Jorge Sebastiao, profile picture
Uploaded byJorge Sebastiao
5,574 views

Email phishing and countermeasures

This document discusses email phishing and countermeasures. It provides examples of data breaches and losses from stolen personal information. Phishing works through social engineering techniques like spoofing emails and websites to steal passwords, credit card numbers, and other details. Users may unwittingly provide such information in response to phishing attacks. Defenses against phishing include educating users, technical filters and monitoring, and legislation against identity theft. Ongoing challenges include the sophistication of attacks versus defenses.

Embed presentation

Email Phishing and Countermeasures Email Security jorge.sebastiao@its.ws
May 2006 – Veterans Administration laptop with personal information on 26.5M veterans is stolen. “Total losses could top $500M.” – VA Secretary Nicholson Jan 2007- Hackers stole data from at least 45.7 million credit and debit cards at retailer T.J.Maxx – total costs could exceed $1.0B May 2006 – CIO, CSO fired Ohio University 137,000 student accounts compromised
Why Does This Happen? Firewall IDS Anti-Virus Attack
ATM is also a type of Phishing
Can you spot a “Social Engineer”? Phishing is Social Engineering
Social Engineering What is Social Engineering? “An attempt to influence a person into granting unauthorized access, unauthorized use or unauthorized disclosure of an information system, network or data. Modifying system configuration.” “How to blunt the socially engineered hack” by Michael Casper (http://www.computerworld.com/cwi/community/story/0,3201,NAV6 5-663_STO65473,00.html)
Social Engineering … 70 percent of those asked said they would reveal their computer passwords for a … Schrage, Michael. 2005. Retrieved from http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1 Bar of chocolate
Social Engineering Methods of Social Engineering Information Gathering Information Planting Email Scams Masquerading Dumpster-diving Help desk/Support areas Receptionist/Administrative areas Launching attack
Vulnerability in People Cause: A large growing population of internet illiterate users are using internet email and other user friendly applications. Threat: Illiteracy in how the internet works and its threats allows miscreants to attack a network or person through social engineering. This is the fastest growing method of hacking we have seen. Human nature is that people are trusting, even those things which may be false.
Social Engineering – Information Gathering Scenario #1 – YOU: How many of you have provided personal information online or over the phone to a vendor or service? Personal Information May Include Social Security Number (or just the last 4 digits) First, Middle, Last names – Maiden Name Mothers Maiden Name Address, Phone Number Email Address? Credit Card Number – CVV2 Code ATM PIN Code Passwords you may use elsewhere
Social Engineering – Information Gathering Scenario #1 - YOU: Was that information sent securely? Will it be shared with someone else? Was it compromised? Scenario #2 – SOMEONE ELSE: Have you ever asked for personal information and been offered that information freely or without much effort?
Social Engineering – Information Gathering Example: How many of you would provide personal information to someone who called you on the phone? Over the Internet? Social Engineering is an art, basically the art of listening and lying at the same time, while seemingly having a typical conversation. Read More: The Art of Deception – Kevin Mitnick
Social Engineering – Information Planting Scenario: You come back from lunch to find a Post-it note on your desk asking you to change a user password to something written on the Post- it Note.
ID Theft– New Way Phishing / Pharming Hijack/Skimming
On 7 October 2001. “Singer Britney Spears Killed in Car Accident”. Due to a bug in CNN’s software, when people at the spoofed site clicked on the “E-mail This” link, the real CNN system distributed a real CNN e-mail to recipients with a link to the spoofed page. With each click at the bogus site, the real site’s tally of most popular stories was incremented for the bogus story. Allegedly this hoax was started by a researcher who sent the spoofed story to three users of AOL’s Instant Messenger chat software. Within 12 hours more than 150,000 people had viewed the spoofed page. Social Engineering Example
Social Engineering Phishing
What is Phishing? “Fishing for personal information” Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. Anti-Phishing Working Group http://www.antiphishing.org/
Surge in phishing Based on the survey, 57 million Americans have been, or think they have been, the victim of a phishing attack. 30 million were positive, Out of that pool, 11 million fell for the scams or about 19% of those attacked. Almost 2 million, or about 3% of those attacked, reported that they'd actually divulged sensitive information eg. credit-card numbers, bank accounts, passwords, etc. Phishers have a one in 700 chance of getting caught. *Gartner Group
Social Engineering
Phishing New Threat
This is a Very Common Tactic used to Social Engineer personal information. Lets walk through a specific case Email Scams
Click on the Link and you get sent to the EBay Security Update Page… Or do you… Click Here and it takes you to Official EBay Help Not a Secure Website LETS SCROLL DOWN Email Scams
As we Scroll Down the Page we find out that it needs a lot of personal information to verify who you are. NEVER Give this Out to Anyone Online Just in case you mistyped your password above OK.. I can see how Ebay Might need this info… right ??? LETS SCROLL DOWN Just in case you thought this might be a scam… Email Scams
CVV2 Code and PIN Number to your bank account. Can’t Use the CreditCard Online without this!! If we clone your card, we might need this as well. Email Scams
Lets take a look at the email again… How many of you receive emails like this on a regular basis? Does it look Legit? Would it have fooled you? In this case, the whole message was actually an Image with the Image linked to the malicious site, while the link in the image shows up as something legitimate. Email Scams
What Companies are Doing AMERICAN EXPRESS - How to Contact American Express about Fraudulent E-Mails If you receive an e-mail that you believe could be fraudulent, immediately forward it to emailhoax@service.americanexpress.com. Please do not forward the e-mail as an attachment. Please note that any submissions to this email address will result in an auto- generated reply to notify you that we have received your e-mail. If we find it to be fraudulent, we will immediately take appropriate action. For consumers requiring additional assistance, please contact us at Contact American Express http://www10.americanexpress.com/sif/cda/page/0,1641,21372,00. asp
How to Detect Deception Publish your mail server addresses (to thwart spoofing) Educate customers (and employees) Establish online communication protocols Create a response plan now Proactively monitor for phishers and fraud Make yourself a difficult target http://www.cio.com/archive/090104/phish.html
Prevent Phishing from Fraud Watch Never click on hyperlinks Use Anti-SPAM filters Use Anti-Virus Software Use personal firewalls Keep all software updated Always look for https and sites that ask for “personal information” Keep computer clean from Spyware Know Fraudulent activity on the Internet Check your credit report immediately for free! If unsure, ask!
First Phishing – Now Ransomware  New generation of attack use of the internet attack for extortion "Ransomware".  Follow-up to: phishing, pharming attacks  It starts with hijacking or stealing user files, encrypting them (so the user loses access to vital information), then demanding payment in exchange for the decryption key.  So far theses attacks are quite rare but it brings a new dimension to the usage of the internet and a new generation of attacks.
Phishing – Variations  “Phishing”= social engineering – Who: Online scammers, posing as legitimate companies or your new best friend – Why: They want your sensitive information (credit-card, billing- routing, and Social Security numbers, among others)  “Pharming”= being diverted to a fake/spoofed website  “Spear phishing”= spoofed email that targets emails stolen from a company or organization
Phishing and Business Risks Privacy Legislative violations Financial loss Intellectual capital Litigation Public Image/Trust Business Risks
Credit Cards for Sale
36 Vendor Solutions abound Anti-spam Antivirus/ Anti-worm Anti-phishing Policy-based controls
37 1st Gen: “Look for stuff…” Subject contains “Viagra” 2nd Gen: “Look smarter” Text has “Viagra” & “Unsubscribe” 3rd Gen: “Go for Buzzwords” Bayesian Filter and Neural Nets 4th Gen: “Mix a Cocktail” You can’t fool all of the filters all of the time But threats get more sophisticated
38 Tradeoffs false positives vs false negatives Catch more emails, more false positives Catch less emails, fewer false positives FP FN
39 User Awareness to Avoid Phishing Caution: African shares $10 million… Banks never ask for account info, in an e-mail Don’t click on links suspicious e-mails Report suspicious e-mails D-E-L-E-T-E
Banking Technical Solutions
Anti-Phishing Laws -Identity Theft Penalty Enhancement Act -Aggregated Identity Theft - Defined as using a stolen identity to commit other crimes. -Mandatory sentencing of 2 years. Anti-Phishing Act of 2005 -Prohibits the use of a website/email to coerce others to divulge their personal information. -Penalties: 5 years, $250,000 fine. Effectiveness: Professionals vs. Amateurs
• FTC Identity Theft Website www.consumer.gov/idtheft • Anti-Phishing Working Group www.antiphishing.org • End ID Theft www.endidtheft.com Resources
Questions

More Related Content

PPT
Phishing
byAlka Falwaria
 
PPTX
Phishing attack, with SSL Encryption and HTTPS Working
bySachin Saini
 
PPTX
Phishing Scams: 8 Helpful Tips to Keep You Safe
byCheapSSLsecurity
 
PPTX
Phishing
bySagar Rai
 
PPTX
Different Types of Phishing Attacks
bySysCloud
 
PPT
Phishing
byanjalika sinha
 
PPTX
Anti phishing presentation
byBokangMalunga
 
PPTX
PPT on Phishing
byPankaj Yadav
 
Phishing
byAlka Falwaria
 
Phishing attack, with SSL Encryption and HTTPS Working
bySachin Saini
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
byCheapSSLsecurity
 
Phishing
bySagar Rai
 
Different Types of Phishing Attacks
bySysCloud
 
Phishing
byanjalika sinha
 
Anti phishing presentation
byBokangMalunga
 
PPT on Phishing
byPankaj Yadav
 

What's hot

PDF
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
byControlScan, Inc.
 
PPTX
phishing-awareness-powerpoint.pptx
byvdgtkhdh
 
PPTX
Phishing attack
byRaghav Chhabra
 
PPTX
Phishing awareness
byPhishingBox
 
PDF
14 tips to increase cybersecurity awareness
byMichel Bitter
 
PPTX
Phishing Attack : A big Threat
bysourav newatia
 
PDF
Cybersecurity Employee Training
byPaige Rasid
 
PPTX
What is Phishing and How can you Avoid it?
byQuick Heal Technologies Ltd.
 
PPTX
Phishing Attacks
byJagan Mohan
 
PPTX
Phising a Threat to Network Security
byanjuselina
 
PDF
Spear Phishing Attacks
byn|u - The Open Security Community
 
PPTX
Security Awareness Training.pptx
byMohammedYaseen638128
 
PDF
Employee Security Awareness Program
bydavidcurriecia
 
PPT
Phishing attacks ppt
byAryan Ragu
 
PPTX
Phishing
bySouganthikaSankaresw
 
PPTX
Cyber Security 101: Training, awareness, strategies for small to medium sized...
byStephen Cobb
 
PPTX
Cyber Security Awareness Program.pptx
byDinesh582831
 
PPTX
Cybersecurity Awareness
byJoshuaWisniewski3
 
PDF
Security Awareness Training
byDmitriy Scherbina
 
PPTX
Social Media Security
byDel Belcher
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
byControlScan, Inc.
 
phishing-awareness-powerpoint.pptx
byvdgtkhdh
 
Phishing attack
byRaghav Chhabra
 
Phishing awareness
byPhishingBox
 
14 tips to increase cybersecurity awareness
byMichel Bitter
 
Phishing Attack : A big Threat
bysourav newatia
 
Cybersecurity Employee Training
byPaige Rasid
 
What is Phishing and How can you Avoid it?
byQuick Heal Technologies Ltd.
 
Phishing Attacks
byJagan Mohan
 
Phising a Threat to Network Security
byanjuselina
 
Spear Phishing Attacks
byn|u - The Open Security Community
 
Security Awareness Training.pptx
byMohammedYaseen638128
 
Employee Security Awareness Program
bydavidcurriecia
 
Phishing attacks ppt
byAryan Ragu
 
Phishing
bySouganthikaSankaresw
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
byStephen Cobb
 
Cyber Security Awareness Program.pptx
byDinesh582831
 
Cybersecurity Awareness
byJoshuaWisniewski3
 
Security Awareness Training
byDmitriy Scherbina
 
Social Media Security
byDel Belcher
 

Viewers also liked

PPT
Oracle UCM Security: Challenges and Best Practices
byBrian Huff
 
PDF
Patent Risk and Countermeasures Related to Open Management in Interaction Design
byYosuke Sakai
 
PPTX
Antivirus Evasion Techniques and Countermeasures
bysecurityxploded
 
PPT
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
byAirTight Networks
 
PPTX
Dstl Medical Countermeasures for Dangerous Pathogens
bywarwick_amr
 
PPT
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
byJeremiah Grossman
 
PDF
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
byInternational Atomic Energy Agency
 
PDF
Cehv8 module 01 introduction to ethical hacking
bypolichen
 
PDF
VoIP: Attacks & Countermeasures in the Corporate World
byJason Edelstein
 
PDF
Seminar Presentation
bySergey Rubinsky, Ph.D.
 
PPTX
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
byAmerican Astronautical Society
 
PDF
Iis Security Programming Countermeasures
byguestc27cd9
 
PDF
Digital Astroturfing: Definition, typology, and countermeasures.
byMarko Kovic
 
PDF
Return oriented programming
byhybr1s
 
PDF
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
byAlonso Eduardo Caballero Quezada
 
PDF
Google Hacking for Cryptographic Secrets
byDr. Emin İslam Tatlı
 
PDF
Irregularity Countermeasures in Massively Parallel BigData Processors
byTokyo University of Science
 
PPT
Owasp Top 10 And Security Flaw Root Causes
byMarco Morana
 
PPTX
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
byCODE BLUE
 
PPT
Security Site Surveys and Risk Assessments
byEnterprise Security Risk Management
 
Oracle UCM Security: Challenges and Best Practices
byBrian Huff
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
byYosuke Sakai
 
Antivirus Evasion Techniques and Countermeasures
bysecurityxploded
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
byAirTight Networks
 
Dstl Medical Countermeasures for Dangerous Pathogens
bywarwick_amr
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
byJeremiah Grossman
 
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
byInternational Atomic Energy Agency
 
Cehv8 module 01 introduction to ethical hacking
bypolichen
 
VoIP: Attacks & Countermeasures in the Corporate World
byJason Edelstein
 
Seminar Presentation
bySergey Rubinsky, Ph.D.
 
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
byAmerican Astronautical Society
 
Iis Security Programming Countermeasures
byguestc27cd9
 
Digital Astroturfing: Definition, typology, and countermeasures.
byMarko Kovic
 
Return oriented programming
byhybr1s
 
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
byAlonso Eduardo Caballero Quezada
 
Google Hacking for Cryptographic Secrets
byDr. Emin İslam Tatlı
 
Irregularity Countermeasures in Massively Parallel BigData Processors
byTokyo University of Science
 
Owasp Top 10 And Security Flaw Root Causes
byMarco Morana
 
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
byCODE BLUE
 
Security Site Surveys and Risk Assessments
byEnterprise Security Risk Management
 

Similar to Email phishing and countermeasures

PPT
cyber security unit-1, r20-JNTUK-USED FOR STUDENTS
bySAIPAVANKUMARNANDIGA
 
PPTX
Day 2
bysefreed
 
PPTX
Spam & Phishing
byGrittyCC
 
PDF
Phishing.pdf
byMariGogokhia
 
PPTX
Cyber crime & security
byAvani Patel
 
PPTX
cyber security _akhand pratap chaurasiya.pptx
bydjsammy0342
 
PDF
Social Engineering
byVinay Bhargav
 
PPSX
IDENTIFYING CYBER THREATS NEAR YOU
byBilly Warero
 
PPT
Introduction to phishing
byRaviteja Chowdary Adusumalli
 
PPT
Recognize Phishing Scams and Fraudulent E-mails
bywilliamgraves32
 
PPTX
Phishing technology
byPreeti Papneja
 
PPTX
Phishing technology
byPreeti Papneja
 
PDF
Identity Theft: Evolving with Technology
by- Mark - Fullbright
 
PPTX
Phishing
bySyeda Javeria
 
PPTX
Information security training Phishing
byAtl Edu
 
PDF
Phishing & Pharming Explained.pdf
byEvs, Lahore
 
PDF
Cybersecurity_Awareness_educational_presentation.pdf
byjacobjacob21124
 
PPTX
TheCyberThreatAndYou2_deck.pptx
byKevinRiley83
 
PPT
IntroPhishing.ppt.dengab menggunakan bahasa Inggris
bytuyah2889
 
PPTX
IS Presetation.pptx
byTanvir Amin
 
cyber security unit-1, r20-JNTUK-USED FOR STUDENTS
bySAIPAVANKUMARNANDIGA
 
Day 2
bysefreed
 
Spam & Phishing
byGrittyCC
 
Phishing.pdf
byMariGogokhia
 
Cyber crime & security
byAvani Patel
 
cyber security _akhand pratap chaurasiya.pptx
bydjsammy0342
 
Social Engineering
byVinay Bhargav
 
IDENTIFYING CYBER THREATS NEAR YOU
byBilly Warero
 
Introduction to phishing
byRaviteja Chowdary Adusumalli
 
Recognize Phishing Scams and Fraudulent E-mails
bywilliamgraves32
 
Phishing technology
byPreeti Papneja
 
Phishing technology
byPreeti Papneja
 
Identity Theft: Evolving with Technology
by- Mark - Fullbright
 
Phishing
bySyeda Javeria
 
Information security training Phishing
byAtl Edu
 
Phishing & Pharming Explained.pdf
byEvs, Lahore
 
Cybersecurity_Awareness_educational_presentation.pdf
byjacobjacob21124
 
TheCyberThreatAndYou2_deck.pptx
byKevinRiley83
 
IntroPhishing.ppt.dengab menggunakan bahasa Inggris
bytuyah2889
 
IS Presetation.pptx
byTanvir Amin
 

More from Jorge Sebastiao

PPTX
Real estate tokenization and blockchain
byJorge Sebastiao
 
PPTX
Blockchain and covid19 v3
byJorge Sebastiao
 
PPTX
Top tech shapping startups
byJorge Sebastiao
 
PPTX
Blockchain and security v3
byJorge Sebastiao
 
PPTX
The road to blockchain 5.0
byJorge Sebastiao
 
PPTX
Cyber Warfare 4TH edition
byJorge Sebastiao
 
PPTX
How AI is Disrupting Traffic Management in Smart City
byJorge Sebastiao
 
PPTX
Ai and traffic management application v1.0
byJorge Sebastiao
 
PPTX
Practical analytics hands-on to cloud & IoT cyber threats
byJorge Sebastiao
 
PPTX
Dz hackevent 2019 Middle East Cyberwars V3
byJorge Sebastiao
 
PPTX
AI HR and Future Jobs Version 2.1
byJorge Sebastiao
 
PPTX
Cyber fear obstacles to info sharing-Version 2
byJorge Sebastiao
 
PPTX
Blockchain & cyber security Algeria Version 1.1
byJorge Sebastiao
 
PPTX
Datamatix GCC HR future jobs Version 1.3
byJorge Sebastiao
 
PPTX
Cyber security crypto blockchain Version 3.2
byJorge Sebastiao
 
PPTX
RTA AI for traffic management version 1.4
byJorge Sebastiao
 
PPTX
IGF2017 Data is new oil - UN Internet Governance Forum
byJorge Sebastiao
 
PPTX
ADIPEC physical and Infosec for Oil and Gas
byJorge Sebastiao
 
PPTX
AVSEC are you flying cybersafe?
byJorge Sebastiao
 
PPTX
Are we ready for IoT? VU Version 7
byJorge Sebastiao
 
Real estate tokenization and blockchain
byJorge Sebastiao
 
Blockchain and covid19 v3
byJorge Sebastiao
 
Top tech shapping startups
byJorge Sebastiao
 
Blockchain and security v3
byJorge Sebastiao
 
The road to blockchain 5.0
byJorge Sebastiao
 
Cyber Warfare 4TH edition
byJorge Sebastiao
 
How AI is Disrupting Traffic Management in Smart City
byJorge Sebastiao
 
Ai and traffic management application v1.0
byJorge Sebastiao
 
Practical analytics hands-on to cloud & IoT cyber threats
byJorge Sebastiao
 
Dz hackevent 2019 Middle East Cyberwars V3
byJorge Sebastiao
 
AI HR and Future Jobs Version 2.1
byJorge Sebastiao
 
Cyber fear obstacles to info sharing-Version 2
byJorge Sebastiao
 
Blockchain & cyber security Algeria Version 1.1
byJorge Sebastiao
 
Datamatix GCC HR future jobs Version 1.3
byJorge Sebastiao
 
Cyber security crypto blockchain Version 3.2
byJorge Sebastiao
 
RTA AI for traffic management version 1.4
byJorge Sebastiao
 
IGF2017 Data is new oil - UN Internet Governance Forum
byJorge Sebastiao
 
ADIPEC physical and Infosec for Oil and Gas
byJorge Sebastiao
 
AVSEC are you flying cybersafe?
byJorge Sebastiao
 
Are we ready for IoT? VU Version 7
byJorge Sebastiao
 

Recently uploaded

PDF
Dubai Multi Commodities Centre (DMCC) – Supplier Code of Conduct Policy
byDubai Multi Commodity Centre
 
PPTX
DeFi Passive Income: From definitions to practical examples
byAli Mohammad Saghiri
 
PDF
How to Buy USA Facebook Accounts in 2026 (1).pdf
bywc0fr9qf43i5qo5kn3
 
PDF
ASD SCO Introduction December 2025 (1).pdf
byHenry Tapper
 
PPTX
Project Management Tools for Faster, Smarter Execution
byBlue Sky Index
 
PDF
When Paychecks Stop: Are We Financially Ready
byAurumCapital
 
PDF
The Easiest Way to Buy Snapchat Accounts (1).pdf
byidc1w3adizw383go
 
PDF
How to Buy Twitter Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
PPTX
Smart Solutions for Work with Flexible iPad Rental
byVRS Technologies
 
PDF
how to Buy linkedin Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
DOCX
Guide to Safely Buy a Verified Binance Account Today.docx
byh55oga0kd25m12iaza2
 
PDF
LCP-Pension-Submisson-CDC-Superfund-December-2025.pdf
byHenry Tapper
 
PPTX
CMMI Consulting & Implementation Services.pptx
bySunil Yadav
 
PDF
Top 7 Places to Buy Aged LinkedIn Accounts and Should ....pdf
byh55oga0kd25m12iaza2
 
PDF
Christopher Elwell Woburn, MA - An Experienced IT Executive
byChristopher Elwell Woburn, MA
 
PDF
Best 11 Places to Purchase Mature Twitter Accounts for Marketing.pdf
byjaksontinder24
 
PDF
How to Buy Snapchat Accounts in 2026 first year .pdf
bywc0fr9qf43i5qo5kn3
 
PDF
Step-by-Step Guide to Purchasing USA Facebook ....pdf
byyl62ghphl9tyxn3q8lv5
 
PDF
Buy Verified PayPal Accounts Search Intent Analysis for 2025–26.pdf
byUsaservicepoint
 
PDF
How to Buy a USA Facebook Accounts Safely.pdf
byyl62ghphl9tyxn3q8lv5
 
Dubai Multi Commodities Centre (DMCC) – Supplier Code of Conduct Policy
byDubai Multi Commodity Centre
 
DeFi Passive Income: From definitions to practical examples
byAli Mohammad Saghiri
 
How to Buy USA Facebook Accounts in 2026 (1).pdf
bywc0fr9qf43i5qo5kn3
 
ASD SCO Introduction December 2025 (1).pdf
byHenry Tapper
 
Project Management Tools for Faster, Smarter Execution
byBlue Sky Index
 
When Paychecks Stop: Are We Financially Ready
byAurumCapital
 
The Easiest Way to Buy Snapchat Accounts (1).pdf
byidc1w3adizw383go
 
How to Buy Twitter Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
Smart Solutions for Work with Flexible iPad Rental
byVRS Technologies
 
how to Buy linkedin Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
Guide to Safely Buy a Verified Binance Account Today.docx
byh55oga0kd25m12iaza2
 
LCP-Pension-Submisson-CDC-Superfund-December-2025.pdf
byHenry Tapper
 
CMMI Consulting & Implementation Services.pptx
bySunil Yadav
 
Top 7 Places to Buy Aged LinkedIn Accounts and Should ....pdf
byh55oga0kd25m12iaza2
 
Christopher Elwell Woburn, MA - An Experienced IT Executive
byChristopher Elwell Woburn, MA
 
Best 11 Places to Purchase Mature Twitter Accounts for Marketing.pdf
byjaksontinder24
 
How to Buy Snapchat Accounts in 2026 first year .pdf
bywc0fr9qf43i5qo5kn3
 
Step-by-Step Guide to Purchasing USA Facebook ....pdf
byyl62ghphl9tyxn3q8lv5
 
Buy Verified PayPal Accounts Search Intent Analysis for 2025–26.pdf
byUsaservicepoint
 
How to Buy a USA Facebook Accounts Safely.pdf
byyl62ghphl9tyxn3q8lv5
 

Email phishing and countermeasures

  • 1.
    Email Phishing and Countermeasures EmailSecurity jorge.sebastiao@its.ws
  • 2.
    May 2006 –Veterans Administration laptop with personal information on 26.5M veterans is stolen. “Total losses could top $500M.” – VA Secretary Nicholson Jan 2007- Hackers stole data from at least 45.7 million credit and debit cards at retailer T.J.Maxx – total costs could exceed $1.0B May 2006 – CIO, CSO fired Ohio University 137,000 student accounts compromised
  • 3.
    Why Does ThisHappen? Firewall IDS Anti-Virus Attack
  • 4.
    ATM is alsoa type of Phishing
  • 5.
    Can you spota “Social Engineer”? Phishing is Social Engineering
  • 6.
    Social Engineering What isSocial Engineering? “An attempt to influence a person into granting unauthorized access, unauthorized use or unauthorized disclosure of an information system, network or data. Modifying system configuration.” “How to blunt the socially engineered hack” by Michael Casper (http://www.computerworld.com/cwi/community/story/0,3201,NAV6 5-663_STO65473,00.html)
  • 7.
    Social Engineering … 70percent of those asked said they would reveal their computer passwords for a … Schrage, Michael. 2005. Retrieved from http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1 Bar of chocolate
  • 8.
    Social Engineering Methods ofSocial Engineering Information Gathering Information Planting Email Scams Masquerading Dumpster-diving Help desk/Support areas Receptionist/Administrative areas Launching attack
  • 9.
    Vulnerability in People Cause:A large growing population of internet illiterate users are using internet email and other user friendly applications. Threat: Illiteracy in how the internet works and its threats allows miscreants to attack a network or person through social engineering. This is the fastest growing method of hacking we have seen. Human nature is that people are trusting, even those things which may be false.
  • 10.
    Social Engineering –Information Gathering Scenario #1 – YOU: How many of you have provided personal information online or over the phone to a vendor or service? Personal Information May Include Social Security Number (or just the last 4 digits) First, Middle, Last names – Maiden Name Mothers Maiden Name Address, Phone Number Email Address? Credit Card Number – CVV2 Code ATM PIN Code Passwords you may use elsewhere
  • 11.
    Social Engineering –Information Gathering Scenario #1 - YOU: Was that information sent securely? Will it be shared with someone else? Was it compromised? Scenario #2 – SOMEONE ELSE: Have you ever asked for personal information and been offered that information freely or without much effort?
  • 12.
    Social Engineering –Information Gathering Example: How many of you would provide personal information to someone who called you on the phone? Over the Internet? Social Engineering is an art, basically the art of listening and lying at the same time, while seemingly having a typical conversation. Read More: The Art of Deception – Kevin Mitnick
  • 13.
    Social Engineering –Information Planting Scenario: You come back from lunch to find a Post-it note on your desk asking you to change a user password to something written on the Post- it Note.
  • 14.
    ID Theft– NewWay Phishing / Pharming Hijack/Skimming
  • 15.
    On 7 October2001. “Singer Britney Spears Killed in Car Accident”. Due to a bug in CNN’s software, when people at the spoofed site clicked on the “E-mail This” link, the real CNN system distributed a real CNN e-mail to recipients with a link to the spoofed page. With each click at the bogus site, the real site’s tally of most popular stories was incremented for the bogus story. Allegedly this hoax was started by a researcher who sent the spoofed story to three users of AOL’s Instant Messenger chat software. Within 12 hours more than 150,000 people had viewed the spoofed page. Social Engineering Example
  • 16.
  • 17.
    What is Phishing? “Fishingfor personal information” Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. Anti-Phishing Working Group http://www.antiphishing.org/
  • 18.
    Surge in phishing Basedon the survey, 57 million Americans have been, or think they have been, the victim of a phishing attack. 30 million were positive, Out of that pool, 11 million fell for the scams or about 19% of those attacked. Almost 2 million, or about 3% of those attacked, reported that they'd actually divulged sensitive information eg. credit-card numbers, bank accounts, passwords, etc. Phishers have a one in 700 chance of getting caught. *Gartner Group
  • 19.
  • 20.
  • 21.
    This is aVery Common Tactic used to Social Engineer personal information. Lets walk through a specific case Email Scams
  • 22.
    Click on theLink and you get sent to the EBay Security Update Page… Or do you… Click Here and it takes you to Official EBay Help Not a Secure Website LETS SCROLL DOWN Email Scams
  • 23.
    As we ScrollDown the Page we find out that it needs a lot of personal information to verify who you are. NEVER Give this Out to Anyone Online Just in case you mistyped your password above OK.. I can see how Ebay Might need this info… right ??? LETS SCROLL DOWN Just in case you thought this might be a scam… Email Scams
  • 24.
    CVV2 Code andPIN Number to your bank account. Can’t Use the CreditCard Online without this!! If we clone your card, we might need this as well. Email Scams
  • 25.
    Lets take alook at the email again… How many of you receive emails like this on a regular basis? Does it look Legit? Would it have fooled you? In this case, the whole message was actually an Image with the Image linked to the malicious site, while the link in the image shows up as something legitimate. Email Scams
  • 26.
    What Companies areDoing AMERICAN EXPRESS - How to Contact American Express about Fraudulent E-Mails If you receive an e-mail that you believe could be fraudulent, immediately forward it to emailhoax@service.americanexpress.com. Please do not forward the e-mail as an attachment. Please note that any submissions to this email address will result in an auto- generated reply to notify you that we have received your e-mail. If we find it to be fraudulent, we will immediately take appropriate action. For consumers requiring additional assistance, please contact us at Contact American Express http://www10.americanexpress.com/sif/cda/page/0,1641,21372,00. asp
  • 29.
    How to DetectDeception Publish your mail server addresses (to thwart spoofing) Educate customers (and employees) Establish online communication protocols Create a response plan now Proactively monitor for phishers and fraud Make yourself a difficult target http://www.cio.com/archive/090104/phish.html
  • 30.
    Prevent Phishing fromFraud Watch Never click on hyperlinks Use Anti-SPAM filters Use Anti-Virus Software Use personal firewalls Keep all software updated Always look for https and sites that ask for “personal information” Keep computer clean from Spyware Know Fraudulent activity on the Internet Check your credit report immediately for free! If unsure, ask!
  • 32.
    First Phishing – NowRansomware  New generation of attack use of the internet attack for extortion "Ransomware".  Follow-up to: phishing, pharming attacks  It starts with hijacking or stealing user files, encrypting them (so the user loses access to vital information), then demanding payment in exchange for the decryption key.  So far theses attacks are quite rare but it brings a new dimension to the usage of the internet and a new generation of attacks.
  • 33.
    Phishing – Variations “Phishing”= social engineering – Who: Online scammers, posing as legitimate companies or your new best friend – Why: They want your sensitive information (credit-card, billing- routing, and Social Security numbers, among others)  “Pharming”= being diverted to a fake/spoofed website  “Spear phishing”= spoofed email that targets emails stolen from a company or organization
  • 34.
    Phishing and BusinessRisks Privacy Legislative violations Financial loss Intellectual capital Litigation Public Image/Trust Business Risks
  • 35.
  • 36.
  • 37.
    37 1st Gen: “Look forstuff…” Subject contains “Viagra” 2nd Gen: “Look smarter” Text has “Viagra” & “Unsubscribe” 3rd Gen: “Go for Buzzwords” Bayesian Filter and Neural Nets 4th Gen: “Mix a Cocktail” You can’t fool all of the filters all of the time But threats get more sophisticated
  • 38.
    38 Tradeoffs false positivesvs false negatives Catch more emails, more false positives Catch less emails, fewer false positives FP FN
  • 39.
    39 User Awareness toAvoid Phishing Caution: African shares $10 million… Banks never ask for account info, in an e-mail Don’t click on links suspicious e-mails Report suspicious e-mails D-E-L-E-T-E
  • 40.
  • 41.
    Anti-Phishing Laws -Identity TheftPenalty Enhancement Act -Aggregated Identity Theft - Defined as using a stolen identity to commit other crimes. -Mandatory sentencing of 2 years. Anti-Phishing Act of 2005 -Prohibits the use of a website/email to coerce others to divulge their personal information. -Penalties: 5 years, $250,000 fine. Effectiveness: Professionals vs. Amateurs
  • 42.
    • FTC IdentityTheft Website www.consumer.gov/idtheft • Anti-Phishing Working Group www.antiphishing.org • End ID Theft www.endidtheft.com Resources
  • 43.