” field in many phishing emails is left blank. This is because a phisher uses a compromised account to send an email, and instead of obviously sending an email to 50 users from different organizations, they use the BCC to prevent you notifying all the other potential victims, and tipping their hand that this is not to a homogenous group of recipients.  The “From:” field  In an IT Scam, it will come from someone NOT in your IT org, and likely not at the university at all!  In a money Phishing scheme, these will often not match at all  FBI (Director) James Comey Jr. <simonlin@chinaconstruction.com.sg>  Links  Look for links that use “Click Here” or other generic terms to hide the link path.  Links that lead to a site other than the organization they are pretending to be. Often generis sub-sites, or foreign sites ending in a 2 letter country suffix like “.ru”, “.hu”, or “.ch”  Spelling and Grammar  Most Phishing attempts are initiated in countries where English is not a primary language. As such, emails are fraught with grammatical and spelling errors. See the examples below.  Generic IT terms  Phishing attempts use terms like “Web-Mail” or “Help Desk” so they don’t need to specialize to individual organizations. While some more sophisticated attacks will include certain levels of detail, they are always clear upon scrutiny.